Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
mSLEwIfTGL.exe

Overview

General Information

Sample name:mSLEwIfTGL.exe
renamed because original name is a hash value
Original sample name:bce5589932044903237879f0e9e4840e.exe
Analysis ID:1520463
MD5:bce5589932044903237879f0e9e4840e
SHA1:2df044c89198fde64eb0b5a7c8182addf3486a2b
SHA256:1c123f8cd194d826aaa48e97fa67b9db9faa1a5a1ada139f367d56904f6e0c04
Tags:exeuser-abuse_ch
Infos:

Detection

CredGrabber, Meduza Stealer
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Terminates after testing mutex exists (may check infected machine status)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • mSLEwIfTGL.exe (PID: 2916 cmdline: "C:\Users\user\Desktop\mSLEwIfTGL.exe" MD5: BCE5589932044903237879F0E9E4840E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: mSLEwIfTGL.exe PID: 2916JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    Process Memory Space: mSLEwIfTGL.exe PID: 2916JoeSecurity_CredGrabberYara detected CredGrabberJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-09-27T11:25:03.608969+020020494411A Network Trojan was detected192.168.2.449730176.124.204.20615666TCP
      2024-09-27T11:25:03.909389+020020494411A Network Trojan was detected192.168.2.449730176.124.204.20615666TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-09-27T11:25:03.608969+020020508061A Network Trojan was detected192.168.2.449730176.124.204.20615666TCP
      2024-09-27T11:25:03.909389+020020508061A Network Trojan was detected192.168.2.449730176.124.204.20615666TCP
      2024-09-27T11:25:03.979117+020020508061A Network Trojan was detected192.168.2.449730176.124.204.20615666TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-09-27T11:25:03.608969+020020508071A Network Trojan was detected192.168.2.449730176.124.204.20615666TCP
      2024-09-27T11:25:03.909389+020020508071A Network Trojan was detected192.168.2.449730176.124.204.20615666TCP
      2024-09-27T11:25:03.979117+020020508071A Network Trojan was detected192.168.2.449730176.124.204.20615666TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: mSLEwIfTGL.exeReversingLabs: Detection: 31%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for sample
      Source: mSLEwIfTGL.exeJoe Sandbox ML: detected
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D661CF0 CryptUnprotectData,LocalFree,0_2_00007FF76D661CF0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D627C80 CryptUnprotectData,LocalFree,_invalid_parameter_noinfo_noreturn,0_2_00007FF76D627C80
      Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49731 version: TLS 1.2
      Source: mSLEwIfTGL.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6AC088 FindClose,FindFirstFileExW,GetLastError,0_2_00007FF76D6AC088
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6AC138 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_00007FF76D6AC138
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D67AB00 GetLogicalDriveStringsW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF76D67AB00
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: D:\sources\migration\Jump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: D:\sources\migration\wtr\Jump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.4:49730 -> 176.124.204.206:15666
      Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.4:49730 -> 176.124.204.206:15666
      Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.4:49730 -> 176.124.204.206:15666
      Source: global trafficTCP traffic: 192.168.2.4:49730 -> 176.124.204.206:15666
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
      Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
      Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
      Source: Joe Sandbox ViewASN Name: GULFSTREAMUA GULFSTREAMUA
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: unknownDNS query: name: api.ipify.org
      Source: unknownDNS query: name: api.ipify.org
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D678A50 InternetOpenA,InternetOpenUrlA,HttpQueryInfoW,HttpQueryInfoW,InternetQueryDataAvailable,InternetReadFile,InternetQueryDataAvailable,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,0_2_00007FF76D678A50
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
      Source: mSLEwIfTGL.exe, 00000000.00000003.1852899928.0000015830C51000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.2031707337.0000015830C60000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.2031677658.0000015830C60000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.2031796016.0000015830C64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsoft.t/Regi
      Source: mSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
      Source: mSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EFCE000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1853410663.000001582EFE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
      Source: mSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EF7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/AA
      Source: mSLEwIfTGL.exe, 00000000.00000003.1878151731.000001582EFFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
      Source: mSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EFCE000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1878151731.000001582EFFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
      Source: mSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
      Source: mSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
      Source: mSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
      Source: mSLEwIfTGL.exe, 00000000.00000003.1878151731.000001582EFFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
      Source: mSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EFCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4L
      Source: mSLEwIfTGL.exe, 00000000.00000003.1878151731.000001582EFFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
      Source: mSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
      Source: mSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
      Source: mSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
      Source: mSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EFCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbW
      Source: mSLEwIfTGL.exe, 00000000.00000003.1878151731.000001582EFFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
      Source: mSLEwIfTGL.exe, 00000000.00000003.1868698206.0000015830DE8000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1877494395.0000015831A5E000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1873812276.0000015831DDB000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1877326669.0000015831B42000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1877326669.0000015831B4A000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1868698206.0000015830DE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
      Source: mSLEwIfTGL.exe, 00000000.00000003.1877326669.0000015831B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
      Source: mSLEwIfTGL.exe, 00000000.00000003.1877326669.0000015831B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
      Source: mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831AAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
      Source: mSLEwIfTGL.exe, 00000000.00000003.1855374086.000001582EFFF000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831A6F000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831A89000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1855229278.00000158319F2000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
      Source: mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831AAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
      Source: mSLEwIfTGL.exe, 00000000.00000003.1855374086.000001582EFFF000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831A6F000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831A89000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1855229278.00000158319F2000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
      Source: mSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EFCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc9
      Source: mSLEwIfTGL.exe, 00000000.00000003.1878151731.000001582EFFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
      Source: mSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
      Source: mSLEwIfTGL.exe, 00000000.00000003.1878151731.000001582EFFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
      Source: mSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
      Source: mSLEwIfTGL.exe, 00000000.00000003.1868698206.0000015830DE8000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1877494395.0000015831A5E000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1873812276.0000015831DDB000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1877326669.0000015831B42000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1877326669.0000015831B4A000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1868698206.0000015830DE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
      Source: mSLEwIfTGL.exe, 00000000.00000003.1877326669.0000015831B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
      Source: mSLEwIfTGL.exe, 00000000.00000003.1877326669.0000015831B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
      Source: mSLEwIfTGL.exe, 00000000.00000003.1868698206.0000015830DEF000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1873812276.0000015831DE2000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1877326669.0000015831B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
      Source: mSLEwIfTGL.exe, 00000000.00000003.1877326669.0000015831B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
      Source: mSLEwIfTGL.exe, 00000000.00000003.1868698206.0000015830DEF000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1873812276.0000015831DE2000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1877326669.0000015831B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49731 version: TLS 1.2
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D679310 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,GetObjectW,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,DeleteObject,EnterCriticalSection,EnterCriticalSection,GdiplusShutdown,LeaveCriticalSection,LeaveCriticalSection,_invalid_parameter_noinfo_noreturn,0_2_00007FF76D679310
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D67DD50 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,_invalid_parameter_noinfo_noreturn,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_00007FF76D67DD50
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D67D610 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF76D67D610
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D621D4E0_2_00007FF76D621D4E
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D67ADB00_2_00007FF76D67ADB0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6800A80_2_00007FF76D6800A8
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6340B00_2_00007FF76D6340B0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D671F200_2_00007FF76D671F20
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D679FB00_2_00007FF76D679FB0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D680A900_2_00007FF76D680A90
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D651A800_2_00007FF76D651A80
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D67BA600_2_00007FF76D67BA60
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D678A500_2_00007FF76D678A50
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D64BAF00_2_00007FF76D64BAF0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D62C9C00_2_00007FF76D62C9C0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D62EC500_2_00007FF76D62EC50
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D699D080_2_00007FF76D699D08
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D620BD00_2_00007FF76D620BD0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D62E5A00_2_00007FF76D62E5A0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6677F00_2_00007FF76D6677F0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6793100_2_00007FF76D679310
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6212C00_2_00007FF76D6212C0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6821500_2_00007FF76D682150
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6AC1380_2_00007FF76D6AC138
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6782100_2_00007FF76D678210
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D62D5100_2_00007FF76D62D510
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6965040_2_00007FF76D696504
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D64E4E00_2_00007FF76D64E4E0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6733600_2_00007FF76D673360
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6A0E740_2_00007FF76D6A0E74
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65FE500_2_00007FF76D65FE50
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65DF000_2_00007FF76D65DF00
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D64AF000_2_00007FF76D64AF00
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D664EF00_2_00007FF76D664EF0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D689EE40_2_00007FF76D689EE4
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D62BEE00_2_00007FF76D62BEE0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D627ED00_2_00007FF76D627ED0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D666D700_2_00007FF76D666D70
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D67DD500_2_00007FF76D67DD50
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D68BE000_2_00007FF76D68BE00
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D62AE000_2_00007FF76D62AE00
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D68E10C0_2_00007FF76D68E10C
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6400ED0_2_00007FF76D6400ED
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D5F60C00_2_00007FF76D5F60C0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D67E0A00_2_00007FF76D67E0A0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D699F840_2_00007FF76D699F84
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D646F700_2_00007FF76D646F70
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65CF600_2_00007FF76D65CF60
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6AEFD00_2_00007FF76D6AEFD0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D668FD00_2_00007FF76D668FD0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D629A590_2_00007FF76D629A59
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D691B140_2_00007FF76D691B14
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D68DAC40_2_00007FF76D68DAC4
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6899EC0_2_00007FF76D6899EC
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6849BA0_2_00007FF76D6849BA
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D66F9C00_2_00007FF76D66F9C0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D68E9A40_2_00007FF76D68E9A4
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D698C2C0_2_00007FF76D698C2C
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D663CC00_2_00007FF76D663CC0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D697CAC0_2_00007FF76D697CAC
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D63CB900_2_00007FF76D63CB90
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6AEB500_2_00007FF76D6AEB50
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65DBD00_2_00007FF76D65DBD0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6B3BC00_2_00007FF76D6B3BC0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D69762C0_2_00007FF76D69762C
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D66F6200_2_00007FF76D66F620
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D68D6F40_2_00007FF76D68D6F4
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6666D00_2_00007FF76D6666D0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65D5900_2_00007FF76D65D590
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6596000_2_00007FF76D659600
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6745D00_2_00007FF76D6745D0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65F8200_2_00007FF76D65F820
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D5F69000_2_00007FF76D5F6900
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6218F00_2_00007FF76D6218F0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D68D8DC0_2_00007FF76D68D8DC
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65D8B00_2_00007FF76D65D8B0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6767830_2_00007FF76D676783
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6167700_2_00007FF76D616770
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6767730_2_00007FF76D676773
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6197600_2_00007FF76D619760
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6727500_2_00007FF76D672750
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6177B00_2_00007FF76D6177B0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6682700_2_00007FF76D668270
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65D2600_2_00007FF76D65D260
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6552200_2_00007FF76D655220
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6712F00_2_00007FF76D6712F0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6601800_2_00007FF76D660180
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D69717C0_2_00007FF76D69717C
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D5F64800_2_00007FF76D5F6480
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D63E4190_2_00007FF76D63E419
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D69A50C0_2_00007FF76D69A50C
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D63C4E00_2_00007FF76D63C4E0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D68E49C0_2_00007FF76D68E49C
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6983D80_2_00007FF76D6983D8
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: String function: 00007FF76D61D510 appears 63 times
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: String function: 00007FF76D621D20 appears 54 times
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: String function: 00007FF76D626990 appears 41 times
      Source: classification engineClassification label: mal96.troj.spyw.winEXE@1/0@1/2
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D62E5A0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF76D62E5A0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65F820 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,SysAllocStringByteLen,SysFreeString,SysAllocStringByteLen,SysFreeString,SysStringByteLen,SysFreeString,SysFreeString,SysStringByteLen,SysFreeString,SysFreeString,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF76D65F820
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E69633C615BB6
      Source: mSLEwIfTGL.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: mSLEwIfTGL.exeReversingLabs: Detection: 31%
      Source: mSLEwIfTGL.exeString found in binary or memory: --help
      Source: mSLEwIfTGL.exeString found in binary or memory: --help
      Source: mSLEwIfTGL.exeString found in binary or memory: --help
      Source: mSLEwIfTGL.exeString found in binary or memory: --help
      Source: mSLEwIfTGL.exeString found in binary or memory: ipportgrabber_max_sizeextensionslinksbuild_nameself_destructtype must be boolean, but is type must be number, but is 0123456789ABCDEFntdll.dllFile DownloaderabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'runasopen bad variant accessfalsetrueBad any_cast[VAR... , [default: [required][nargs: or more] ..[nargs= to or more provided. argument(s) expected. : required.: no value provided.-=--help-hshows help message and exits--version-vprints version information and exitsNo such argument:
      Source: mSLEwIfTGL.exeString found in binary or memory: ipportgrabber_max_sizeextensionslinksbuild_nameself_destructtype must be boolean, but is type must be number, but is 0123456789ABCDEFntdll.dllFile DownloaderabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'runasopen bad variant accessfalsetrueBad any_cast[VAR... , [default: [required][nargs: or more] ..[nargs= to or more provided. argument(s) expected. : required.: no value provided.-=--help-hshows help message and exits--version-vprints version information and exitsNo such argument:
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: rstrtmgr.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: windowscodecs.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: vaultcli.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
      Source: mSLEwIfTGL.exeStatic PE information: Image base 0x140000000 > 0x60000000
      Source: mSLEwIfTGL.exeStatic file information: File size 1117696 > 1048576
      Source: mSLEwIfTGL.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
      Source: mSLEwIfTGL.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
      Source: mSLEwIfTGL.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
      Source: mSLEwIfTGL.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: mSLEwIfTGL.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
      Source: mSLEwIfTGL.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
      Source: mSLEwIfTGL.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: mSLEwIfTGL.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: mSLEwIfTGL.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
      Source: mSLEwIfTGL.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
      Source: mSLEwIfTGL.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
      Source: mSLEwIfTGL.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
      Source: mSLEwIfTGL.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D62D510 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF76D62D510
      Source: mSLEwIfTGL.exeStatic PE information: section name: _RDATA
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65CB00 push rsp; retf 0_2_00007FF76D65CBA1
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65CBBC push rsp; retf 0_2_00007FF76D65CBBD
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65CBB8 push rsp; retf 0_2_00007FF76D65CBB9
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65CBC4 push rsp; retf 0_2_00007FF76D65CBC5
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65CBC0 push rsp; retf 0_2_00007FF76D65CBC1
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65CBAC push rsp; retf 0_2_00007FF76D65CBAD
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65CBB4 push rsp; retf 0_2_00007FF76D65CBB5
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D65CBB0 push rsp; retf 0_2_00007FF76D65CBB1
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6677F0 _invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,ExitProcess,ExitProcess,OpenMutexA,ExitProcess,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF76D6677F0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-71404
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6AC088 FindClose,FindFirstFileExW,GetLastError,0_2_00007FF76D6AC088
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6AC138 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_00007FF76D6AC138
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D67AB00 GetLogicalDriveStringsW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF76D67AB00
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D690220 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,0_2_00007FF76D690220
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: D:\sources\migration\Jump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: D:\sources\migration\wtr\Jump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
      Source: mSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EFCE000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EF89000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1853410663.000001582EFE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeAPI call chain: ExitProcess graph end nodegraph_0-70153
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D67DD50 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,_invalid_parameter_noinfo_noreturn,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_00007FF76D67DD50
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D688A38 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF76D688A38
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6AE2B0 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_00007FF76D6AE2B0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D62D510 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF76D62D510
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D688A38 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF76D688A38
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D6A5870 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF76D6A5870
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: GetLocaleInfoW,0_2_00007FF76D6950AC
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF76D69FFF0
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: EnumSystemLocalesW,0_2_00007FF76D69FAE4
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_00007FF76D6ABC84
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: EnumSystemLocalesW,0_2_00007FF76D694B68
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: EnumSystemLocalesW,0_2_00007FF76D69FBB4
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF76D69F798
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF76D6A01CC
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D68F67C GetSystemTimeAsFileTime,0_2_00007FF76D68F67C
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D679A60 GetUserNameW,0_2_00007FF76D679A60
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeCode function: 0_2_00007FF76D67ADB0 GetTimeZoneInformation,0_2_00007FF76D67ADB0

      Stealing of Sensitive Information

      barindex
      Yara detected CredGrabber
      Source: Yara matchFile source: Process Memory Space: mSLEwIfTGL.exe PID: 2916, type: MEMORYSTR
      Yara detected Meduza Stealer
      Source: Yara matchFile source: Process Memory Space: mSLEwIfTGL.exe PID: 2916, type: MEMORYSTR
      Found many strings related to Crypto-Wallets (likely being stolen)
      Source: mSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EF89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum-LTC\config
      Source: mSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EF89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\config
      Source: mSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EFCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: KHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzMl0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K
      Source: mSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EF89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
      Source: mSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EF89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
      Source: mSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EF89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
      Tries to harvest and steal Bitcoin Wallet information
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
      Tries to steal Mail credentials (via file / registry access)
      Source: C:\Users\user\Desktop\mSLEwIfTGL.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

      Remote Access Functionality

      barindex
      Yara detected CredGrabber
      Source: Yara matchFile source: Process Memory Space: mSLEwIfTGL.exe PID: 2916, type: MEMORYSTR
      Yara detected Meduza Stealer
      Source: Yara matchFile source: Process Memory Space: mSLEwIfTGL.exe PID: 2916, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
      Command and Scripting Interpreter      		1
      DLL Side-Loading      		1
      DLL Side-Loading      		1
      Deobfuscate/Decode Files or Information      		1
      OS Credential Dumping      		12
      System Time Discovery      		Remote Services1
      Screen Capture      		21
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts2
      Native API      		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
      Obfuscated Files or Information      		LSASS Memory21
      Security Software Discovery      		Remote Desktop Protocol1
      Email Collection      		1
      Non-Standard Port      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      DLL Side-Loading      		Security Account Manager2
      Process Discovery      		SMB/Windows Admin Shares1
      Archive Collected Data      		2
      Ingress Tool Transfer      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS1
      Account Discovery      		Distributed Component Object Model2
      Data from Local System      		2
      Non-Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
      System Owner/User Discovery      		SSHKeylogging3
      Application Layer Protocol      		Scheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
      System Network Configuration Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync3
      File and Directory Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem24
      System Information Discovery      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      mSLEwIfTGL.exe32%ReversingLabsWin64.Trojan.SpywareX
      mSLEwIfTGL.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://api.ipify.org/0%URL Reputationsafe
      https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
      https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF0%URL Reputationsafe
      https://duckduckgo.com/ac/?q=0%URL Reputationsafe
      https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg0%URL Reputationsafe
      https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
      https://www.ecosia.org/newtab/0%URL Reputationsafe
      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
      https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
      https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
      https://support.mozilla.org0%URL Reputationsafe
      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      api.ipify.org
      		172.67.74.152
      		truefalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://api.ipify.org/false
        • URL Reputation: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://api.ipify.org/AAmSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EF7A000.00000004.00000020.00020000.00000000.sdmpfalse
          		unknown
          https://duckduckgo.com/chrome_newtabmSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFmSLEwIfTGL.exe, 00000000.00000003.1877326669.0000015831B52000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://duckduckgo.com/ac/?q=mSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgmSLEwIfTGL.exe, 00000000.00000003.1878151731.000001582EFFE000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWmSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EFCE000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            https://www.google.com/images/branding/product/ico/googleg_lodp.icomSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.mSLEwIfTGL.exe, 00000000.00000003.1878151731.000001582EFFE000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=mSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctamSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EFCE000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1878151731.000001582EFFE000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=mSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831AAE000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831AAE000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://www.ecosia.org/newtab/mSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brmSLEwIfTGL.exe, 00000000.00000003.1877326669.0000015831B52000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://ac.ecosia.org/autocomplete?q=mSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgmSLEwIfTGL.exe, 00000000.00000003.1878151731.000001582EFFE000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYimSLEwIfTGL.exe, 00000000.00000003.1878151731.000001582EFFE000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallmSLEwIfTGL.exe, 00000000.00000003.1855374086.000001582EFFF000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831A6F000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831A89000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1855229278.00000158319F2000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc9mSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EFCE000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchmSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://support.mozilla.orgmSLEwIfTGL.exe, 00000000.00000003.1868698206.0000015830DE8000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1877494395.0000015831A5E000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1873812276.0000015831DDB000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1877326669.0000015831B42000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1877326669.0000015831B4A000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1868698206.0000015830DE0000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesmSLEwIfTGL.exe, 00000000.00000003.1855374086.000001582EFFF000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831A6F000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831A89000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1855229278.00000158319F2000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854811805.0000015831A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LmSLEwIfTGL.exe, 00000000.00000002.2032359148.000001582EFCE000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://ns.microsoft.t/RegimSLEwIfTGL.exe, 00000000.00000003.1852899928.0000015830C51000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.2031707337.0000015830C60000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.2031677658.0000015830C60000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.2031796016.0000015830C64000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=mSLEwIfTGL.exe, 00000000.00000003.1854232533.0000015831A46000.00000004.00000020.00020000.00000000.sdmp, mSLEwIfTGL.exe, 00000000.00000003.1854551100.0000015831A46000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94mSLEwIfTGL.exe, 00000000.00000003.1878151731.000001582EFFE000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              176.124.204.206
                              		unknownRussian Federation
                              		59652GULFSTREAMUAtrue
                              172.67.74.152
                              		api.ipify.orgUnited States
                              		13335CLOUDFLARENETUSfalse

                              General Information

                              Joe Sandbox version:41.0.0 Charoite
                              Analysis ID:1520463
                              Start date and time:2024-09-27 11:23:48 +02:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 4m 15s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:4
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:mSLEwIfTGL.exe
                              renamed because original name is a hash value
                              Original Sample Name:bce5589932044903237879f0e9e4840e.exe
                              Detection:MAL
                              Classification:mal96.troj.spyw.winEXE@1/0@1/2
                              EGA Information:
                              • Successful, ratio: 100%
                              HCA Information:
                              • Successful, ratio: 96%
                              • Number of executed functions: 93
                              • Number of non-executed functions: 92
                              Cookbook Comments:
                              • Found application associated with file extension: .exe
                              • Stop behavior analysis, all processes terminated

                              Warnings

                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, d.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing disassembly code.
                              • Report size exceeded maximum capacity and may have missing network information.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • VT rate limit hit for: mSLEwIfTGL.exe

                              Simulations

                              Behavior and APIs

                              No simulations

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              172.67.74.152file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                              • api.ipify.org/
                              file.exeGet hashmaliciousUnknownBrowse
                              • api.ipify.org/
                              file.exeGet hashmaliciousLummaC, VidarBrowse
                              • api.ipify.org/
                              file.exeGet hashmaliciousLummaC, VidarBrowse
                              • api.ipify.org/
                              file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                              • api.ipify.org/
                              file.exeGet hashmaliciousLummaC, VidarBrowse
                              • api.ipify.org/
                              file.exeGet hashmaliciousLummaC, VidarBrowse
                              • api.ipify.org/
                              file.exeGet hashmaliciousLummaC, VidarBrowse
                              • api.ipify.org/
                              file.exeGet hashmaliciousLummaC, VidarBrowse
                              • api.ipify.org/
                              file.exeGet hashmaliciousUnknownBrowse
                              • api.ipify.org/

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              api.ipify.orgRTGS-WB-ABS-240730-NEW.lnkGet hashmaliciousAgentTeslaBrowse
                              • 172.67.74.152
                              Purchase order.exeGet hashmaliciousAgentTeslaBrowse
                              • 172.67.74.152
                              https://mzansibonds.com/dshk/tmpasdfghjklkjhgfdewertyuioiuytresdxcvbnmnbvfcdsew345678987654rewsdfvgbhnjhbgvfdesw23e45678uijdhgfcsvzbdncqasdcxw.phpGet hashmaliciousHTMLPhisherBrowse
                              • 104.26.13.205
                              http://correctingservicesalakks.pages.dev/Get hashmaliciousUnknownBrowse
                              • 104.26.12.205
                              file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                              • 104.26.12.205
                              file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                              • 104.26.12.205
                              https://lothanse-heracklarne.pages.dev/help/contact/547074160798771Get hashmaliciousHTMLPhisherBrowse
                              • 104.26.13.205
                              file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                              • 172.67.74.152
                              file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, Stealc, VidarBrowse
                              • 104.26.13.205
                              file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                              • 104.26.13.205

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              GULFSTREAMUAhttps://darlin.com.au/Get hashmaliciousUnknownBrowse
                              • 176.124.222.157
                              LisectAVT_2403002A_415.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 176.124.220.79
                              qObijSd3Uj.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 176.124.220.79
                              zqixOh6Ktr.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                              • 176.124.192.196
                              FaOty5cPp0.elfGet hashmaliciousUnknownBrowse
                              • 176.124.192.196
                              Xzia5WAjUb.elfGet hashmaliciousUnknownBrowse
                              • 176.124.192.196
                              a7GTGrV0u5.elfGet hashmaliciousUnknownBrowse
                              • 176.124.192.196
                              Jy730hXzc6.elfGet hashmaliciousUnknownBrowse
                              • 176.124.192.196
                              uWnjyWVnz5.elfGet hashmaliciousUnknownBrowse
                              • 176.124.192.196
                              oEsBkfNz24.elfGet hashmaliciousUnknownBrowse
                              • 176.124.192.196
                              CLOUDFLARENETUSkewyIO69TI.exeGet hashmaliciousLummaCBrowse
                              • 104.21.58.182
                              bfINGx7hvL.exeGet hashmaliciousLummaCBrowse
                              • 188.114.97.3
                              gZzI6gTYn4.exeGet hashmaliciousLummaCBrowse
                              • 188.114.96.3
                              9q24V7OSys.exeGet hashmaliciousFormBookBrowse
                              • 104.21.69.238
                              GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 188.114.97.3
                              U6b3tLFqN5.exeGet hashmaliciousLummaCBrowse
                              • 188.114.96.3
                              GEsD6lobvy.htaGet hashmaliciousCobalt Strike, Snake KeyloggerBrowse
                              • 188.114.97.3
                              GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 188.114.96.3
                              FACTORY NEW PURCHASE ORDER.docGet hashmaliciousUnknownBrowse
                              • 162.159.130.233
                              https://strato.de-sys.online/HJd9cn-2tRRO-rDZDs-D6p99-HbdYU-wK4oY-FICwzl/index.htmlGet hashmaliciousHTMLPhisherBrowse
                              • 104.18.94.41

                              JA3 Fingerprints

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              37f463bf4616ecd445d4a1937da06e19#docs_8299010377388200191-pdf.jsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 172.67.74.152
                              175-33-26-24.HTA.htaGet hashmaliciousUnknownBrowse
                              • 172.67.74.152
                              zlsXub68El.exeGet hashmaliciousVidarBrowse
                              • 172.67.74.152
                              file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                              • 172.67.74.152
                              SecuriteInfo.com.Adware.DownwareNET.4.15389.24193.exeGet hashmaliciousUnknownBrowse
                              • 172.67.74.152
                              file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                              • 172.67.74.152
                              SecuriteInfo.com.Adware.DownwareNET.4.15389.24193.exeGet hashmaliciousUnknownBrowse
                              • 172.67.74.152
                              file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                              • 172.67.74.152
                              file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, Stealc, VidarBrowse
                              • 172.67.74.152
                              file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                              • 172.67.74.152

                              Dropped Files

                              No context

                              Created / dropped Files

                              No created / dropped files found

                              Static File Info

                              General

                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                              Entropy (8bit):6.389131086793418
                              TrID:
                              • Win64 Executable GUI (202006/5) 92.65%
                              • Win64 Executable (generic) (12005/4) 5.51%
                              • Generic Win/DOS Executable (2004/3) 0.92%
                              • DOS Executable Generic (2002/1) 0.92%
                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                              File name:mSLEwIfTGL.exe
                              File size:1'117'696 bytes
                              MD5:bce5589932044903237879f0e9e4840e
                              SHA1:2df044c89198fde64eb0b5a7c8182addf3486a2b
                              SHA256:1c123f8cd194d826aaa48e97fa67b9db9faa1a5a1ada139f367d56904f6e0c04
                              SHA512:51b487e2cca437e77bd45a19fee976e04ab3e64f5723c946757566d77961e3420a779d2c55af1b607a5c8930370288dadaa6862f00645bddf5c8a7c75bc47de3
                              SSDEEP:24576:qBZ3miL8zJa5e9AISUzOL9A5qU7wQmzXrbv4nlxlGYGeIVuj:I3miL8Me9AISUzCDIwQ0X4g5eIVu
                              TLSH:5E354A15195D02EDD5BE817C8E5A9A13F63638460371A7EB16D187523FA3BE0AF3E320
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:%~.~D.R~D.R~D.R.6.S.D.R.6.S.D.R.:.S!D.R.:.SoD.R.:.SvD.R.6.S.D.R.6.SrD.R.6.ShD.R~D.RgE.R.6.ScD.Rj;.SqD.Rj;.R.D.Rj;.S.D.RRich~D.

                              File Icon

                              Icon Hash:90cececece8e8eb0

                              Static PE Info

                              General

                              Entrypoint:0x1400b5d64
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x140000000
                              Subsystem:windows gui
                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                              Time Stamp:0x66F562DB [Thu Sep 26 13:34:19 2024 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:6
                              OS Version Minor:0
                              File Version Major:6
                              File Version Minor:0
                              Subsystem Version Major:6
                              Subsystem Version Minor:0
                              Import Hash:2c34752585cf27cdff9273031768b19e

                              Entrypoint Preview

                              Instruction
                              dec eax
                              sub esp, 28h
                              call 00007F1420DF8F50h
                              dec eax
                              add esp, 28h
                              jmp 00007F1420DF880Fh
                              int3
                              int3
                              and dword ptr [000551E1h], 00000000h
                              ret
                              dec eax
                              mov dword ptr [esp+08h], ebx
                              push ebp
                              dec eax
                              lea ebp, dword ptr [esp-000004C0h]
                              dec eax
                              sub esp, 000005C0h
                              mov ebx, ecx
                              mov ecx, 00000017h
                              call dword ptr [0002250Eh]
                              test eax, eax
                              je 00007F1420DF8996h
                              mov ecx, ebx
                              int 29h
                              mov ecx, 00000003h
                              call 00007F1420DF8959h
                              xor edx, edx
                              dec eax
                              lea ecx, dword ptr [ebp-10h]
                              inc ecx
                              mov eax, 000004D0h
                              call 00007F1420DFA7C0h
                              dec eax
                              lea ecx, dword ptr [ebp-10h]
                              call dword ptr [000224B1h]
                              dec eax
                              mov ebx, dword ptr [ebp+000000E8h]
                              dec eax
                              lea edx, dword ptr [ebp+000004D8h]
                              dec eax
                              mov ecx, ebx
                              inc ebp
                              xor eax, eax
                              call dword ptr [0002249Fh]
                              dec eax
                              test eax, eax
                              je 00007F1420DF89CEh
                              dec eax
                              and dword ptr [esp+38h], 00000000h
                              dec eax
                              lea ecx, dword ptr [ebp+000004E0h]
                              dec eax
                              mov edx, dword ptr [ebp+000004D8h]
                              dec esp
                              mov ecx, eax
                              dec eax
                              mov dword ptr [esp+30h], ecx
                              dec esp
                              mov eax, ebx
                              dec eax
                              lea ecx, dword ptr [ebp+000004E8h]
                              dec eax
                              mov dword ptr [esp+28h], ecx
                              dec eax
                              lea ecx, dword ptr [ebp-10h]
                              dec eax
                              mov dword ptr [esp+20h], ecx
                              xor ecx, ecx
                              call dword ptr [00022466h]
                              dec eax

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x101f280x12c.rdata
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x1150000x1e0.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x10d0000x6f90.pdata
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x1160000xd64.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0xeb6d00x38.rdata
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0xeb7800x28.rdata
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xeb5900x140.rdata
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0xd80000x728.rdata
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x10000xd6ecc0xd7000f7f58667ed931baa011f0542823c202cFalse0.4291583393895349zlib compressed data6.324832116924724IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rdata0xd80000x2b6c80x2b800906e8db590a919e958e9afeb900d475aFalse0.47395272090517243data5.69481860969668IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .data0x1040000x85a40x60005fbcdd9847679f1c63be9c85e41b833eFalse0.08390299479166667data4.559223452785583IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .pdata0x10d0000x6f900x70009f28ea92727e464a67682730ecd8aeb3False0.48489815848214285data6.043376095189614IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              _RDATA0x1140000x15c0x200b52e28908fd472740186bf885f303a5fFalse0.40625data3.345113144897087IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .rsrc0x1150000x1e00x200da9e8769aa702da1ca0713d6a0336d18False0.529296875data4.7122981932940915IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0x1160000xd640xe0036456480ce7be1ea5f3ce9804abc508fFalse0.48046875data5.354911204937075IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              RT_MANIFEST0x1150600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                              Imports

                              DLLImport
                              WS2_32.dllinet_pton, WSAStartup, send, socket, connect, recv, closesocket, htons, WSACleanup
                              CRYPT32.dllCryptUnprotectData
                              WININET.dllHttpQueryInfoW, InternetQueryDataAvailable, InternetReadFile, InternetCloseHandle, InternetOpenW, InternetOpenA, InternetOpenUrlA
                              ntdll.dllNtQuerySystemInformation, RtlInitUnicodeString, NtAllocateVirtualMemory, LdrEnumerateLoadedModules, RtlAcquirePebLock, RtlReleasePebLock, NtQueryObject
                              RstrtMgr.DLLRmGetList, RmStartSession, RmRegisterResources, RmEndSession
                              KERNEL32.dllCompareStringEx, LCMapStringEx, FindFirstFileW, FindNextFileW, FindClose, OpenProcess, CreateToolhelp32Snapshot, Process32NextW, LoadLibraryA, Process32FirstW, CloseHandle, GetSystemInfo, GetProcAddress, LocalFree, FreeLibrary, ExitProcess, MultiByteToWideChar, WideCharToMultiByte, TerminateProcess, GetModuleFileNameW, CreateMutexA, ReleaseMutex, OpenMutexA, ReadFile, GetModuleFileNameA, GetVolumeInformationW, SetHandleInformation, GetGeoInfoA, HeapFree, EnterCriticalSection, GetCurrentProcess, GetStdHandle, GetProcessId, LeaveCriticalSection, CreatePipe, SetFilePointer, InitializeCriticalSectionEx, FreeEnvironmentStringsW, GetModuleHandleA, HeapSize, GetLogicalDriveStringsW, GetFinalPathNameByHandleA, GetTimeZoneInformation, GetLastError, lstrcatW, HeapReAlloc, HeapAlloc, GetUserGeoID, DecodePointer, GetFileSize, DeleteCriticalSection, GetComputerNameW, GetProcessHeap, GlobalMemoryStatusEx, GetModuleHandleW, lstrcpyW, SetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetSystemTimeAsFileTime, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, VirtualAlloc, VirtualProtect, VirtualQuery, GetFileSizeEx, SetFilePointerEx, GetCurrentThreadId, GetFileType, GetStartupInfoW, FlushFileBuffers, WriteFile, GetConsoleOutputCP, GetConsoleMode, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionAndSpinCount, LoadLibraryExW, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ReadConsoleW, RaiseException, SetStdHandle, IsValidCodePage, GetACP, SetEndOfFile, GetCPInfo, GetStringTypeW, CreateFileW, WriteConsoleW, OutputDebugStringW, SetEnvironmentVariableW, SetEvent, ResetEvent, WaitForSingleObjectEx, CreateEventW, QueryPerformanceCounter, InitializeSListHead, RtlUnwindEx, RtlUnwind, RtlPcToFileHeader, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetNativeSystemInfo, GetFileInformationByHandleEx, GetEnvironmentStringsW, CreateProcessA, GetOEMCP, AreFileApisANSI, GetTempPathW, SetFileInformationByHandle, GetFileAttributesExW, GetFileAttributesW, FindFirstFileExW, GetCurrentDirectoryW, GetLocaleInfoEx, FormatMessageA
                              USER32.dllEnumDisplayDevicesW, GetDesktopWindow, GetWindowRect, ReleaseDC, GetSystemMetrics, GetDC
                              GDI32.dllCreateCompatibleBitmap, SelectObject, CreateCompatibleDC, BitBlt, DeleteDC, GetObjectW, DeleteObject, GetDeviceCaps
                              ADVAPI32.dllGetCurrentHwProfileW, RegCloseKey, RegGetValueA, RegQueryValueExA, OpenProcessToken, RegOpenKeyExA, GetUserNameW, RegEnumKeyExA, GetTokenInformation, CredEnumerateA, CredFree
                              SHELL32.dllSHGetKnownFolderPath, ShellExecuteW
                              ole32.dllCoInitializeSecurity, CoGetObject, CoTaskMemFree, CoUninitialize, CoCreateInstance, CoSetProxyBlanket, CoInitializeEx
                              OLEAUT32.dllSysAllocStringByteLen, SysFreeString, SysStringByteLen
                              SHLWAPI.dll
                              gdiplus.dllGdipSaveImageToStream, GdipGetImageEncodersSize, GdipFree, GdiplusStartup, GdiplusShutdown, GdipGetImageEncoders, GdipCloneImage, GdipAlloc, GdipCreateBitmapFromHBITMAP, GdipDisposeImage, GdipCreateBitmapFromScan0

                              Possible Origin

                              Language of compilation systemCountry where language is spokenMap
                              EnglishUnited States

                              Network Behavior

                              Suricata IDS Alerts

                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                              2024-09-27T11:25:03.608969+02002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.449730176.124.204.20615666TCP
                              2024-09-27T11:25:03.608969+02002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.449730176.124.204.20615666TCP
                              2024-09-27T11:25:03.608969+02002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.449730176.124.204.20615666TCP
                              2024-09-27T11:25:03.909389+02002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.449730176.124.204.20615666TCP
                              2024-09-27T11:25:03.909389+02002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.449730176.124.204.20615666TCP
                              2024-09-27T11:25:03.909389+02002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.449730176.124.204.20615666TCP
                              2024-09-27T11:25:03.979117+02002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.449730176.124.204.20615666TCP
                              2024-09-27T11:25:03.979117+02002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.449730176.124.204.20615666TCP

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Sep 27, 2024 11:24:57.382607937 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:24:57.387610912 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:24:57.387702942 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:24:57.457479954 CEST49731443192.168.2.4172.67.74.152
                              Sep 27, 2024 11:24:57.457544088 CEST44349731172.67.74.152192.168.2.4
                              Sep 27, 2024 11:24:57.457609892 CEST49731443192.168.2.4172.67.74.152
                              Sep 27, 2024 11:24:57.533023119 CEST49731443192.168.2.4172.67.74.152
                              Sep 27, 2024 11:24:57.533076048 CEST44349731172.67.74.152192.168.2.4
                              Sep 27, 2024 11:24:57.995872021 CEST44349731172.67.74.152192.168.2.4
                              Sep 27, 2024 11:24:57.995939970 CEST49731443192.168.2.4172.67.74.152
                              Sep 27, 2024 11:24:58.054265022 CEST49731443192.168.2.4172.67.74.152
                              Sep 27, 2024 11:24:58.054291010 CEST44349731172.67.74.152192.168.2.4
                              Sep 27, 2024 11:24:58.054672956 CEST44349731172.67.74.152192.168.2.4
                              Sep 27, 2024 11:24:58.054738998 CEST49731443192.168.2.4172.67.74.152
                              Sep 27, 2024 11:24:58.055905104 CEST49731443192.168.2.4172.67.74.152
                              Sep 27, 2024 11:24:58.103398085 CEST44349731172.67.74.152192.168.2.4
                              Sep 27, 2024 11:24:58.160468102 CEST44349731172.67.74.152192.168.2.4
                              Sep 27, 2024 11:24:58.160536051 CEST44349731172.67.74.152192.168.2.4
                              Sep 27, 2024 11:24:58.160533905 CEST49731443192.168.2.4172.67.74.152
                              Sep 27, 2024 11:24:58.160578012 CEST49731443192.168.2.4172.67.74.152
                              Sep 27, 2024 11:24:58.170435905 CEST49731443192.168.2.4172.67.74.152
                              Sep 27, 2024 11:24:58.170461893 CEST44349731172.67.74.152192.168.2.4
                              Sep 27, 2024 11:25:03.608968973 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.909389019 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.978773117 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.978844881 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.978935957 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.978975058 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.979058027 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.979068995 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.979093075 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.979116917 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.979120970 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.979136944 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.979161978 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.979166031 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.979171991 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.979213953 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.979222059 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.979233027 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.979243994 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.979284048 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.985739946 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.985750914 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.985759974 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.985833883 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.986155987 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.986166000 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.986215115 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.986763000 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.986773014 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.986819029 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.986840963 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.986859083 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.986885071 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.986895084 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.986911058 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.986944914 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.990415096 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.990425110 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.990441084 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.990449905 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.990467072 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.990503073 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.990523100 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.990829945 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.990889072 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.990936041 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.990991116 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.991491079 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.991542101 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.991550922 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.991609097 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.991728067 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.991770029 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.991785049 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.991817951 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.995918989 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.995939016 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996012926 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996093035 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996170998 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996195078 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996203899 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996222019 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996229887 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996258974 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996263027 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996280909 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996296883 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996311903 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996335983 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996380091 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996388912 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996400118 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996429920 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996443033 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996447086 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996476889 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996479034 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996521950 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996526003 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996553898 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996562004 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996568918 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996602058 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996644020 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996654034 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996700048 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996701956 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996711969 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996737003 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996745110 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996757984 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996781111 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996787071 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996807098 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996841908 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996851921 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996860981 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996905088 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996907949 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996913910 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996948004 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996957064 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.996963024 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996985912 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.996993065 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.997020006 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.997044086 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:03.997072935 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:03.997117996 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.000636101 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.000648022 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.000677109 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.000684023 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.000703096 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.000730991 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.000731945 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.000741959 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.000787020 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.002079010 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002089024 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002098083 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002101898 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002145052 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.002146959 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002156019 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002166986 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.002180099 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002190113 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002197027 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.002233982 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.002635002 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002644062 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002679110 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002688885 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002692938 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.002723932 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002732992 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002733946 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.002770901 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002779007 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002784967 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.002788067 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002799034 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002810001 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.002815962 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002825022 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002861977 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.002887011 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.002950907 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002959013 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002968073 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002975941 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002984047 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.002993107 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.003009081 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.003015041 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.003016949 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.003026009 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.003036022 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.003076077 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.003103018 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.003743887 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.003796101 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.003865957 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.003909111 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.003911018 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.003917933 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.003943920 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.003951073 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.003963947 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.003988981 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.003993988 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004004955 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004010916 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004031897 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004040003 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004050016 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004069090 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004085064 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004093885 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004101992 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004129887 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004138947 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004143000 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004163027 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004199028 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004204035 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004209995 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004271030 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004280090 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004291058 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004339933 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004354000 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004363060 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004384995 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004393101 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004406929 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004424095 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004445076 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004452944 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004460096 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004475117 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004482985 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004486084 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004504919 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004515886 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004524946 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004534006 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004554987 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004569054 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004578114 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004590034 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004615068 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004623890 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004626036 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004653931 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004683018 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004705906 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004717112 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004725933 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004734039 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004767895 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004784107 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004786968 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004793882 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004829884 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004849911 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004857063 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004867077 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004903078 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004911900 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004916906 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004935026 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.004961967 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004981995 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.004990101 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.005018950 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.005027056 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.005032063 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.005050898 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.005073071 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.005568027 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.005614996 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.006695032 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.006720066 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.006752968 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.006756067 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.006764889 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.006769896 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.006794930 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.006814003 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.006824970 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.006834030 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.006879091 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.006886005 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.006896019 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.006906986 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.006931067 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.006942987 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.006968975 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.006982088 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.006990910 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.006992102 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007021904 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007042885 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007437944 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007461071 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007486105 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007505894 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007512093 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007523060 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007531881 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007541895 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007555962 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007579088 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007587910 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007595062 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007621050 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007648945 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007648945 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007658958 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007689953 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007710934 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007714987 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007751942 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007760048 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007760048 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007788897 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007797003 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007807970 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007808924 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007857084 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007884026 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007893085 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007932901 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007942915 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007956028 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.007993937 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.007994890 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008004904 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008044004 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008055925 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008066893 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008081913 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008096933 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008104086 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008133888 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008136988 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008152962 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008177996 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008181095 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008187056 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008208036 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008217096 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008223057 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008243084 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008265972 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008280993 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008310080 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008311987 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008320093 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008337021 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008344889 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008349895 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008378029 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008399010 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008428097 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008436918 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008466959 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008474112 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008483887 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008486032 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008507967 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008510113 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008517027 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008528948 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008552074 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008563995 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008572102 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008573055 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008603096 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008620977 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008629084 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008666992 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008708954 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008718014 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008727074 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008743048 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008749008 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008750916 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008779049 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008793116 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008801937 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008805037 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008831024 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008831978 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008841991 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008865118 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008866072 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.008891106 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.008908987 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.009716988 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.009741068 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.009768009 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.009788036 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.009794950 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.009804964 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.009838104 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.009848118 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.009856939 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.009859085 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.009886026 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.009903908 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.009915113 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.009923935 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.009955883 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.009969950 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.009974957 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.009980917 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010010004 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010034084 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010056973 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010066032 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010106087 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010113955 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010154963 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010185957 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010195971 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010204077 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010211945 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010221004 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010226965 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010236979 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010246038 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010261059 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010263920 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010272980 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010277987 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010319948 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010328054 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010339022 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010370016 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010374069 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010384083 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010389090 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010418892 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010427952 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010427952 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010478973 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010512114 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010520935 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010560036 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010580063 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010588884 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010611057 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010620117 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010626078 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010647058 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010667086 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010677099 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010678053 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010706902 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010713100 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010724068 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010725975 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010768890 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010809898 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010821104 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010838032 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010845900 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010854959 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010868073 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010875940 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010890961 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010919094 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.010947943 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010988951 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.010997057 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.011001110 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.011030912 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.011039972 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.011049032 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.011056900 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.011089087 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.011090994 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.011101007 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.011141062 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.011141062 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.011151075 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.011197090 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.011419058 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.011457920 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.014740944 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.014877081 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.014885902 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.014909983 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.014911890 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.014976025 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.015053988 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.015110016 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.015171051 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.015233040 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.015250921 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.060357094 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.060664892 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.060755014 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.060822010 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.060878038 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.060950994 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.061017036 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.061088085 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.061148882 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.061186075 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.070406914 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.070631981 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.070903063 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.070969105 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.071017981 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.071079969 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.071134090 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.071193933 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.071245909 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.071310997 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.071332932 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.076734066 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.076756001 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.076766968 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.076797009 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.076828957 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077403069 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077419043 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077428102 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077438116 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077452898 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077456951 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077461958 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077471972 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077480078 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077490091 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077500105 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077508926 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077524900 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077533007 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077534914 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077541113 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077564955 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077574015 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077580929 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077584982 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077599049 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077610970 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077615976 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077642918 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077651024 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077652931 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077662945 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077672005 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077687025 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077694893 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077702999 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077711105 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077718019 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077734947 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077756882 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077765942 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077774048 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077774048 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077790022 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077799082 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077806950 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077814102 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077815056 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077824116 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077831984 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077841043 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077850103 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077852011 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077857971 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077867985 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077877045 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077892065 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077892065 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077900887 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077909946 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077919006 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077925920 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077933073 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077934027 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077945948 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077951908 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077975035 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077982903 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.077984095 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.077991962 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078001976 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078003883 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.078011036 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078020096 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078027964 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078042984 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078052044 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078058004 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.078058958 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078068972 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078078032 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078093052 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078102112 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078103065 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.078109980 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078119040 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078126907 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078135014 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078136921 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.078145981 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078155041 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078162909 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078171968 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078180075 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.078180075 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078197002 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.078211069 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.078243017 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079293013 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079303980 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079312086 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079336882 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079359055 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079368114 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079379082 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079401016 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079401970 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079411983 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079421997 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079422951 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079459906 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079468966 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079472065 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079478025 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079489946 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079492092 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079536915 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079571009 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079581022 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079588890 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079606056 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079613924 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079618931 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079622030 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079632044 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079634905 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079641104 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079649925 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079658031 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079667091 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079674959 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079683065 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079690933 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079700947 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079710007 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079713106 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079724073 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079734087 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079741001 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079750061 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079750061 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079757929 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079768896 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079777956 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079780102 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079786062 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079803944 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079812050 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079819918 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079828024 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079830885 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079838037 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079850912 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079860926 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079864979 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079869032 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079878092 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079899073 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079907894 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079911947 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079916000 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079926014 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079941988 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.079942942 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079952955 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.079974890 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.080008984 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.080559969 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080571890 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080610037 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080619097 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080621004 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.080629110 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080637932 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080655098 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080661058 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.080663919 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080673933 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080682039 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080688000 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.080692053 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080739021 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.080763102 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.080815077 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080823898 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080832958 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080849886 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080857992 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080866098 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.080867052 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080877066 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080884933 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.080885887 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080895901 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080904961 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080919981 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080929041 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080936909 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080940962 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080941916 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.080944061 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080960989 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080970049 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.080972910 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081027985 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081049919 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081058979 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081068993 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081078053 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081085920 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081094027 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081099987 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081110001 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081119061 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081129074 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081130028 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081137896 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081146955 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081156015 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081171989 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081180096 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081264973 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081273079 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081289053 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081293106 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081304073 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081314087 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081322908 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081326962 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081331968 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081341028 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081341982 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081351042 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081358910 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081376076 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081382990 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081384897 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081393003 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081403017 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081409931 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081410885 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081419945 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081429005 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081438065 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081439018 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081446886 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081455946 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081465006 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081473112 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081480980 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081489086 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081499100 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081506968 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081515074 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081523895 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081526995 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081537008 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081547022 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081547976 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081556082 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081564903 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081569910 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081573963 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081583023 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081599951 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081603050 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081609011 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081618071 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081626892 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081634998 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081635952 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081644058 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081653118 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081667900 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081676006 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081685066 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081686974 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081692934 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081701994 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081712008 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081721067 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081721067 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081731081 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081739902 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081746101 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081748962 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081765890 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081767082 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081775904 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081784964 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081793070 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081800938 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081800938 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081810951 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081820011 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081828117 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081836939 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081845045 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081851959 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081852913 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081864119 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081878901 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081882954 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081892967 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081902981 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081911087 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081918001 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081919909 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081927061 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081938028 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081939936 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081948042 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081958055 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081962109 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.081965923 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081984043 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.081991911 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082000017 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082007885 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082007885 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.082016945 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082026958 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082036972 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082042933 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.082046032 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082056046 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082065105 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082079887 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.082081079 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082091093 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082099915 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082107067 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082113028 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.082115889 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082124949 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082134008 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082144976 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.082149029 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082159042 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082166910 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.082176924 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.082212925 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.128340006 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.128567934 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.129175901 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.129245996 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.129297018 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.129359007 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.129409075 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.129477024 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.129524946 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.129586935 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.129633904 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.129699945 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.129754066 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.129816055 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.129869938 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.129949093 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.130000114 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.130062103 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.130096912 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.170455933 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.170943975 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.171014071 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.171071053 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.171129942 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.171153069 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.175895929 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.176134109 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.176199913 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.176237106 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.216434956 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.216520071 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.231337070 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.231515884 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.231590986 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.231638908 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.231689930 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.231726885 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.236540079 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.236679077 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.280419111 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.280488968 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.307693005 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.307908058 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.307979107 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.308029890 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.308084965 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.308124065 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.312808037 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.313008070 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.313076973 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.313126087 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.313184977 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.313214064 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.360445976 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.360625982 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.373512983 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.373625994 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.373828888 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.373900890 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.373956919 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.374010086 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.374058008 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.374109030 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.374154091 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.374216080 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.374267101 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.374325037 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.374371052 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.379040956 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.379211903 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.379285097 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.379322052 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.420394897 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.420527935 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.434111118 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.434263945 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.434350967 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.434475899 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.434535980 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.434587955 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.434648037 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.434694052 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.434753895 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.434798002 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.434870958 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.434921026 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.434981108 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.434999943 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.439462900 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.439726114 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.439795971 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.439842939 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.439902067 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.439951897 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.440004110 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.440056086 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.440099001 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.480364084 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.480519056 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.490056038 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.490272045 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.490315914 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.490344048 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.490394115 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.490452051 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.490494967 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.490556002 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.490602970 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.490660906 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.490706921 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.490763903 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.490811110 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.490864038 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.490906954 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.490966082 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.490992069 CEST1566649730176.124.204.206192.168.2.4
                              Sep 27, 2024 11:25:04.491015911 CEST4973015666192.168.2.4176.124.204.206
                              Sep 27, 2024 11:25:04.491074085 CEST4973015666192.168.2.4176.124.204.206

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Sep 27, 2024 11:24:57.444138050 CEST192.168.2.41.1.1.10x1b55Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Sep 27, 2024 11:24:57.451389074 CEST1.1.1.1192.168.2.40x1b55No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                              Sep 27, 2024 11:24:57.451389074 CEST1.1.1.1192.168.2.40x1b55No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                              Sep 27, 2024 11:24:57.451389074 CEST1.1.1.1192.168.2.40x1b55No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false

                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.449731172.67.74.1524432916C:\Users\user\Desktop\mSLEwIfTGL.exe
                              TimestampBytes transferredDirectionData
                              2024-09-27 09:24:58 UTC100OUTGET / HTTP/1.1
                              Accept: text/html; text/plain; */*
                              Host: api.ipify.org
                              Cache-Control: no-cache
                              2024-09-27 09:24:58 UTC211INHTTP/1.1 200 OK
                              Date: Fri, 27 Sep 2024 09:24:58 GMT
                              Content-Type: text/plain
                              Content-Length: 11
                              Connection: close
                              Vary: Origin
                              CF-Cache-Status: DYNAMIC
                              Server: cloudflare
                              CF-RAY: 8c9a71972c827cf3-EWR
                              2024-09-27 09:24:58 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 33 33
                              Data Ascii: 8.46.123.33


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              System Behavior

                              General

                              Target ID:0
                              Start time:05:24:56
                              Start date:27/09/2024
                              Path:C:\Users\user\Desktop\mSLEwIfTGL.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Users\user\Desktop\mSLEwIfTGL.exe"
                              Imagebase:0x7ff76d5f0000
                              File size:1'117'696 bytes
                              MD5 hash:BCE5589932044903237879F0E9E4840E
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              Disassembly

                              Reset < >

                                Execution Graph

                                Execution Coverage:6.8%
                                Dynamic/Decrypted Code Coverage:0%
                                Signature Coverage:41.9%
                                Total number of Nodes:1681
                                Total number of Limit Nodes:58
                                execution_graph 69988 7ff76d682ace 69993 7ff76d683440 69988->69993 69994 7ff76d68345e 69993->69994 69995 7ff76d683491 69994->69995 70028 7ff76d65bc80 69994->70028 70011 7ff76d683d60 69995->70011 69998 7ff76d682ad6 70002 7ff76d6a5220 69998->70002 70000 7ff76d683d60 86 API calls 70001 7ff76d6834ca 70000->70001 70001->69998 70001->70000 70042 7ff76d637540 86 API calls 5 library calls 70001->70042 70003 7ff76d6a5229 70002->70003 70004 7ff76d682b0b 70003->70004 70005 7ff76d6a58a4 IsProcessorFeaturePresent 70003->70005 70006 7ff76d6a58bc 70005->70006 70140 7ff76d6a5a98 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 70006->70140 70008 7ff76d6a58cf 70141 7ff76d6a5870 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 70008->70141 70012 7ff76d683d83 70011->70012 70015 7ff76d683d7d 70011->70015 70014 7ff76d683d9a 70012->70014 70043 7ff76d642fd0 70012->70043 70013 7ff76d683e07 70013->70001 70014->70015 70017 7ff76d683e34 70014->70017 70015->70013 70016 7ff76d65bc80 86 API calls 70015->70016 70016->70013 70064 7ff76d61e870 86 API calls 70017->70064 70019 7ff76d683e76 70065 7ff76d6a8404 70019->70065 70021 7ff76d683e87 70025 7ff76d683eb5 70021->70025 70070 7ff76d637540 86 API calls 5 library calls 70021->70070 70023 7ff76d683f60 70023->70001 70024 7ff76d683d60 86 API calls 70024->70025 70025->70023 70025->70024 70071 7ff76d637540 86 API calls 5 library calls 70025->70071 70029 7ff76d65bcc8 70028->70029 70039 7ff76d65be1e 70028->70039 70030 7ff76d65bce4 70029->70030 70034 7ff76d65bd3a 70029->70034 70033 7ff76d65be24 70030->70033 70109 7ff76d6a54e0 70030->70109 70120 7ff76d61d390 86 API calls 2 library calls 70033->70120 70036 7ff76d6a54e0 std::_Facet_Register 86 API calls 70034->70036 70040 7ff76d65bcf8 _Strxfrm 70034->70040 70036->70040 70037 7ff76d65be2a 70038 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70038->70039 70119 7ff76d630670 86 API calls 70039->70119 70040->70038 70041 7ff76d65bde1 ISource 70040->70041 70041->69995 70042->70001 70044 7ff76d64300d 70043->70044 70046 7ff76d643081 70044->70046 70047 7ff76d6430a3 70044->70047 70051 7ff76d64301d ISource 70044->70051 70045 7ff76d6a5220 _Strcoll 8 API calls 70048 7ff76d64324f 70045->70048 70072 7ff76d687764 70046->70072 70050 7ff76d687764 83 API calls 70047->70050 70048->70014 70053 7ff76d6430d1 _Strxfrm 70050->70053 70051->70045 70052 7ff76d6431f1 70052->70051 70055 7ff76d6432d7 70052->70055 70053->70052 70060 7ff76d687764 83 API calls 70053->70060 70062 7ff76d643287 70053->70062 70098 7ff76d637540 86 API calls 5 library calls 70053->70098 70093 7ff76d688d28 70055->70093 70060->70053 70062->70052 70099 7ff76d688244 83 API calls 3 library calls 70062->70099 70064->70019 70066 7ff76d6a8440 RtlPcToFileHeader 70065->70066 70067 7ff76d6a8423 70065->70067 70068 7ff76d6a8467 RaiseException 70066->70068 70069 7ff76d6a8458 70066->70069 70067->70066 70068->70021 70069->70068 70070->70025 70071->70025 70073 7ff76d68779e 70072->70073 70074 7ff76d687780 70072->70074 70100 7ff76d687a4c EnterCriticalSection 70073->70100 70101 7ff76d68d1cc 11 API calls _get_daylight 70074->70101 70077 7ff76d687785 70102 7ff76d688d08 83 API calls _invalid_parameter_noinfo 70077->70102 70084 7ff76d687790 70084->70051 70103 7ff76d688b9c 83 API calls 2 library calls 70093->70103 70095 7ff76d688d41 70104 7ff76d688d58 IsProcessorFeaturePresent 70095->70104 70098->70053 70099->70062 70101->70077 70102->70084 70103->70095 70105 7ff76d688d6b 70104->70105 70108 7ff76d688a38 14 API calls 3 library calls 70105->70108 70107 7ff76d688d86 GetCurrentProcess TerminateProcess 70108->70107 70113 7ff76d6a54eb 70109->70113 70111 7ff76d6a5504 70111->70040 70113->70111 70114 7ff76d6a550a 70113->70114 70121 7ff76d6a07a0 70113->70121 70124 7ff76d690aa4 70113->70124 70115 7ff76d6a5515 70114->70115 70131 7ff76d6a62fc RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 70114->70131 70132 7ff76d61d390 86 API calls 2 library calls 70115->70132 70118 7ff76d6a551b 70119->70033 70120->70037 70133 7ff76d6a07dc 70121->70133 70129 7ff76d696df4 wcsftime 70124->70129 70125 7ff76d696e3f 70139 7ff76d68d1cc 11 API calls _get_daylight 70125->70139 70127 7ff76d696e26 HeapAlloc 70128 7ff76d696e3d 70127->70128 70127->70129 70128->70113 70129->70125 70129->70127 70130 7ff76d6a07a0 std::_Facet_Register 2 API calls 70129->70130 70130->70129 70131->70115 70132->70118 70138 7ff76d6935ac EnterCriticalSection 70133->70138 70139->70128 70140->70008 70142 7ff76d667e8a 70143 7ff76d667ea5 70142->70143 70220 7ff76d66c1c0 70143->70220 70146 7ff76d667fce 70237 7ff76d654e60 70146->70237 70147 7ff76d667ee9 70917 7ff76d66c2b0 87 API calls Concurrency::cancel_current_task 70147->70917 70151 7ff76d668095 OpenMutexA 70153 7ff76d6680da ExitProcess 70151->70153 70154 7ff76d6680e6 CreateMutexExA 70151->70154 70152 7ff76d668090 ISource 70152->70151 70158 7ff76d66811f 70154->70158 70155 7ff76d66825d 70160 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70155->70160 70156 7ff76d667f22 70157 7ff76d667fc5 ExitProcess 70156->70157 70918 7ff76d65f820 100 API calls 4 library calls 70156->70918 70241 7ff76d673030 70158->70241 70161 7ff76d668262 70160->70161 70164 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70161->70164 70168 7ff76d668268 70164->70168 70165 7ff76d668128 ExitProcess 70166 7ff76d668134 70275 7ff76d67ba60 70166->70275 70167 7ff76d667f50 70187 7ff76d667fb7 70167->70187 70919 7ff76d6352c0 126 API calls Concurrency::cancel_current_task 70167->70919 70172 7ff76d667f75 70920 7ff76d631300 RtlPcToFileHeader RaiseException 70172->70920 70176 7ff76d667f85 70921 7ff76d661e50 86 API calls _Strcoll 70176->70921 70182 7ff76d667f95 70922 7ff76d631990 70182->70922 70187->70157 70221 7ff76d66c1d6 70220->70221 70236 7ff76d66c28a 70220->70236 71053 7ff76d665850 70221->71053 70224 7ff76d66c1e8 70227 7ff76d66c239 70224->70227 70232 7ff76d667edf 70224->70232 71093 7ff76d663410 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 70224->71093 70225 7ff76d66c29c 70226 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 70225->70226 70228 7ff76d66c2ad 70226->70228 71094 7ff76d634440 86 API calls 4 library calls 70227->71094 70231 7ff76d66c256 71095 7ff76d6631c0 84 API calls 2 library calls 70231->71095 70232->70146 70232->70147 70234 7ff76d66c279 70235 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 70234->70235 70235->70236 71096 7ff76d663240 84 API calls 2 library calls 70236->71096 70238 7ff76d654e82 70237->70238 70238->70238 71118 7ff76d6565c0 70238->71118 70240 7ff76d654e96 70240->70151 70240->70152 70240->70155 71124 7ff76d679080 GetUserGeoID GetGeoInfoA 70241->71124 70245 7ff76d673086 71138 7ff76d630ac0 70245->71138 70247 7ff76d6730cb 70248 7ff76d630ac0 86 API calls 70247->70248 70249 7ff76d673106 70248->70249 70250 7ff76d673130 WSAStartup 70249->70250 70251 7ff76d67314a socket 70250->70251 70272 7ff76d6731df ISource 70250->70272 70252 7ff76d6731d9 WSACleanup 70251->70252 70253 7ff76d67316a htons inet_pton connect 70251->70253 70252->70272 70254 7ff76d6731cc closesocket 70253->70254 70255 7ff76d673251 70253->70255 70254->70252 71154 7ff76d671dd0 SHGetKnownFolderPath 70255->71154 70256 7ff76d673217 ISource 70258 7ff76d6a5220 _Strcoll 8 API calls 70256->70258 70261 7ff76d668124 70258->70261 70260 7ff76d673350 70263 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70260->70263 70261->70165 70261->70166 70265 7ff76d673356 70263->70265 70264 7ff76d673274 ISource 70264->70265 70266 7ff76d671dd0 88 API calls 70264->70266 70267 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70265->70267 70268 7ff76d6732db 70266->70268 70269 7ff76d67335c 70267->70269 70270 7ff76d6317b0 83 API calls 70268->70270 70271 7ff76d6732f1 70270->70271 70271->70272 70273 7ff76d67334b 70271->70273 70272->70256 70272->70260 70274 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70273->70274 70274->70260 71289 7ff76d679ef0 70275->71289 70285 7ff76d67bae3 71335 7ff76d6798d0 70285->71335 70287 7ff76d67bafd 70288 7ff76d6442c0 86 API calls 70287->70288 70289 7ff76d67bb2a 70288->70289 70290 7ff76d630ac0 86 API calls 70289->70290 70291 7ff76d67bb83 70290->70291 70292 7ff76d630ac0 86 API calls 70291->70292 70293 7ff76d67bbd3 70292->70293 70294 7ff76d6442c0 86 API calls 70293->70294 70295 7ff76d67bc35 70294->70295 70296 7ff76d630ac0 86 API calls 70295->70296 70297 7ff76d67bc93 70296->70297 70298 7ff76d630ac0 86 API calls 70297->70298 70299 7ff76d67bce3 70298->70299 70300 7ff76d6442c0 86 API calls 70299->70300 70301 7ff76d67bd4b 70300->70301 70302 7ff76d630ac0 86 API calls 70301->70302 70303 7ff76d67bda9 70302->70303 70304 7ff76d630ac0 86 API calls 70303->70304 70305 7ff76d67bdf9 70304->70305 70306 7ff76d6442c0 86 API calls 70305->70306 70307 7ff76d67be4e 70306->70307 70308 7ff76d630ac0 86 API calls 70307->70308 70309 7ff76d67be95 70308->70309 70310 7ff76d630ac0 86 API calls 70309->70310 70311 7ff76d67bed1 70310->70311 70312 7ff76d67befb GlobalMemoryStatusEx 70311->70312 70313 7ff76d67bf2b 70312->70313 70314 7ff76d630ac0 86 API calls 70313->70314 70315 7ff76d67bfd6 70314->70315 70316 7ff76d630ac0 86 API calls 70315->70316 70317 7ff76d67c026 70316->70317 70318 7ff76d6442c0 86 API calls 70317->70318 70319 7ff76d67c07c 70318->70319 70320 7ff76d630ac0 86 API calls 70319->70320 70321 7ff76d67c0d8 70320->70321 70322 7ff76d630ac0 86 API calls 70321->70322 70323 7ff76d67c12a 70322->70323 70324 7ff76d6442c0 86 API calls 70323->70324 70325 7ff76d67c17c 70324->70325 70326 7ff76d630ac0 86 API calls 70325->70326 70327 7ff76d67c1db 70326->70327 70328 7ff76d630ac0 86 API calls 70327->70328 70329 7ff76d67c2aa 70328->70329 71342 7ff76d679310 12 API calls 70329->71342 70335 7ff76d67c326 70336 7ff76d630ac0 86 API calls 70335->70336 70337 7ff76d67c37d 70336->70337 70338 7ff76d630ac0 86 API calls 70337->70338 70339 7ff76d67c43a ISource 70338->70339 70341 7ff76d67d3b8 70339->70341 70434 7ff76d67d3b2 70339->70434 71390 7ff76d679140 GetDesktopWindow GetWindowRect 70339->71390 70345 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70341->70345 70343 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70343->70341 70344 7ff76d634380 86 API calls 70346 7ff76d67c540 70344->70346 70347 7ff76d67d3be 70345->70347 70350 7ff76d630ac0 86 API calls 70346->70350 70348 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70347->70348 70349 7ff76d67d3c4 70348->70349 70351 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70349->70351 70353 7ff76d67c599 70350->70353 70352 7ff76d67d3ca 70351->70352 70354 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70352->70354 70355 7ff76d630ac0 86 API calls 70353->70355 70356 7ff76d67d3d0 70354->70356 70359 7ff76d67c6ca ISource 70355->70359 70357 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70356->70357 70358 7ff76d67d3d6 70357->70358 70361 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70358->70361 70359->70347 71404 7ff76d68f67c GetSystemTimeAsFileTime 70359->71404 70363 7ff76d67d3dc 70361->70363 70362 7ff76d67c762 71406 7ff76d690a88 70362->71406 70364 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70363->70364 70366 7ff76d67d3e2 70364->70366 70367 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70366->70367 70368 7ff76d67d3e8 70367->70368 70370 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70368->70370 70369 7ff76d67c794 70371 7ff76d634380 86 API calls 70369->70371 70372 7ff76d67d3ee 70370->70372 70373 7ff76d67c7f1 70371->70373 70374 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70372->70374 70376 7ff76d630ac0 86 API calls 70373->70376 70375 7ff76d67d3f4 70374->70375 70378 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70375->70378 70377 7ff76d67c84a 70376->70377 70380 7ff76d630ac0 86 API calls 70377->70380 70379 7ff76d67d3fa 70378->70379 70381 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70379->70381 70385 7ff76d67c89a ISource memcpy_s 70380->70385 70382 7ff76d67d400 70381->70382 70383 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70382->70383 70384 7ff76d67d406 70383->70384 70386 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70384->70386 70385->70349 70387 7ff76d67c942 GetModuleFileNameA 70385->70387 70388 7ff76d67d40c 70386->70388 70389 7ff76d67c970 70387->70389 70390 7ff76d6340b0 86 API calls 70389->70390 70391 7ff76d67c9b1 70390->70391 70392 7ff76d634380 86 API calls 70391->70392 70393 7ff76d67c9ce 70392->70393 70394 7ff76d630ac0 86 API calls 70393->70394 70395 7ff76d67ca27 70394->70395 70396 7ff76d630ac0 86 API calls 70395->70396 70397 7ff76d67caea ISource 70396->70397 70397->70352 70397->70356 71409 7ff76d67adb0 70397->71409 70434->70343 70917->70156 70918->70167 70919->70172 70920->70176 70921->70182 70923 7ff76d6319a3 70922->70923 70924 7ff76d6319c7 ISource 70922->70924 70923->70924 70925 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 70923->70925 70924->70187 70926 7ff76d6319ed 70925->70926 71054 7ff76d6658a4 _Strcoll 71053->71054 71056 7ff76d665f25 71054->71056 71082 7ff76d665bba ISource 71054->71082 71097 7ff76d662110 71054->71097 71061 7ff76d654e60 87 API calls 71056->71061 71057 7ff76d6659a7 71112 7ff76d66ae60 86 API calls 4 library calls 71057->71112 71058 7ff76d6a5220 _Strcoll 8 API calls 71060 7ff76d665bce 71058->71060 71060->70224 71062 7ff76d665f4a 71061->71062 71113 7ff76d6631c0 84 API calls 2 library calls 71062->71113 71064 7ff76d665f57 71066 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 71064->71066 71065 7ff76d665f67 71071 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71065->71071 71066->71065 71067 7ff76d665f6d 71068 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71067->71068 71070 7ff76d665f73 71068->71070 71069 7ff76d6659ba ISource _Strcoll 71069->71065 71069->71067 71074 7ff76d665b13 71069->71074 71081 7ff76d665c0d ISource 71069->71081 71114 7ff76d61d450 86 API calls 71070->71114 71071->71067 71073 7ff76d665f79 71115 7ff76d61d390 86 API calls 2 library calls 71073->71115 71074->71070 71076 7ff76d665cda 71074->71076 71077 7ff76d665d06 71074->71077 71092 7ff76d665cef ISource _Strcoll _Strxfrm 71074->71092 71076->71073 71080 7ff76d6a54e0 std::_Facet_Register 86 API calls 71076->71080 71079 7ff76d6a54e0 std::_Facet_Register 86 API calls 71077->71079 71077->71092 71078 7ff76d665f7f 71083 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71078->71083 71079->71092 71080->71092 71081->71082 71084 7ff76d665f85 71081->71084 71081->71092 71082->71058 71083->71084 71086 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71084->71086 71085 7ff76d665f11 71087 7ff76d631990 83 API calls 71085->71087 71089 7ff76d665f8b 71086->71089 71090 7ff76d665f1b 71087->71090 71088 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71088->71085 71091 7ff76d631990 83 API calls 71090->71091 71091->71056 71092->71078 71092->71084 71092->71085 71092->71088 71094->70231 71095->70234 71096->70225 71098 7ff76d662148 71097->71098 71111 7ff76d66220e 71097->71111 71099 7ff76d662156 memcpy_s 71098->71099 71102 7ff76d6621ad 71098->71102 71105 7ff76d6621d1 71098->71105 71099->71057 71101 7ff76d662214 71117 7ff76d61d390 86 API calls 2 library calls 71101->71117 71102->71101 71106 7ff76d6a54e0 std::_Facet_Register 86 API calls 71102->71106 71104 7ff76d6621c3 memcpy_s 71104->71057 71105->71104 71108 7ff76d6a54e0 std::_Facet_Register 86 API calls 71105->71108 71109 7ff76d6621be 71106->71109 71107 7ff76d66221a 71108->71104 71109->71104 71110 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71109->71110 71110->71111 71116 7ff76d61d450 86 API calls 71111->71116 71112->71069 71113->71064 71115->71078 71117->71107 71119 7ff76d656685 71118->71119 71122 7ff76d6565f0 _Strxfrm 71118->71122 71123 7ff76d65a790 87 API calls 5 library calls 71119->71123 71121 7ff76d65669a 71121->70240 71122->70240 71123->71121 71172 7ff76d6318d0 71124->71172 71126 7ff76d6790f1 GetGeoInfoA 71128 7ff76d6318d0 86 API calls 71126->71128 71129 7ff76d673063 71128->71129 71130 7ff76d6442c0 71129->71130 71131 7ff76d6442f3 71130->71131 71132 7ff76d6a54e0 std::_Facet_Register 86 API calls 71131->71132 71133 7ff76d644308 71132->71133 71195 7ff76d631a80 71133->71195 71135 7ff76d644325 71136 7ff76d6a5220 _Strcoll 8 API calls 71135->71136 71137 7ff76d64433e 71136->71137 71137->70245 71139 7ff76d630af7 71138->71139 71140 7ff76d630aff 71138->71140 71222 7ff76d6367a0 86 API calls 2 library calls 71139->71222 71146 7ff76d630b99 71140->71146 71212 7ff76d636660 71140->71212 71143 7ff76d630b1d 71144 7ff76d630b50 ISource 71143->71144 71149 7ff76d630b94 71143->71149 71145 7ff76d6a5220 _Strcoll 8 API calls 71144->71145 71147 7ff76d630b7f 71145->71147 71223 7ff76d6363e0 71146->71223 71147->70247 71150 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71149->71150 71150->71146 71152 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 71153 7ff76d630bda 71152->71153 71155 7ff76d671e37 71154->71155 71156 7ff76d671ee5 CoTaskMemFree 71154->71156 71271 7ff76d626990 71155->71271 71157 7ff76d6a5220 _Strcoll 8 API calls 71156->71157 71158 7ff76d671f00 71157->71158 71167 7ff76d6317b0 71158->71167 71160 7ff76d671e69 71161 7ff76d6317b0 83 API calls 71160->71161 71162 7ff76d671e8d 71161->71162 71163 7ff76d671ecd ISource 71162->71163 71164 7ff76d671f12 71162->71164 71163->71156 71165 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71164->71165 71166 7ff76d671f17 71165->71166 71168 7ff76d6317f8 ISource 71167->71168 71169 7ff76d6317c5 71167->71169 71168->70264 71169->71168 71170 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71169->71170 71171 7ff76d631841 71170->71171 71173 7ff76d6318fb 71172->71173 71174 7ff76d6318e5 71172->71174 71177 7ff76d631915 memcpy_s 71173->71177 71178 7ff76d6376b0 71173->71178 71174->71126 71176 7ff76d631961 71176->71126 71177->71126 71179 7ff76d6376de 71178->71179 71180 7ff76d637842 71178->71180 71183 7ff76d637748 71179->71183 71184 7ff76d637774 71179->71184 71193 7ff76d61d450 86 API calls 71180->71193 71182 7ff76d637847 71194 7ff76d61d390 86 API calls 2 library calls 71182->71194 71183->71182 71185 7ff76d637755 71183->71185 71187 7ff76d6a54e0 std::_Facet_Register 86 API calls 71184->71187 71190 7ff76d63775d memcpy_s _Strxfrm 71184->71190 71186 7ff76d6a54e0 std::_Facet_Register 86 API calls 71185->71186 71186->71190 71187->71190 71189 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71191 7ff76d637853 71189->71191 71190->71189 71192 7ff76d6377f1 ISource memcpy_s _Strxfrm 71190->71192 71192->71176 71194->71190 71197 7ff76d631aae 71195->71197 71196 7ff76d631b85 71210 7ff76d61d450 86 API calls 71196->71210 71197->71196 71198 7ff76d631ad2 71197->71198 71201 7ff76d631b4b 71197->71201 71202 7ff76d631b24 71197->71202 71198->71135 71200 7ff76d631b8b 71211 7ff76d61d390 86 API calls 2 library calls 71200->71211 71204 7ff76d631b3d _Strxfrm 71201->71204 71207 7ff76d6a54e0 std::_Facet_Register 86 API calls 71201->71207 71202->71200 71205 7ff76d6a54e0 std::_Facet_Register 86 API calls 71202->71205 71204->71135 71208 7ff76d631b35 71205->71208 71206 7ff76d631b91 71207->71204 71208->71204 71209 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71208->71209 71209->71196 71211->71206 71213 7ff76d636686 71212->71213 71214 7ff76d6366cc 71213->71214 71215 7ff76d636791 71213->71215 71221 7ff76d63673d 71213->71221 71217 7ff76d6a54e0 std::_Facet_Register 86 API calls 71214->71217 71251 7ff76d61d470 86 API calls 71215->71251 71219 7ff76d6366e8 71217->71219 71241 7ff76d632620 71219->71241 71221->71143 71222->71140 71224 7ff76d636437 71223->71224 71253 7ff76d6204b0 71224->71253 71226 7ff76d636473 ISource 71227 7ff76d636647 71226->71227 71228 7ff76d63664d 71226->71228 71231 7ff76d636653 71226->71231 71263 7ff76d6a7164 71226->71263 71229 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71227->71229 71232 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71228->71232 71229->71228 71235 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71231->71235 71232->71231 71233 7ff76d6365c2 71234 7ff76d63660f ISource 71233->71234 71238 7ff76d636642 71233->71238 71237 7ff76d6a5220 _Strcoll 8 API calls 71234->71237 71236 7ff76d636659 71235->71236 71239 7ff76d630bc9 71237->71239 71240 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71238->71240 71239->71152 71240->71227 71242 7ff76d632776 71241->71242 71243 7ff76d632653 71241->71243 71242->71243 71244 7ff76d632783 71242->71244 71245 7ff76d6a5220 _Strcoll 8 API calls 71243->71245 71252 7ff76d636f90 86 API calls 4 library calls 71244->71252 71246 7ff76d632682 71245->71246 71246->71221 71248 7ff76d6327a4 71249 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 71248->71249 71250 7ff76d6327b5 71249->71250 71252->71248 71254 7ff76d6204eb 71253->71254 71257 7ff76d620620 71254->71257 71269 7ff76d637540 86 API calls 5 library calls 71254->71269 71256 7ff76d6206c3 ISource 71258 7ff76d6a5220 _Strcoll 8 API calls 71256->71258 71257->71256 71260 7ff76d6206fc 71257->71260 71259 7ff76d6206e8 71258->71259 71259->71226 71261 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71260->71261 71262 7ff76d620701 ISource __std_exception_destroy 71261->71262 71262->71226 71264 7ff76d6a71ba __std_exception_destroy 71263->71264 71265 7ff76d6a7185 71263->71265 71264->71233 71265->71264 71266 7ff76d690aa4 _Yarn 12 API calls 71265->71266 71267 7ff76d6a71a3 71266->71267 71267->71264 71270 7ff76d68f6ec 83 API calls 2 library calls 71267->71270 71269->71257 71270->71264 71272 7ff76d626ab1 71271->71272 71278 7ff76d6269b6 71271->71278 71288 7ff76d61d450 86 API calls 71272->71288 71273 7ff76d6269c9 _Strxfrm 71273->71160 71275 7ff76d626a03 71277 7ff76d626aac 71275->71277 71281 7ff76d626a4a 71275->71281 71276 7ff76d626a52 71282 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71276->71282 71286 7ff76d626a57 _Strxfrm 71276->71286 71287 7ff76d61d390 86 API calls 2 library calls 71277->71287 71278->71273 71278->71275 71278->71277 71280 7ff76d626a65 71278->71280 71285 7ff76d6a54e0 std::_Facet_Register 86 API calls 71280->71285 71280->71286 71283 7ff76d6a54e0 std::_Facet_Register 86 API calls 71281->71283 71284 7ff76d626abd 71282->71284 71283->71276 71285->71286 71286->71160 71287->71272 71413 7ff76d6a7bf0 71289->71413 71291 7ff76d679f3c EnumDisplayDevicesW 71292 7ff76d679f53 71291->71292 71294 7ff76d679f60 71291->71294 71415 7ff76d661a40 88 API calls 3 library calls 71292->71415 71295 7ff76d6a5220 _Strcoll 8 API calls 71294->71295 71296 7ff76d679f92 71295->71296 71297 7ff76d679e20 RegGetValueA 71296->71297 71298 7ff76d679e9b 71297->71298 71299 7ff76d6a5220 _Strcoll 8 API calls 71298->71299 71300 7ff76d679edd 71299->71300 71301 7ff76d679fb0 71300->71301 71302 7ff76d67a034 ISource 71301->71302 71303 7ff76d67a36d 71302->71303 71416 7ff76d6adb70 GetNativeSystemInfo 71302->71416 71305 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71303->71305 71306 7ff76d67a373 71305->71306 71308 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71306->71308 71307 7ff76d67a118 71310 7ff76d6565c0 87 API calls 71307->71310 71309 7ff76d67a379 71308->71309 71311 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71309->71311 71315 7ff76d67a1ad ISource 71310->71315 71312 7ff76d67a37f 71311->71312 71313 7ff76d67a32b ISource 71314 7ff76d6a5220 _Strcoll 8 API calls 71313->71314 71316 7ff76d67a350 71314->71316 71315->71306 71315->71309 71315->71313 71317 7ff76d67a368 71315->71317 71319 7ff76d679a60 71316->71319 71318 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71317->71318 71318->71303 71417 7ff76d6a6060 71319->71417 71322 7ff76d679aaf 71419 7ff76d661a40 88 API calls 3 library calls 71322->71419 71324 7ff76d679abc 71325 7ff76d6a5220 _Strcoll 8 API calls 71324->71325 71326 7ff76d679aee 71325->71326 71327 7ff76d679b00 71326->71327 71328 7ff76d6a6060 _Strcoll 71327->71328 71329 7ff76d679b10 GetComputerNameW 71328->71329 71330 7ff76d679b5c 71329->71330 71331 7ff76d679b4f 71329->71331 71333 7ff76d6a5220 _Strcoll 8 API calls 71330->71333 71420 7ff76d661a40 88 API calls 3 library calls 71331->71420 71334 7ff76d679b8e 71333->71334 71334->70285 71336 7ff76d6799d0 71335->71336 71421 7ff76d678a50 71336->71421 71338 7ff76d679a2d ISource 71338->70287 71340 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71341 7ff76d679a5c 71340->71341 71343 7ff76d679523 71342->71343 71344 7ff76d67945f SelectObject DeleteDC ReleaseDC DeleteObject 71342->71344 71457 7ff76d671970 71343->71457 71348 7ff76d6794df ISource 71344->71348 71378 7ff76d6794b3 71344->71378 71346 7ff76d6a5220 _Strcoll 8 API calls 71350 7ff76d679502 71346->71350 71348->71346 71349 7ff76d6798c3 71352 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71349->71352 71379 7ff76d6340b0 71350->71379 71351 7ff76d6795af 71468 7ff76d671b00 71351->71468 71353 7ff76d6798c8 71352->71353 71356 7ff76d679685 71357 7ff76d6796ba IStream_Read 71356->71357 71360 7ff76d67967b memcpy_s 71356->71360 71513 7ff76d684640 86 API calls 6 library calls 71356->71513 71359 7ff76d6796cf memcpy_s 71357->71359 71491 7ff76d62ffc0 71359->71491 71360->71357 71365 7ff76d67976b 71366 7ff76d6797dd 71365->71366 71514 7ff76d6333a0 86 API calls Concurrency::cancel_current_task 71365->71514 71510 7ff76d62eb50 71366->71510 71369 7ff76d679805 71370 7ff76d67983e 71369->71370 71371 7ff76d67981a DeleteObject 71369->71371 71372 7ff76d671970 97 API calls 71370->71372 71371->71370 71373 7ff76d679843 EnterCriticalSection 71372->71373 71374 7ff76d67987b LeaveCriticalSection 71373->71374 71375 7ff76d679856 EnterCriticalSection 71373->71375 71374->71348 71374->71378 71376 7ff76d67986e LeaveCriticalSection 71375->71376 71377 7ff76d679868 GdiplusShutdown 71375->71377 71376->71374 71377->71376 71378->71348 71378->71349 71380 7ff76d6318d0 86 API calls 71379->71380 71381 7ff76d63411a 71380->71381 71382 7ff76d6318d0 86 API calls 71381->71382 71383 7ff76d63422d 71382->71383 71384 7ff76d634380 71383->71384 71385 7ff76d6343c4 71384->71385 71386 7ff76d6a54e0 std::_Facet_Register 86 API calls 71385->71386 71387 7ff76d6343d9 71386->71387 71388 7ff76d6a5220 _Strcoll 8 API calls 71387->71388 71389 7ff76d63442d 71388->71389 71389->70335 71391 7ff76d67919a 71390->71391 71608 7ff76d655890 71391->71608 71393 7ff76d679301 71395 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71393->71395 71394 7ff76d6792c0 ISource 71398 7ff76d6a5220 _Strcoll 8 API calls 71394->71398 71396 7ff76d679307 71395->71396 71399 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71396->71399 71397 7ff76d6791d2 ISource 71397->71393 71397->71394 71397->71396 71400 7ff76d6792fc 71397->71400 71401 7ff76d6792eb 71398->71401 71403 7ff76d67930d 71399->71403 71402 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71400->71402 71401->70344 71402->71393 71405 7ff76d68f6b4 71404->71405 71405->70362 71624 7ff76d69091c 71406->71624 71410 7ff76d67aff0 memcpy_s 71409->71410 71411 7ff76d67b0ee GetTimeZoneInformation 71410->71411 71412 7ff76d670ec0 71411->71412 71414 7ff76d6a7bd0 71413->71414 71414->71291 71414->71414 71415->71294 71416->71307 71418 7ff76d679a70 GetUserNameW 71417->71418 71418->71322 71418->71324 71419->71324 71420->71330 71422 7ff76d678ab2 71421->71422 71423 7ff76d678c70 InternetOpenA 71421->71423 71454 7ff76d6a53d0 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 71422->71454 71424 7ff76d678cb7 InternetOpenUrlA 71423->71424 71430 7ff76d678c94 71423->71430 71427 7ff76d678d2a HttpQueryInfoW 71424->71427 71424->71430 71429 7ff76d678d87 HttpQueryInfoW 71427->71429 71427->71430 71428 7ff76d6a5220 _Strcoll 8 API calls 71431 7ff76d679050 71428->71431 71433 7ff76d678ddd 71429->71433 71434 7ff76d678e04 InternetQueryDataAvailable 71429->71434 71430->71428 71431->71338 71431->71340 71455 7ff76d68d010 83 API calls ProcessCodePage 71433->71455 71435 7ff76d678fee InternetCloseHandle 71434->71435 71450 7ff76d678e1f 71434->71450 71435->71430 71437 7ff76d678dec 71437->71434 71439 7ff76d678ebc InternetReadFile 71441 7ff76d678fa8 71439->71441 71453 7ff76d678e71 ISource memcpy_s _Strxfrm 71439->71453 71441->71435 71446 7ff76d678fdd ISource 71441->71446 71449 7ff76d67906b 71441->71449 71443 7ff76d679070 71456 7ff76d61d390 86 API calls 2 library calls 71443->71456 71444 7ff76d6a54e0 std::_Facet_Register 86 API calls 71444->71453 71446->71435 71447 7ff76d6a54e0 std::_Facet_Register 86 API calls 71447->71450 71448 7ff76d679076 71451 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71449->71451 71450->71435 71450->71439 71450->71443 71450->71447 71450->71449 71450->71453 71451->71443 71452 7ff76d678f84 InternetQueryDataAvailable 71452->71435 71452->71453 71453->71439 71453->71441 71453->71444 71453->71449 71453->71450 71453->71452 71455->71437 71456->71448 71458 7ff76d6719fc EnterCriticalSection LeaveCriticalSection GetObjectW 71457->71458 71459 7ff76d671990 71457->71459 71458->71351 71515 7ff76d6a53d0 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 71459->71515 71469 7ff76d671970 97 API calls 71468->71469 71470 7ff76d671b34 71469->71470 71471 7ff76d671b3d EnterCriticalSection 71470->71471 71483 7ff76d671b7c __std_exception_destroy 71470->71483 71472 7ff76d671b4e GdiplusStartup 71471->71472 71473 7ff76d671ba0 LeaveCriticalSection GdipGetImageEncodersSize 71471->71473 71472->71473 71475 7ff76d671b72 LeaveCriticalSection 71472->71475 71474 7ff76d671bbc 71473->71474 71473->71483 71477 7ff76d671bd8 71474->71477 71516 7ff76d671700 8 API calls _Strcoll 71474->71516 71475->71483 71476 7ff76d6a5220 _Strcoll 8 API calls 71478 7ff76d671b8d IStream_Size IStream_Reset 71476->71478 71480 7ff76d690aa4 _Yarn 12 API calls 71477->71480 71482 7ff76d671bdc _Strcoll 71477->71482 71478->71356 71478->71360 71480->71482 71481 7ff76d671c3d GdipGetImageEncoders 71481->71483 71484 7ff76d671c54 71481->71484 71482->71481 71482->71483 71483->71476 71484->71483 71485 7ff76d671cd7 GdipCreateBitmapFromScan0 GdipSaveImageToStream 71484->71485 71486 7ff76d671d42 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 71484->71486 71488 7ff76d671d32 GdipDisposeImage 71485->71488 71489 7ff76d671d40 71485->71489 71487 7ff76d671d9a GdipDisposeImage 71486->71487 71486->71488 71487->71483 71488->71483 71489->71487 71517 7ff76d632230 71491->71517 71496 7ff76d6547b0 71497 7ff76d6547ef 71496->71497 71500 7ff76d654804 71497->71500 71580 7ff76d638af0 86 API calls 2 library calls 71497->71580 71498 7ff76d654837 71501 7ff76d6548e5 71498->71501 71502 7ff76d6548a3 71498->71502 71500->71498 71576 7ff76d6313e0 71500->71576 71582 7ff76d61e870 86 API calls 71501->71582 71504 7ff76d6548b4 SelectObject DeleteDC ReleaseDC DeleteObject 71502->71504 71581 7ff76d6395d0 86 API calls 2 library calls 71502->71581 71504->71365 71506 7ff76d654927 71507 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 71506->71507 71508 7ff76d654938 71507->71508 71600 7ff76d631220 71510->71600 71512 7ff76d62eb9d 71512->71369 71513->71360 71516->71477 71525 7ff76d6336e0 71517->71525 71520 7ff76d6332f0 71521 7ff76d6a54e0 std::_Facet_Register 86 API calls 71520->71521 71522 7ff76d633311 71521->71522 71523 7ff76d6ad090 93 API calls 71522->71523 71524 7ff76d63006a 71523->71524 71524->71496 71526 7ff76d6a54e0 std::_Facet_Register 86 API calls 71525->71526 71527 7ff76d633740 71526->71527 71540 7ff76d6ad090 71527->71540 71529 7ff76d633750 71549 7ff76d633bc0 71529->71549 71532 7ff76d6337e0 71533 7ff76d630039 71532->71533 71564 7ff76d6ad35c 6 API calls std::_Lockit::_Lockit 71532->71564 71533->71520 71535 7ff76d633808 71565 7ff76d61e870 86 API calls 71535->71565 71537 7ff76d633848 71538 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 71537->71538 71539 7ff76d633859 71538->71539 71566 7ff76d6aca6c 71540->71566 71542 7ff76d6ad0b2 71548 7ff76d6ad114 _Strxfrm 71542->71548 71570 7ff76d6ad288 86 API calls std::_Facet_Register 71542->71570 71544 7ff76d6ad0ca 71571 7ff76d6ad2b8 84 API calls std::locale::_Setgloballocale 71544->71571 71546 7ff76d6ad0d5 __std_exception_destroy 71546->71546 71547 7ff76d690aa4 _Yarn 12 API calls 71546->71547 71546->71548 71547->71548 71548->71529 71550 7ff76d6aca6c std::_Lockit::_Lockit 6 API calls 71549->71550 71551 7ff76d633bf0 71550->71551 71552 7ff76d6aca6c std::_Lockit::_Lockit 6 API calls 71551->71552 71554 7ff76d633c15 71551->71554 71552->71554 71553 7ff76d633c8d 71555 7ff76d6a5220 _Strcoll 8 API calls 71553->71555 71554->71553 71573 7ff76d61e510 126 API calls 6 library calls 71554->71573 71556 7ff76d633785 71555->71556 71556->71532 71556->71535 71558 7ff76d633c9f 71559 7ff76d633ca5 71558->71559 71560 7ff76d633d06 71558->71560 71574 7ff76d6ad050 86 API calls std::_Facet_Register 71559->71574 71575 7ff76d61e050 86 API calls 2 library calls 71560->71575 71563 7ff76d633d0b 71564->71533 71565->71537 71567 7ff76d6aca80 71566->71567 71568 7ff76d6aca7b 71566->71568 71567->71542 71572 7ff76d69361c 6 API calls std::_Locinfo::_Locinfo_ctor 71568->71572 71570->71544 71571->71546 71573->71558 71574->71553 71575->71563 71577 7ff76d631406 _Strxfrm 71576->71577 71578 7ff76d63146f 71576->71578 71577->71578 71583 7ff76d631020 71577->71583 71578->71498 71580->71500 71581->71504 71582->71506 71584 7ff76d631046 71583->71584 71598 7ff76d63104b ISource 71583->71598 71585 7ff76d6310ad 71584->71585 71586 7ff76d6310be 71584->71586 71584->71598 71587 7ff76d6a54e0 std::_Facet_Register 86 API calls 71585->71587 71588 7ff76d6310d7 71586->71588 71589 7ff76d6310e6 71586->71589 71591 7ff76d6310e4 71586->71591 71597 7ff76d6310b9 _Strxfrm 71587->71597 71590 7ff76d63120f 71588->71590 71588->71591 71592 7ff76d6a54e0 std::_Facet_Register 86 API calls 71589->71592 71589->71597 71599 7ff76d61d390 86 API calls 2 library calls 71590->71599 71593 7ff76d6a54e0 std::_Facet_Register 86 API calls 71591->71593 71591->71598 71592->71597 71593->71597 71595 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71596 7ff76d63121a 71595->71596 71597->71595 71597->71598 71598->71577 71599->71597 71603 7ff76d632b20 71600->71603 71602 7ff76d63123c 71602->71512 71604 7ff76d632b2f 71603->71604 71605 7ff76d632b7d ISource 71603->71605 71604->71605 71606 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71604->71606 71605->71602 71607 7ff76d632bc2 71606->71607 71609 7ff76d6558dd 71608->71609 71611 7ff76d6559dd 71609->71611 71612 7ff76d655a05 71609->71612 71619 7ff76d6558e2 _Strxfrm 71609->71619 71621 7ff76d655a6d 71609->71621 71613 7ff76d655a73 71611->71613 71614 7ff76d6a54e0 std::_Facet_Register 86 API calls 71611->71614 71615 7ff76d6a54e0 std::_Facet_Register 86 API calls 71612->71615 71612->71619 71623 7ff76d61d390 86 API calls 2 library calls 71613->71623 71617 7ff76d6559f2 71614->71617 71615->71619 71617->71619 71620 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 71617->71620 71618 7ff76d655a79 71619->71397 71620->71621 71622 7ff76d61d450 86 API calls 71621->71622 71623->71618 71645 7ff76d686dc8 71624->71645 71627 7ff76d69097d 71653 7ff76d68d1cc 11 API calls _get_daylight 71627->71653 71629 7ff76d690982 71654 7ff76d688d08 83 API calls _invalid_parameter_noinfo 71629->71654 71630 7ff76d690995 71655 7ff76d690684 14 API calls 3 library calls 71630->71655 71632 7ff76d69098d 71632->70369 71634 7ff76d6909c0 71635 7ff76d6909c4 71634->71635 71636 7ff76d6909c9 71634->71636 71635->71632 71639 7ff76d694454 __free_lconv_num 11 API calls 71635->71639 71656 7ff76d696df4 12 API calls 3 library calls 71636->71656 71638 7ff76d6909d2 71640 7ff76d690a2a 71638->71640 71657 7ff76d69ba60 98 API calls 4 library calls 71638->71657 71639->71632 71659 7ff76d694454 71640->71659 71643 7ff76d6909fa 71643->71640 71658 7ff76d690800 13 API calls 2 library calls 71643->71658 71646 7ff76d686dec 71645->71646 71647 7ff76d686de7 71645->71647 71646->71647 71665 7ff76d6910dc GetLastError 71646->71665 71647->71627 71647->71630 71653->71629 71654->71632 71655->71634 71656->71638 71657->71643 71658->71640 71660 7ff76d694488 71659->71660 71661 7ff76d694459 RtlFreeHeap 71659->71661 71660->71635 71661->71660 71662 7ff76d694474 GetLastError 71661->71662 71663 7ff76d694481 __free_lconv_num 71662->71663 71722 7ff76d68d1cc 11 API calls _get_daylight 71663->71722 71666 7ff76d691100 FlsGetValue 71665->71666 71667 7ff76d69111d FlsSetValue 71665->71667 71668 7ff76d691117 71666->71668 71687 7ff76d69110d 71666->71687 71669 7ff76d69112f 71667->71669 71667->71687 71668->71667 71711 7ff76d694abc 71669->71711 71670 7ff76d691189 SetLastError 71673 7ff76d686e07 71670->71673 71674 7ff76d6911a9 71670->71674 71706 7ff76d693364 71673->71706 71719 7ff76d690aac 83 API calls 2 library calls 71674->71719 71675 7ff76d69115c FlsSetValue 71679 7ff76d691168 FlsSetValue 71675->71679 71680 7ff76d69117a 71675->71680 71676 7ff76d69114c FlsSetValue 71678 7ff76d691155 71676->71678 71684 7ff76d694454 __free_lconv_num 11 API calls 71678->71684 71679->71678 71718 7ff76d690e8c 11 API calls __std_fs_directory_iterator_open 71680->71718 71684->71687 71687->71670 71689 7ff76d691182 71693 7ff76d694454 __free_lconv_num 11 API calls 71689->71693 71693->71670 71707 7ff76d693379 71706->71707 71709 7ff76d686e2a 71706->71709 71707->71709 71721 7ff76d69c75c 83 API calls 3 library calls 71707->71721 71710 7ff76d6933d0 83 API calls TranslateName 71709->71710 71710->71647 71716 7ff76d694acd wcsftime 71711->71716 71712 7ff76d694b1e 71720 7ff76d68d1cc 11 API calls _get_daylight 71712->71720 71713 7ff76d694b02 HeapAlloc 71714 7ff76d69113e 71713->71714 71713->71716 71714->71675 71714->71676 71716->71712 71716->71713 71717 7ff76d6a07a0 std::_Facet_Register 2 API calls 71716->71717 71717->71716 71718->71689 71720->71714 71721->71709 71722->71660 73633 7ff76d68fa55 73634 7ff76d69876c __std_fs_directory_iterator_open 83 API calls 73633->73634 73635 7ff76d68fa5a 73634->73635 73636 7ff76d68fa81 GetModuleHandleW 73635->73636 73637 7ff76d68facb 73635->73637 73636->73637 73638 7ff76d68fa8e 73636->73638 73645 7ff76d68f958 73637->73645 73638->73637 73659 7ff76d68fb88 GetModuleHandleExW 73638->73659 73665 7ff76d6935ac EnterCriticalSection 73645->73665 73660 7ff76d68fbe5 73659->73660 73661 7ff76d68fbbc GetProcAddress 73659->73661 73663 7ff76d68fbf1 73660->73663 73664 7ff76d68fbea FreeLibrary 73660->73664 73662 7ff76d68fbce 73661->73662 73662->73660 73663->73637 73664->73663 73674 7ff76d621d4e 73675 7ff76d621d6c 73674->73675 73676 7ff76d621d54 _Strxfrm 73674->73676 73677 7ff76d621d7d 73675->73677 73678 7ff76d621dcd 73675->73678 73679 7ff76d621dc2 73675->73679 73680 7ff76d6a54e0 std::_Facet_Register 86 API calls 73677->73680 73684 7ff76d6a54e0 std::_Facet_Register 86 API calls 73678->73684 73686 7ff76d621d98 _Strxfrm 73678->73686 73679->73677 73681 7ff76d621e10 73679->73681 73683 7ff76d621d93 73680->73683 73688 7ff76d61d390 86 API calls 2 library calls 73681->73688 73685 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73683->73685 73683->73686 73684->73686 73687 7ff76d621e1b 73685->73687 73688->73683 73689 7ff76d632f11 73690 7ff76d633272 73689->73690 73691 7ff76d632f24 73689->73691 73718 7ff76d630670 86 API calls 73690->73718 73710 7ff76d633960 73691->73710 73694 7ff76d633278 73712 7ff76d633994 73710->73712 73716 7ff76d6339f1 73710->73716 73719 7ff76d637b50 8 API calls _Strcoll 73712->73719 73713 7ff76d633a17 73715 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73713->73715 73717 7ff76d633a1d 73715->73717 73720 7ff76d61d390 86 API calls 2 library calls 73716->73720 73718->73694 73719->73716 73720->73713 73721 7ff76d685d56 73722 7ff76d6827f0 86 API calls 73721->73722 73723 7ff76d685d5e 73722->73723 73724 7ff76d64b750 73725 7ff76d673c90 190 API calls 73724->73725 73726 7ff76d64b785 73725->73726 73727 7ff76d6350b0 86 API calls 73726->73727 73734 7ff76d64b87f ISource 73726->73734 73731 7ff76d64b7a3 73727->73731 73728 7ff76d622bb0 83 API calls 73729 7ff76d64b8af 73728->73729 73730 7ff76d6a5220 _Strcoll 8 API calls 73729->73730 73732 7ff76d64b8c2 73730->73732 73733 7ff76d661cf0 88 API calls 73731->73733 73735 7ff76d64b7d6 ISource 73733->73735 73734->73728 73735->73734 73736 7ff76d64b8d0 73735->73736 73738 7ff76d64b8cb 73735->73738 73737 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73736->73737 73739 7ff76d64b8d6 73737->73739 73740 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73738->73740 73740->73736 73741 7ff76d651a80 73742 7ff76d6203b0 102 API calls 73741->73742 73743 7ff76d651ae0 73742->73743 73744 7ff76d6203b0 102 API calls 73743->73744 73745 7ff76d652370 73744->73745 73746 7ff76d61f020 86 API calls 73745->73746 73758 7ff76d65278c ISource 73745->73758 73748 7ff76d6523a9 73746->73748 73747 7ff76d6a5220 _Strcoll 8 API calls 73749 7ff76d6527b7 73747->73749 73750 7ff76d61eeb0 92 API calls 73748->73750 73751 7ff76d6523b6 73750->73751 73840 7ff76d654a50 73751->73840 73754 7ff76d672b90 214 API calls 73755 7ff76d652483 73754->73755 73756 7ff76d622bb0 83 API calls 73755->73756 73757 7ff76d652753 73756->73757 73757->73758 73759 7ff76d6527d3 73757->73759 73758->73747 73760 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73759->73760 73761 7ff76d6527d8 73760->73761 73762 7ff76d6363e0 86 API calls 73761->73762 73763 7ff76d652811 73762->73763 73764 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 73763->73764 73765 7ff76d652824 73764->73765 73766 7ff76d61fb70 91 API calls 73765->73766 73767 7ff76d652834 73766->73767 73768 7ff76d61fb70 91 API calls 73767->73768 73769 7ff76d652846 73768->73769 73770 7ff76d61fb70 91 API calls 73769->73770 73771 7ff76d652856 73770->73771 73772 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73771->73772 73773 7ff76d65285c 73772->73773 73774 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73773->73774 73775 7ff76d652862 73774->73775 73776 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73775->73776 73777 7ff76d652868 73776->73777 73778 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73777->73778 73779 7ff76d65286e 73778->73779 73780 7ff76d61fb70 91 API calls 73779->73780 73781 7ff76d65287e 73780->73781 73782 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73781->73782 73783 7ff76d652884 73782->73783 73784 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73783->73784 73785 7ff76d65288a 73784->73785 73786 7ff76d61ea20 2 API calls 73785->73786 73787 7ff76d652890 73786->73787 73788 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73787->73788 73789 7ff76d652896 73788->73789 73790 7ff76d61fb70 91 API calls 73789->73790 73791 7ff76d6528a6 73790->73791 73792 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73791->73792 73793 7ff76d6528ac 73792->73793 73794 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73793->73794 73795 7ff76d6528b2 73794->73795 73796 7ff76d61ea20 2 API calls 73795->73796 73797 7ff76d6528b8 73796->73797 73798 7ff76d61f020 86 API calls 73797->73798 73799 7ff76d65290a 73798->73799 73800 7ff76d61eeb0 92 API calls 73799->73800 73801 7ff76d65291b 73800->73801 73802 7ff76d61f320 86 API calls 73801->73802 73803 7ff76d652e15 73802->73803 73804 7ff76d61f3f0 83 API calls 73803->73804 73805 7ff76d652e23 73804->73805 73806 7ff76d626c10 86 API calls 73805->73806 73807 7ff76d65301e 73806->73807 73808 7ff76d671f20 214 API calls 73807->73808 73809 7ff76d653050 73808->73809 73810 7ff76d61f3f0 83 API calls 73809->73810 73811 7ff76d653065 73810->73811 73812 7ff76d61f3f0 83 API calls 73811->73812 73813 7ff76d653073 73812->73813 73844 7ff76d631d90 127 API calls 4 library calls 73813->73844 73815 7ff76d65331d 73845 7ff76d636070 86 API calls 4 library calls 73815->73845 73817 7ff76d653359 73823 7ff76d653d49 73817->73823 73846 7ff76d620310 110 API calls _Strcoll 73817->73846 73819 7ff76d653375 73822 7ff76d653e66 73819->73822 73819->73823 73820 7ff76d622bb0 83 API calls 73821 7ff76d653ddd 73820->73821 73825 7ff76d631990 83 API calls 73821->73825 73824 7ff76d61ea20 2 API calls 73822->73824 73823->73820 73826 7ff76d653e6b 73824->73826 73827 7ff76d653deb 73825->73827 73847 7ff76d61fbe0 91 API calls Concurrency::cancel_current_task 73826->73847 73828 7ff76d61f3f0 83 API calls 73827->73828 73830 7ff76d653df9 73828->73830 73832 7ff76d631990 83 API calls 73830->73832 73834 7ff76d653e07 73832->73834 73837 7ff76d6a5220 _Strcoll 8 API calls 73834->73837 73839 7ff76d653e37 73837->73839 73841 7ff76d654a76 73840->73841 73842 7ff76d6565c0 87 API calls 73841->73842 73843 7ff76d6523c9 73842->73843 73843->73754 73844->73815 73845->73817 73846->73819 73848 7ff76d680381 73849 7ff76d6803ac 73848->73849 73858 7ff76d680397 73848->73858 73851 7ff76d68057c 73849->73851 73855 7ff76d6803b5 73849->73855 73850 7ff76d6805e9 73854 7ff76d680050 8 API calls 73850->73854 73851->73850 73856 7ff76d680050 8 API calls 73851->73856 73852 7ff76d6a5220 _Strcoll 8 API calls 73857 7ff76d68093b 73852->73857 73853 7ff76d68050e 73861 7ff76d680050 8 API calls 73853->73861 73854->73858 73859 7ff76d6376b0 86 API calls 73855->73859 73860 7ff76d680416 memcpy_s 73855->73860 73856->73851 73858->73852 73859->73860 73860->73853 73862 7ff76d680050 8 API calls 73860->73862 73861->73858 73862->73860 73863 7ff76d668142 73864 7ff76d668147 73863->73864 73865 7ff76d62e5a0 133 API calls 73864->73865 73866 7ff76d66814c 73865->73866 73867 7ff76d62ec50 130 API calls 73866->73867 73868 7ff76d668151 73867->73868 73869 7ff76d62fa60 133 API calls 73868->73869 73870 7ff76d668156 73869->73870 73871 7ff76d62c9c0 88 API calls 73870->73871 73872 7ff76d66815b 73871->73872 73873 7ff76d6514c0 110 API calls 73872->73873 73874 7ff76d668160 73873->73874 73875 7ff76d6541a0 110 API calls 73874->73875 73876 7ff76d668165 73875->73876 73877 7ff76d622c20 85 API calls 73876->73877 73878 7ff76d66816a 73877->73878 73879 7ff76d62ae00 225 API calls 73878->73879 73880 7ff76d66816f 73879->73880 73881 7ff76d670550 138 API calls 73880->73881 73882 7ff76d668179 73881->73882 73883 7ff76d62bee0 220 API calls 73882->73883 73884 7ff76d66817e 73883->73884 73885 7ff76d627810 86 API calls 73884->73885 73886 7ff76d668183 73885->73886 73887 7ff76d627b00 89 API calls 73886->73887 73888 7ff76d66818d 73887->73888 73889 7ff76d678210 98 API calls 73888->73889 73890 7ff76d668193 73889->73890 73907 7ff76d662b90 94 API calls 3 library calls 73890->73907 73892 7ff76d6681a0 73893 7ff76d6681b7 73892->73893 73894 7ff76d6681a5 ReleaseMutex CloseHandle 73892->73894 73895 7ff76d6681c6 73893->73895 73896 7ff76d6681c0 73893->73896 73894->73893 73898 7ff76d668200 ISource 73895->73898 73901 7ff76d668263 73895->73901 73908 7ff76d668270 88 API calls 5 library calls 73896->73908 73900 7ff76d6677f0 408 API calls 73898->73900 73899 7ff76d6681c5 73899->73895 73902 7ff76d66822b 73900->73902 73903 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73901->73903 73904 7ff76d6a5220 _Strcoll 8 API calls 73902->73904 73906 7ff76d668268 73903->73906 73905 7ff76d66823d 73904->73905 73907->73892 73908->73899 73909 7ff76d67a380 GetCurrentHwProfileW 73910 7ff76d67a3c8 73909->73910 73912 7ff76d67a428 73909->73912 73917 7ff76d661a40 88 API calls 3 library calls 73910->73917 73913 7ff76d6a5220 _Strcoll 8 API calls 73912->73913 73914 7ff76d67a4a0 73913->73914 73916 7ff76d67a3d7 73916->73912 73918 7ff76d686f98 90 API calls 73916->73918 73917->73916 73918->73916 73919 7ff76d6335e9 73920 7ff76d6a54e0 std::_Facet_Register 86 API calls 73919->73920 73921 7ff76d6335fc 73920->73921 73922 7ff76d631a80 86 API calls 73921->73922 73923 7ff76d633619 73922->73923 73924 7ff76d6a5220 _Strcoll 8 API calls 73923->73924 73925 7ff76d6336a4 73924->73925 73926 7ff76d67a52b RegOpenKeyExA 73927 7ff76d67a555 RegQueryValueExA 73926->73927 73935 7ff76d67a5cd ISource 73926->73935 73932 7ff76d67a594 73927->73932 73927->73935 73928 7ff76d67a62a 73931 7ff76d6a5220 _Strcoll 8 API calls 73928->73931 73929 7ff76d67a624 RegCloseKey 73929->73928 73933 7ff76d67a63d 73931->73933 73934 7ff76d6319f0 83 API calls 73932->73934 73934->73935 73935->73928 73935->73929 73936 7ff76d63356d 73937 7ff76d6a54e0 std::_Facet_Register 86 API calls 73936->73937 73938 7ff76d633580 73937->73938 73943 7ff76d63c7c0 73938->73943 73941 7ff76d6a5220 _Strcoll 8 API calls 73942 7ff76d6336a4 73941->73942 73944 7ff76d6a54e0 std::_Facet_Register 86 API calls 73943->73944 73945 7ff76d63c7f8 73944->73945 73948 7ff76d648080 73945->73948 73949 7ff76d63359d 73948->73949 73950 7ff76d6480b4 73948->73950 73949->73941 73951 7ff76d6a54e0 std::_Facet_Register 86 API calls 73950->73951 73952 7ff76d6480cd 73951->73952 73953 7ff76d631a80 86 API calls 73952->73953 73954 7ff76d6480ea 73953->73954 73955 7ff76d633510 8 API calls 73954->73955 73956 7ff76d6480f8 73955->73956 73957 7ff76d648080 86 API calls 73956->73957 73957->73949 73958 7ff76d6800a8 73959 7ff76d6800ce 73958->73959 73978 7ff76d6800b9 73958->73978 73960 7ff76d6800d7 73959->73960 73971 7ff76d68027b 73959->73971 73962 7ff76d6318d0 86 API calls 73960->73962 73977 7ff76d680131 73960->73977 73961 7ff76d680327 73965 7ff76d680a90 89 API calls 73961->73965 73962->73977 73963 7ff76d6a5220 _Strcoll 8 API calls 73964 7ff76d68093b 73963->73964 73966 7ff76d680340 73965->73966 73970 7ff76d680050 8 API calls 73966->73970 73967 7ff76d680a90 89 API calls 73967->73971 73968 7ff76d6801f0 73969 7ff76d680a90 89 API calls 73968->73969 73973 7ff76d680222 73969->73973 73970->73978 73971->73961 73971->73967 73974 7ff76d680050 8 API calls 73971->73974 73975 7ff76d680050 8 API calls 73973->73975 73974->73971 73975->73978 73976 7ff76d680050 8 API calls 73976->73977 73977->73968 73977->73976 73979 7ff76d680a90 73977->73979 73978->73963 73980 7ff76d680acf 73979->73980 73985 7ff76d680cd3 73979->73985 73981 7ff76d680d4f 73980->73981 73988 7ff76d680cce 73980->73988 73994 7ff76d64adc0 86 API calls 73980->73994 73995 7ff76d64ae20 8 API calls _Strcoll 73981->73995 73984 7ff76d680d70 73986 7ff76d6363e0 86 API calls 73984->73986 73985->73977 73987 7ff76d680d99 73986->73987 73989 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 73987->73989 73988->73985 73990 7ff76d6363e0 86 API calls 73988->73990 73989->73988 73991 7ff76d680de4 73990->73991 73992 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 73991->73992 73993 7ff76d680df5 73992->73993 73994->73980 73995->73984 73996 7ff76d67b136 73999 7ff76d67b148 ISource 73996->73999 73997 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73998 7ff76d67b70b 73997->73998 74000 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 73998->74000 73999->73998 74001 7ff76d66db20 86 API calls 73999->74001 74027 7ff76d67b705 73999->74027 74002 7ff76d67b711 74000->74002 74003 7ff76d67b25a 74001->74003 74005 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74002->74005 74019 7ff76d67b26a ISource 74003->74019 74028 7ff76d637540 86 API calls 5 library calls 74003->74028 74006 7ff76d67b717 74005->74006 74007 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74006->74007 74008 7ff76d67b71d 74007->74008 74009 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74008->74009 74010 7ff76d67b723 74009->74010 74011 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74010->74011 74012 7ff76d67b729 74011->74012 74013 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74012->74013 74014 7ff76d67b72f 74013->74014 74015 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74014->74015 74016 7ff76d67b735 74015->74016 74017 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74016->74017 74018 7ff76d67b73b 74017->74018 74022 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74018->74022 74019->74002 74019->74006 74019->74008 74019->74010 74019->74012 74019->74014 74019->74016 74019->74018 74020 7ff76d67b6b6 ISource 74019->74020 74023 7ff76d67b700 74019->74023 74021 7ff76d6a5220 _Strcoll 8 API calls 74020->74021 74024 7ff76d67b6e4 74021->74024 74025 7ff76d67b741 74022->74025 74026 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74023->74026 74026->74027 74027->73997 74028->74019 74029 7ff76d642e30 74030 7ff76d642e47 74029->74030 74033 7ff76d642e52 _Strxfrm 74029->74033 74031 7ff76d642e63 _Strxfrm 74032 7ff76d642f8d 74032->74031 74034 7ff76d688534 _fread_nolock 92 API calls 74032->74034 74033->74031 74033->74032 74036 7ff76d688534 74033->74036 74034->74031 74039 7ff76d688554 74036->74039 74040 7ff76d68854c 74039->74040 74041 7ff76d68857e 74039->74041 74040->74033 74041->74040 74042 7ff76d6885ca 74041->74042 74043 7ff76d68858d memcpy_s 74041->74043 74052 7ff76d687a4c EnterCriticalSection 74042->74052 74053 7ff76d68d1cc 11 API calls _get_daylight 74043->74053 74048 7ff76d6885a2 74054 7ff76d688d08 83 API calls _invalid_parameter_noinfo 74048->74054 74053->74048 74054->74040 74055 7ff76d627671 74056 7ff76d61f3f0 83 API calls 74055->74056 74057 7ff76d6276a4 FindNextFileW 74056->74057 74058 7ff76d6276c2 74057->74058 74059 7ff76d6a5220 _Strcoll 8 API calls 74058->74059 74060 7ff76d6276e9 74059->74060 74061 7ff76d633236 74062 7ff76d63323b ISource 74061->74062 74063 7ff76d6a5220 _Strcoll 8 API calls 74062->74063 74064 7ff76d63324f 74063->74064 74065 7ff76d64baf0 74066 7ff76d61f020 86 API calls 74065->74066 74067 7ff76d64bb50 74066->74067 74068 7ff76d61eeb0 92 API calls 74067->74068 74069 7ff76d64bb61 74068->74069 74070 7ff76d64e288 74069->74070 74072 7ff76d64bba5 ISource 74069->74072 74071 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74070->74071 74073 7ff76d64e28d 74071->74073 74127 7ff76d64bc7f ISource 74072->74127 74228 7ff76d6333a0 86 API calls Concurrency::cancel_current_task 74072->74228 74076 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74073->74076 74075 7ff76d64c006 74079 7ff76d61f320 86 API calls 74075->74079 74077 7ff76d64e293 74076->74077 74081 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74077->74081 74078 7ff76d626c10 86 API calls 74078->74127 74080 7ff76d64c195 74079->74080 74082 7ff76d64c1d9 ISource 74080->74082 74084 7ff76d64e299 74080->74084 74081->74084 74083 7ff76d6203b0 102 API calls 74082->74083 74085 7ff76d64c20c 74083->74085 74087 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74084->74087 74089 7ff76d633ef0 92 API calls 74085->74089 74118 7ff76d64c85c ISource _Strxfrm 74085->74118 74086 7ff76d6203b0 102 API calls 74086->74127 74088 7ff76d64e29f 74087->74088 74237 7ff76d61fbe0 91 API calls Concurrency::cancel_current_task 74088->74237 74091 7ff76d64c289 74089->74091 74095 7ff76d64e2bc 74091->74095 74096 7ff76d64c298 74091->74096 74093 7ff76d64e30c 74097 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74093->74097 74094 7ff76d64e19d 74099 7ff76d64e1e0 ISource 74094->74099 74164 7ff76d64e4c6 74094->74164 74098 7ff76d61fb70 91 API calls 74095->74098 74102 7ff76d64e2d3 74096->74102 74116 7ff76d64e2e3 74096->74116 74096->74118 74125 7ff76d6203b0 102 API calls 74096->74125 74141 7ff76d620070 88 API calls 74096->74141 74142 7ff76d672b90 214 API calls 74096->74142 74148 7ff76d61f020 86 API calls 74096->74148 74152 7ff76d61eeb0 92 API calls 74096->74152 74156 7ff76d61f3f0 83 API calls 74096->74156 74166 7ff76d631990 83 API calls 74096->74166 74170 7ff76d6442c0 86 API calls 74096->74170 74172 7ff76d622bb0 83 API calls 74096->74172 74203 7ff76d630ac0 86 API calls 74096->74203 74209 7ff76d631a80 86 API calls 74096->74209 74229 7ff76d632870 86 API calls 3 library calls 74096->74229 74230 7ff76d6309e0 86 API calls 3 library calls 74096->74230 74101 7ff76d64e312 74097->74101 74098->74102 74103 7ff76d64e23c ISource 74099->74103 74112 7ff76d64e4cc 74099->74112 74100 7ff76d672b90 214 API calls 74100->74127 74106 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74101->74106 74110 7ff76d61fb70 91 API calls 74102->74110 74104 7ff76d6a5220 _Strcoll 8 API calls 74103->74104 74105 7ff76d64e26d 74104->74105 74113 7ff76d64e318 74106->74113 74107 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74107->74112 74108 7ff76d6203b0 102 API calls 74108->74118 74109 7ff76d622bb0 83 API calls 74109->74127 74110->74116 74111 7ff76d6442c0 86 API calls 74111->74127 74114 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74112->74114 74119 7ff76d61fb70 91 API calls 74113->74119 74117 7ff76d64e4d2 74114->74117 74115 7ff76d626c10 86 API calls 74115->74118 74120 7ff76d61ea20 2 API calls 74116->74120 74118->74093 74118->74101 74118->74108 74118->74113 74118->74115 74121 7ff76d64e328 74118->74121 74123 7ff76d64e2e9 74118->74123 74133 7ff76d64e2ef 74118->74133 74136 7ff76d64e32e 74118->74136 74139 7ff76d64e3c9 74118->74139 74143 7ff76d64e397 74118->74143 74144 7ff76d64e334 74118->74144 74149 7ff76d64e39d 74118->74149 74155 7ff76d64e3a3 74118->74155 74157 7ff76d64e33a 74118->74157 74165 7ff76d64e3b2 74118->74165 74171 7ff76d672b90 214 API calls 74118->74171 74182 7ff76d64e38b 74118->74182 74185 7ff76d622bb0 83 API calls 74118->74185 74190 7ff76d64e391 74118->74190 74191 7ff76d626990 86 API calls 74118->74191 74196 7ff76d61eeb0 92 API calls 74118->74196 74205 7ff76d6442c0 86 API calls 74118->74205 74213 7ff76d630ac0 86 API calls 74118->74213 74217 7ff76d631a80 86 API calls 74118->74217 74218 7ff76d6a54e0 86 API calls std::_Facet_Register 74118->74218 74219 7ff76d632620 86 API calls 74118->74219 74220 7ff76d63b9d0 86 API calls 74118->74220 74222 7ff76d633510 8 API calls 74118->74222 74225 7ff76d64d5b1 ISource _Strxfrm 74118->74225 74231 7ff76d654ad0 92 API calls 2 library calls 74118->74231 74232 7ff76d630c60 86 API calls 74118->74232 74233 7ff76d64af00 111 API calls _Strcoll 74118->74233 74119->74121 74120->74123 74128 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74121->74128 74129 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74123->74129 74124 7ff76d64e3e6 74132 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74124->74132 74125->74096 74127->74073 74127->74075 74127->74077 74127->74078 74127->74086 74127->74088 74127->74100 74127->74109 74127->74111 74131 7ff76d631a80 86 API calls 74127->74131 74134 7ff76d630ac0 86 API calls 74127->74134 74128->74136 74129->74133 74130 7ff76d626c10 86 API calls 74130->74225 74131->74127 74137 7ff76d64e3ec 74132->74137 74238 7ff76d61fbe0 91 API calls Concurrency::cancel_current_task 74133->74238 74134->74127 74135 7ff76d61fb70 91 API calls 74135->74139 74140 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74136->74140 74145 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74137->74145 74138 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74138->74143 74242 7ff76d61fbe0 91 API calls Concurrency::cancel_current_task 74139->74242 74140->74144 74141->74096 74142->74096 74240 7ff76d61d450 86 API calls 74143->74240 74239 7ff76d61d390 86 API calls 2 library calls 74144->74239 74147 7ff76d64e3f2 74145->74147 74151 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74147->74151 74148->74096 74153 7ff76d61ea20 2 API calls 74149->74153 74154 7ff76d64e3f8 74151->74154 74152->74096 74153->74155 74159 7ff76d61fb70 91 API calls 74154->74159 74241 7ff76d61fa60 86 API calls 2 library calls 74155->74241 74156->74096 74168 7ff76d6363e0 86 API calls 74157->74168 74158 7ff76d64e4a9 74246 7ff76d61fbe0 91 API calls Concurrency::cancel_current_task 74158->74246 74162 7ff76d64e408 74159->74162 74169 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74162->74169 74164->74107 74165->74135 74166->74096 74175 7ff76d64e377 74168->74175 74177 7ff76d64e40e 74169->74177 74170->74096 74171->74118 74172->74096 74174 7ff76d64e471 74178 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74174->74178 74179 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 74175->74179 74176 7ff76d64e492 74180 7ff76d61fb70 91 API calls 74176->74180 74183 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74177->74183 74181 7ff76d64e477 74178->74181 74179->74182 74180->74158 74244 7ff76d61d450 86 API calls 74181->74244 74187 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74182->74187 74184 7ff76d64e414 74183->74184 74243 7ff76d61d390 86 API calls 2 library calls 74184->74243 74185->74118 74187->74190 74189 7ff76d64e47d 74192 7ff76d61ea20 2 API calls 74189->74192 74190->74138 74191->74118 74194 7ff76d64e483 74192->74194 74193 7ff76d6203b0 102 API calls 74193->74225 74245 7ff76d61fa60 86 API calls 2 library calls 74194->74245 74195 7ff76d64e41a 74199 7ff76d6363e0 86 API calls 74195->74199 74196->74118 74198 7ff76d672b90 214 API calls 74198->74225 74202 7ff76d64e457 74199->74202 74204 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 74202->74204 74203->74096 74206 7ff76d64e46b 74204->74206 74205->74118 74208 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74206->74208 74207 7ff76d622bb0 83 API calls 74207->74225 74208->74174 74209->74096 74210 7ff76d626990 86 API calls 74210->74225 74211 7ff76d61eeb0 92 API calls 74211->74225 74213->74118 74215 7ff76d6442c0 86 API calls 74215->74225 74216 7ff76d630ac0 86 API calls 74216->74225 74217->74118 74218->74118 74219->74118 74220->74118 74221 7ff76d631a80 86 API calls 74221->74225 74222->74118 74223 7ff76d6a54e0 86 API calls std::_Facet_Register 74223->74225 74224 7ff76d632620 86 API calls 74224->74225 74225->74094 74225->74124 74225->74130 74225->74137 74225->74147 74225->74154 74225->74158 74225->74162 74225->74174 74225->74176 74225->74177 74225->74181 74225->74184 74225->74189 74225->74193 74225->74194 74225->74195 74225->74198 74225->74206 74225->74207 74225->74210 74225->74211 74225->74215 74225->74216 74225->74221 74225->74223 74225->74224 74226 7ff76d633510 8 API calls 74225->74226 74227 7ff76d63b9d0 86 API calls 74225->74227 74234 7ff76d654ad0 92 API calls 2 library calls 74225->74234 74235 7ff76d630c60 86 API calls 74225->74235 74236 7ff76d64af00 111 API calls _Strcoll 74225->74236 74226->74225 74227->74225 74229->74096 74230->74096 74231->74118 74232->74118 74233->74118 74234->74225 74235->74225 74236->74225 74239->74157 74241->74165 74243->74195 74245->74176 74247 7ff76d636d59 74248 7ff76d636d77 74247->74248 74249 7ff76d636de2 74248->74249 74250 7ff76d636db6 74248->74250 74255 7ff76d6a54e0 std::_Facet_Register 86 API calls 74249->74255 74256 7ff76d636dcb _Strxfrm 74249->74256 74251 7ff76d636e6e 74250->74251 74252 7ff76d636dc3 74250->74252 74260 7ff76d61d390 86 API calls 2 library calls 74251->74260 74253 7ff76d6a54e0 std::_Facet_Register 86 API calls 74252->74253 74253->74256 74255->74256 74257 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74256->74257 74258 7ff76d636e35 ISource _Strxfrm 74256->74258 74259 7ff76d636e79 74257->74259 74260->74256 74261 7ff76d690ca0 74272 7ff76d690b04 74261->74272 74263 7ff76d690cc6 74266 7ff76d690d3d 74278 7ff76d690b2c 74266->74278 74269 7ff76d690cfd 74269->74263 74269->74266 74290 7ff76d6957f4 83 API calls 2 library calls 74269->74290 74270 7ff76d690d31 74270->74266 74291 7ff76d695ed0 74270->74291 74273 7ff76d690b1d 74272->74273 74274 7ff76d690b0d 74272->74274 74273->74263 74273->74269 74289 7ff76d690c24 83 API calls ProcessCodePage 74273->74289 74296 7ff76d68d1cc 11 API calls _get_daylight 74274->74296 74276 7ff76d690b12 74297 7ff76d688d08 83 API calls _invalid_parameter_noinfo 74276->74297 74279 7ff76d690b04 _fread_nolock 83 API calls 74278->74279 74280 7ff76d690b51 74279->74280 74281 7ff76d690b60 74280->74281 74282 7ff76d690bf1 74280->74282 74284 7ff76d690b7e 74281->74284 74287 7ff76d690b9c 74281->74287 74307 7ff76d69401c 83 API calls 3 library calls 74282->74307 74306 7ff76d69401c 83 API calls 3 library calls 74284->74306 74285 7ff76d690b8c 74285->74263 74287->74285 74298 7ff76d696b24 74287->74298 74289->74269 74290->74270 74292 7ff76d694abc __std_fs_directory_iterator_open 11 API calls 74291->74292 74293 7ff76d695ef4 74292->74293 74294 7ff76d694454 __free_lconv_num 11 API calls 74293->74294 74295 7ff76d695eff 74294->74295 74295->74266 74296->74276 74297->74273 74299 7ff76d696b54 74298->74299 74308 7ff76d696950 74299->74308 74304 7ff76d696b93 74305 7ff76d696ba8 74304->74305 74320 7ff76d686cc8 83 API calls 2 library calls 74304->74320 74305->74285 74306->74285 74307->74285 74309 7ff76d696999 74308->74309 74310 7ff76d69697d 74308->74310 74311 7ff76d696a27 74309->74311 74313 7ff76d6969d1 74309->74313 74310->74304 74319 7ff76d686cc8 83 API calls 2 library calls 74310->74319 74322 7ff76d688c38 83 API calls 2 library calls 74311->74322 74321 7ff76d69c0a4 EnterCriticalSection 74313->74321 74319->74304 74320->74305 74322->74310 74323 7ff76d680617 74324 7ff76d680621 74323->74324 74325 7ff76d680a90 89 API calls 74324->74325 74326 7ff76d680630 74325->74326 74327 7ff76d6a5220 _Strcoll 8 API calls 74326->74327 74328 7ff76d68093b 74327->74328 74329 7ff76d64e4e0 74514 7ff76d673360 74329->74514 74332 7ff76d64e53b 74335 7ff76d622bb0 83 API calls 74332->74335 74333 7ff76d64e54c memcpy_s 74334 7ff76d64e560 GetModuleFileNameW 74333->74334 74336 7ff76d64e5a0 74334->74336 74337 7ff76d650a99 74335->74337 74336->74336 74340 7ff76d626990 86 API calls 74336->74340 74338 7ff76d6a5220 _Strcoll 8 API calls 74337->74338 74339 7ff76d650aab 74338->74339 74341 7ff76d64e5be 74340->74341 74341->74341 74342 7ff76d626990 86 API calls 74341->74342 74343 7ff76d64e7cb 74342->74343 74344 7ff76d626c10 86 API calls 74343->74344 74345 7ff76d64e7db 74344->74345 74594 7ff76d634980 90 API calls 74345->74594 74347 7ff76d650add 74349 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74347->74349 74348 7ff76d650ae3 74350 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74348->74350 74349->74348 74353 7ff76d650ae9 74350->74353 74352 7ff76d64e7f9 ISource 74352->74347 74352->74348 74354 7ff76d626990 86 API calls 74352->74354 74442 7ff76d64e8ca ISource 74352->74442 74356 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74353->74356 74355 7ff76d64ea70 74354->74355 74357 7ff76d626c10 86 API calls 74355->74357 74359 7ff76d650aef 74356->74359 74358 7ff76d64ea80 74357->74358 74595 7ff76d634980 90 API calls 74358->74595 74362 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74359->74362 74361 7ff76d6203b0 102 API calls 74380 7ff76d64f99a ISource 74361->74380 74363 7ff76d650af5 74362->74363 74365 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74363->74365 74364 7ff76d650b1f 74367 7ff76d61fb70 91 API calls 74364->74367 74366 7ff76d650afb 74365->74366 74373 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74366->74373 74369 7ff76d650b33 74367->74369 74368 7ff76d64ea9f ISource 74368->74353 74368->74359 74368->74368 74371 7ff76d626990 86 API calls 74368->74371 74368->74442 74378 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74369->74378 74370 7ff76d650b19 74374 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74370->74374 74379 7ff76d64ed0b 74371->74379 74372 7ff76d650ad7 74383 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74372->74383 74381 7ff76d650b01 74373->74381 74374->74364 74375 7ff76d650c18 74382 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74375->74382 74376 7ff76d64f31f ISource 74376->74361 74376->74370 74376->74372 74384 7ff76d650ad1 74376->74384 74389 7ff76d650acb 74376->74389 74377 7ff76d650ac6 74387 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74377->74387 74385 7ff76d650b39 74378->74385 74596 7ff76d61efe0 74379->74596 74380->74364 74380->74369 74392 7ff76d64f9c4 ISource 74380->74392 74397 7ff76d671f20 214 API calls 74380->74397 74393 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74381->74393 74388 7ff76d650c1e 74382->74388 74383->74347 74390 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74384->74390 74395 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74385->74395 74387->74389 74394 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74389->74394 74390->74372 74392->74375 74392->74377 74513 7ff76d64fa6e ISource 74392->74513 74398 7ff76d650b07 74393->74398 74394->74384 74399 7ff76d650b3f 74395->74399 74406 7ff76d64fb69 memcpy_s 74397->74406 74400 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74398->74400 74401 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74399->74401 74402 7ff76d650b0d 74400->74402 74404 7ff76d650b45 74401->74404 74409 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74402->74409 74403 7ff76d622bb0 83 API calls 74403->74392 74410 7ff76d61ea20 2 API calls 74404->74410 74405 7ff76d64ed3d 74407 7ff76d626990 86 API calls 74405->74407 74425 7ff76d64ef22 ISource 74405->74425 74485 7ff76d6508ee 74406->74485 74603 7ff76d654cb0 153 API calls Concurrency::cancel_current_task 74406->74603 74411 7ff76d64eef0 74407->74411 74413 7ff76d650b13 74409->74413 74424 7ff76d650b4b 74410->74424 74414 7ff76d61efe0 86 API calls 74411->74414 74412 7ff76d64fba4 74415 7ff76d64fd3a 74412->74415 74416 7ff76d64fbb3 74412->74416 74419 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74413->74419 74417 7ff76d64ef0b 74414->74417 74415->74404 74420 7ff76d6547b0 86 API calls 74415->74420 74604 7ff76d643610 87 API calls 74416->74604 74600 7ff76d634980 90 API calls 74417->74600 74419->74370 74423 7ff76d64fd71 74420->74423 74422 7ff76d64fc07 74430 7ff76d622bb0 83 API calls 74422->74430 74605 7ff76d638af0 86 API calls 2 library calls 74423->74605 74615 7ff76d61e870 86 API calls 74424->74615 74425->74363 74425->74366 74425->74381 74425->74398 74427 7ff76d626990 86 API calls 74425->74427 74425->74442 74429 7ff76d64f210 74427->74429 74428 7ff76d64fd7d 74606 7ff76d643e70 87 API calls 74428->74606 74433 7ff76d626c10 86 API calls 74429->74433 74434 7ff76d64fc78 74430->74434 74436 7ff76d64f220 74433->74436 74434->74385 74437 7ff76d64fcba ISource 74434->74437 74435 7ff76d650b8f 74438 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 74435->74438 74601 7ff76d634980 90 API calls 74436->74601 74437->74399 74437->74513 74440 7ff76d650ba2 74438->74440 74441 7ff76d61ea20 2 API calls 74440->74441 74445 7ff76d650ba8 74441->74445 74442->74392 74442->74402 74442->74413 74602 7ff76d672c80 88 API calls 74442->74602 74443 7ff76d64fd89 74443->74424 74443->74440 74444 7ff76d6abde8 84 API calls 74443->74444 74446 7ff76d64fe94 74444->74446 74616 7ff76d61eaf0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 74445->74616 74446->74445 74447 7ff76d64ff27 74446->74447 74607 7ff76d6abe58 WideCharToMultiByte WideCharToMultiByte GetLastError WideCharToMultiByte GetLastError 74446->74607 74449 7ff76d6565c0 87 API calls 74447->74449 74450 7ff76d650bb6 74447->74450 74451 7ff76d64ff79 74449->74451 74617 7ff76d61eaf0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 74450->74617 74456 7ff76d655890 86 API calls 74451->74456 74454 7ff76d64fee9 74454->74445 74457 7ff76d6318d0 86 API calls 74454->74457 74455 7ff76d650bbe 74459 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74455->74459 74470 7ff76d650022 ISource 74456->74470 74458 7ff76d64ff07 74457->74458 74608 7ff76d6abe58 WideCharToMultiByte WideCharToMultiByte GetLastError WideCharToMultiByte GetLastError 74458->74608 74461 7ff76d650bc4 74459->74461 74462 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74461->74462 74463 7ff76d650bca 74462->74463 74464 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74463->74464 74465 7ff76d650bd0 74464->74465 74466 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74465->74466 74467 7ff76d650bd6 74466->74467 74468 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74467->74468 74469 7ff76d650bdc 74468->74469 74473 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74469->74473 74470->74455 74470->74461 74470->74463 74470->74465 74470->74467 74470->74469 74472 7ff76d650be2 74470->74472 74609 7ff76d672750 98 API calls 6 library calls 74470->74609 74475 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74472->74475 74473->74472 74474 7ff76d650823 74613 7ff76d6ac564 98 API calls 3 library calls 74474->74613 74481 7ff76d650be8 74475->74481 74477 7ff76d65083f 74479 7ff76d622bb0 83 API calls 74477->74479 74478 7ff76d6503a3 74478->74474 74486 7ff76d6503fb 74478->74486 74480 7ff76d65084c ISource 74479->74480 74484 7ff76d650c12 74480->74484 74614 7ff76d643610 87 API calls 74480->74614 74483 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74481->74483 74487 7ff76d650bf4 74483->74487 74488 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74484->74488 74485->74403 74486->74481 74610 7ff76d661fc0 86 API calls memcpy_s 74486->74610 74489 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74487->74489 74488->74375 74490 7ff76d650bfa 74489->74490 74493 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74490->74493 74492 7ff76d6504da ISource 74492->74487 74495 7ff76d650558 ISource 74492->74495 74494 7ff76d650c00 74493->74494 74498 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74494->74498 74495->74490 74497 7ff76d6505b8 ISource 74495->74497 74496 7ff76d65048f 74496->74481 74496->74492 74611 7ff76d6ac564 98 API calls 3 library calls 74497->74611 74500 7ff76d650c06 74498->74500 74503 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74500->74503 74501 7ff76d6505f0 74502 7ff76d622bb0 83 API calls 74501->74502 74504 7ff76d65064e 74502->74504 74505 7ff76d650c0c 74503->74505 74504->74494 74506 7ff76d65068b ISource 74504->74506 74508 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74505->74508 74612 7ff76d643610 87 API calls 74506->74612 74508->74484 74509 7ff76d6506f0 74510 7ff76d622bb0 83 API calls 74509->74510 74511 7ff76d650761 74510->74511 74511->74500 74512 7ff76d6507a3 ISource 74511->74512 74512->74505 74512->74513 74513->74332 74515 7ff76d6733be 74514->74515 74516 7ff76d6734a4 74514->74516 74618 7ff76d6a53d0 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 74515->74618 74518 7ff76d673639 74516->74518 74619 7ff76d6a53d0 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 74516->74619 74520 7ff76d61f320 86 API calls 74518->74520 74522 7ff76d6736a8 ISource 74520->74522 74524 7ff76d6203b0 102 API calls 74522->74524 74526 7ff76d673bb3 74522->74526 74533 7ff76d673719 memcpy_s 74524->74533 74528 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74526->74528 74540 7ff76d673bb9 74528->74540 74532 7ff76d673c72 74627 7ff76d61fbe0 91 API calls Concurrency::cancel_current_task 74532->74627 74541 7ff76d680f30 153 API calls 74533->74541 74552 7ff76d673a58 74533->74552 74536 7ff76d67386a ISource 74539 7ff76d6a5220 _Strcoll 8 API calls 74536->74539 74538 7ff76d673bae 74542 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74538->74542 74543 7ff76d64e531 74539->74543 74624 7ff76d61e870 86 API calls 74540->74624 74545 7ff76d673791 74541->74545 74542->74526 74543->74332 74543->74333 74547 7ff76d6739ec 74545->74547 74548 7ff76d6812e0 89 API calls 74545->74548 74546 7ff76d673be3 74550 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 74546->74550 74547->74536 74623 7ff76d643610 87 API calls 74547->74623 74551 7ff76d6737d3 74548->74551 74553 7ff76d673bf7 74550->74553 74554 7ff76d673872 74551->74554 74555 7ff76d6737f0 74551->74555 74552->74532 74552->74536 74552->74538 74625 7ff76d61e870 86 API calls 74553->74625 74559 7ff76d67fb90 86 API calls 74554->74559 74555->74540 74558 7ff76d673821 74555->74558 74557 7ff76d673c20 74561 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 74557->74561 74562 7ff76d67f9d0 90 API calls 74558->74562 74560 7ff76d673886 74559->74560 74564 7ff76d67389d 74560->74564 74565 7ff76d67391f 74560->74565 74567 7ff76d673c34 74561->74567 74563 7ff76d67382e 74562->74563 74620 7ff76d6427f0 87 API calls 74563->74620 74564->74553 74566 7ff76d6738ce 74564->74566 74569 7ff76d67fb90 86 API calls 74565->74569 74570 7ff76d67f9d0 90 API calls 74566->74570 74626 7ff76d61e870 86 API calls 74567->74626 74573 7ff76d673933 74569->74573 74575 7ff76d6738db 74570->74575 74572 7ff76d67385c 74577 7ff76d61f3f0 83 API calls 74572->74577 74574 7ff76d67fb90 86 API calls 74573->74574 74578 7ff76d673942 74574->74578 74621 7ff76d6427f0 87 API calls 74575->74621 74576 7ff76d673c5e 74579 7ff76d6a8404 Concurrency::cancel_current_task 2 API calls 74576->74579 74577->74536 74580 7ff76d655010 87 API calls 74578->74580 74579->74532 74581 7ff76d673952 74580->74581 74581->74567 74584 7ff76d67f9d0 90 API calls 74581->74584 74583 7ff76d673909 74585 7ff76d61f3f0 83 API calls 74583->74585 74586 7ff76d673991 74584->74586 74585->74536 74587 7ff76d631a80 86 API calls 74586->74587 74588 7ff76d6739a1 74587->74588 74589 7ff76d631990 83 API calls 74588->74589 74590 7ff76d6739ba 74589->74590 74622 7ff76d6427f0 87 API calls 74590->74622 74592 7ff76d6739de 74593 7ff76d61f3f0 83 API calls 74592->74593 74593->74547 74594->74352 74595->74368 74597 7ff76d626c10 86 API calls 74596->74597 74598 7ff76d61f000 74597->74598 74599 7ff76d634980 90 API calls 74598->74599 74599->74405 74600->74425 74601->74442 74602->74376 74603->74412 74604->74422 74605->74428 74606->74443 74607->74454 74608->74447 74609->74478 74610->74496 74611->74501 74612->74509 74613->74477 74614->74485 74615->74435 74620->74572 74621->74583 74622->74592 74623->74552 74624->74546 74625->74557 74626->74576 74628 7ff76d679ba0 74649 7ff76d672cc0 74628->74649 74630 7ff76d679be8 GetVolumeInformationW 74632 7ff76d679c76 ISource memcpy_s 74630->74632 74633 7ff76d679c44 74630->74633 74634 7ff76d679c93 74632->74634 74640 7ff76d632230 127 API calls 74632->74640 74633->74632 74635 7ff76d679e0e 74633->74635 74636 7ff76d6a5220 _Strcoll 8 API calls 74634->74636 74637 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74635->74637 74638 7ff76d679df5 74636->74638 74639 7ff76d679e13 74637->74639 74641 7ff76d679d2a 74640->74641 74642 7ff76d6332f0 93 API calls 74641->74642 74643 7ff76d679d63 74642->74643 74644 7ff76d66d900 119 API calls 74643->74644 74645 7ff76d679d9b 74644->74645 74646 7ff76d62fee0 86 API calls 74645->74646 74647 7ff76d679da8 74646->74647 74648 7ff76d62eb50 83 API calls 74647->74648 74648->74634 74662 7ff76d631620 74649->74662 74652 7ff76d672d1f 74654 7ff76d672dcb 74652->74654 74668 7ff76d6ac0fc GetCurrentDirectoryW 74652->74668 74672 7ff76d637380 86 API calls 5 library calls 74652->74672 74657 7ff76d626990 86 API calls 74654->74657 74661 7ff76d672edf 74654->74661 74656 7ff76d672eec 74659 7ff76d672e3f 74657->74659 74658 7ff76d672ea8 ISource 74658->74630 74659->74658 74660 7ff76d688d28 _invalid_parameter_noinfo_noreturn 83 API calls 74659->74660 74660->74661 74673 7ff76d61fa60 86 API calls 2 library calls 74661->74673 74663 7ff76d631650 74662->74663 74664 7ff76d631635 74662->74664 74665 7ff76d631662 74663->74665 74674 7ff76d637380 86 API calls 5 library calls 74663->74674 74664->74652 74665->74652 74667 7ff76d6316a3 74667->74652 74669 7ff76d6ac11d GetLastError 74668->74669 74670 7ff76d6ac10e 74668->74670 74671 7ff76d6ac112 74669->74671 74670->74669 74670->74671 74671->74652 74672->74652 74673->74656 74674->74667 74675 7ff76d672fa0 74676 7ff76d672fd0 74675->74676 74677 7ff76d6ac138 102 API calls 74676->74677 74678 7ff76d672fe9 74677->74678 74679 7ff76d6a5220 _Strcoll 8 API calls 74678->74679 74680 7ff76d673026 74679->74680

                                Executed Functions

                                Function 00007FF76D64E4E0 Relevance: 84.2, APIs: 36, Strings: 11, Instructions: 1962COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: FileModuleName
                                • String ID: $ --key "$" --type $APPB:$File.exe$cmd /c ""$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$status$6
                                • API String ID: 514040917-1525073170
                                • Opcode ID: fc81f2bb7d1c1a65adef5553010c1d07be3fd6c174a5f1a4ed69ab811980d5f5
                                • Instruction ID: 45efc94292c639f2259578d40a3266a511e58624d5d95cbd7a100f554c97877f
                                • Opcode Fuzzy Hash: fc81f2bb7d1c1a65adef5553010c1d07be3fd6c174a5f1a4ed69ab811980d5f5
                                • Instruction Fuzzy Hash: B5238372E29BC5C9DB609F29E8443EDA361FB85798F405235EA9D07B99EF78D180C310
                                Function 00007FF76D679310 Relevance: 59.9, APIs: 33, Strings: 1, Instructions: 374windowCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 519 7ff76d679310-7ff76d679459 GetSystemMetrics * 4 GetDC GetDeviceCaps * 2 CreateCompatibleDC CreateCompatibleBitmap SelectObject BitBlt SHCreateMemStream 520 7ff76d679523-7ff76d6795ad call 7ff76d671970 EnterCriticalSection LeaveCriticalSection GetObjectW 519->520 521 7ff76d67945f-7ff76d6794b1 SelectObject DeleteDC ReleaseDC DeleteObject 519->521 532 7ff76d67960f-7ff76d67962a 520->532 533 7ff76d6795af-7ff76d6795f5 520->533 523 7ff76d6794b3-7ff76d6794c4 521->523 524 7ff76d6794f0-7ff76d679522 call 7ff76d6a5220 521->524 527 7ff76d6794c6-7ff76d6794d9 523->527 528 7ff76d6794df call 7ff76d6a5240 523->528 527->528 529 7ff76d6798c3-7ff76d6798c8 call 7ff76d688d28 527->529 534 7ff76d6794e4-7ff76d6794eb 528->534 536 7ff76d67962e-7ff76d679679 call 7ff76d671b00 IStream_Size IStream_Reset 532->536 533->536 537 7ff76d6795f7-7ff76d67960d 533->537 534->524 541 7ff76d67967b-7ff76d679683 536->541 542 7ff76d679685 536->542 537->536 543 7ff76d6796ba-7ff76d679769 IStream_Read call 7ff76d6a7bf0 call 7ff76d62ffc0 call 7ff76d6547b0 SelectObject DeleteDC ReleaseDC DeleteObject 541->543 542->543 544 7ff76d679687-7ff76d679691 542->544 559 7ff76d67976b-7ff76d679778 543->559 560 7ff76d679798-7ff76d67979a 543->560 545 7ff76d679693-7ff76d67969f call 7ff76d684640 544->545 546 7ff76d6796a1-7ff76d6796b2 call 7ff76d6a7bf0 544->546 553 7ff76d6796b6 545->553 546->553 553->543 559->560 561 7ff76d67977a-7ff76d679796 559->561 562 7ff76d67979c-7ff76d6797a9 560->562 563 7ff76d6797c7-7ff76d6797cb 560->563 564 7ff76d6797d0-7ff76d6797d3 561->564 562->563 565 7ff76d6797ab-7ff76d6797c5 562->565 563->564 566 7ff76d6797dd-7ff76d679818 call 7ff76d62eb50 564->566 567 7ff76d6797d5-7ff76d6797d8 call 7ff76d6333a0 564->567 565->564 571 7ff76d67983e-7ff76d679854 call 7ff76d671970 EnterCriticalSection 566->571 572 7ff76d67981a-7ff76d679838 DeleteObject 566->572 567->566 575 7ff76d67987b-7ff76d67988d LeaveCriticalSection 571->575 576 7ff76d679856-7ff76d679866 EnterCriticalSection 571->576 572->571 575->524 579 7ff76d679893-7ff76d6798a4 575->579 577 7ff76d67986e-7ff76d679875 LeaveCriticalSection 576->577 578 7ff76d679868 GdiplusShutdown 576->578 577->575 578->577 579->528 580 7ff76d6798aa-7ff76d6798bd 579->580 580->528 580->529
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Object$CriticalSection$Delete$MetricsSystem$CreateEnterLeaveSelectStream_$CapsCompatibleDeviceRelease$BitmapGdiplusReadResetShutdownSizeStream_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 1635401455-3916222277
                                • Opcode ID: b5f24d296b0fa790928331ca9ed313377f52b33d4ae334aa395d37e96a61b700
                                • Instruction ID: 2b4d659568b778c87d8d84fcda4fe66a392363842fd3c7409cc965f8b3560046
                                • Opcode Fuzzy Hash: b5f24d296b0fa790928331ca9ed313377f52b33d4ae334aa395d37e96a61b700
                                • Instruction Fuzzy Hash: 7C027072A28B81CAE720DF75D8442A9B3A2FB497D8F904236EA5D47B58EF3CD444C710
                                Function 00007FF76D64BAF0 Relevance: 54.6, APIs: 22, Strings: 8, Instructions: 2081COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$__std_fs_convert_wide_to_narrow
                                • String ID: cannot use push_back() with $content$directory_iterator::directory_iterator$exists$filename$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
                                • API String ID: 972399972-4250644884
                                • Opcode ID: b425a50d82dcc6c52e39234fdad33192eaad0e5e086318b9b7a9dfd40cb98d37
                                • Instruction ID: c7d1eb88ad3967f0d346d23c775f69df8e125be4754c9ae3e9432e69cbe35d9e
                                • Opcode Fuzzy Hash: b425a50d82dcc6c52e39234fdad33192eaad0e5e086318b9b7a9dfd40cb98d37
                                • Instruction Fuzzy Hash: 27235E62A2DBC2C1DA30EB14E4543EAB362FBC5794F849236D68D43A99EF7CD144CB50
                                Function 00007FF76D67BA60 Relevance: 50.4, APIs: 19, Strings: 9, Instructions: 1387COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1289 7ff76d67ba60-7ff76d67bf29 call 7ff76d679ef0 call 7ff76d679e20 call 7ff76d679fb0 call 7ff76d679a60 call 7ff76d679b00 call 7ff76d67b750 call 7ff76d6798d0 call 7ff76d6442c0 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 call 7ff76d6442c0 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 call 7ff76d6442c0 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 call 7ff76d6442c0 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 GlobalMemoryStatusEx 1352 7ff76d67bf2b-7ff76d67bf30 1289->1352 1353 7ff76d67bf32-7ff76d67bf43 1289->1353 1354 7ff76d67bf47-7ff76d67c27d call 7ff76d632e00 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 call 7ff76d6442c0 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 call 7ff76d6442c0 call 7ff76d621d20 call 7ff76d630ac0 1352->1354 1353->1354 1385 7ff76d67c280-7ff76d67c288 1354->1385 1385->1385 1386 7ff76d67c28a-7ff76d67c2f6 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 call 7ff76d679310 1385->1386 1395 7ff76d67c2fb-7ff76d67c40f call 7ff76d6340b0 call 7ff76d634380 call 7ff76d621d20 call 7ff76d630ac0 1386->1395 1396 7ff76d67c2f8 1386->1396 1405 7ff76d67c410-7ff76d67c418 1395->1405 1396->1395 1405->1405 1406 7ff76d67c41a-7ff76d67c473 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 1405->1406 1413 7ff76d67c4a9-7ff76d67c4cb 1406->1413 1414 7ff76d67c475-7ff76d67c489 1406->1414 1415 7ff76d67c4cd-7ff76d67c4e1 1413->1415 1416 7ff76d67c501-7ff76d67c699 call 7ff76d679140 call 7ff76d634380 call 7ff76d621d20 call 7ff76d630ac0 1413->1416 1417 7ff76d67c48b-7ff76d67c49e 1414->1417 1418 7ff76d67c4a4 call 7ff76d6a5240 1414->1418 1420 7ff76d67c4fc call 7ff76d6a5240 1415->1420 1421 7ff76d67c4e3-7ff76d67c4f6 1415->1421 1442 7ff76d67c6a0-7ff76d67c6a8 1416->1442 1417->1418 1423 7ff76d67d3b3-7ff76d67d3b8 call 7ff76d688d28 1417->1423 1418->1413 1420->1416 1421->1420 1424 7ff76d67d3b9-7ff76d67d3be call 7ff76d688d28 1421->1424 1423->1424 1434 7ff76d67d3bf-7ff76d67d3c4 call 7ff76d688d28 1424->1434 1439 7ff76d67d3c5-7ff76d67d3ca call 7ff76d688d28 1434->1439 1446 7ff76d67d3cb-7ff76d67d3d0 call 7ff76d688d28 1439->1446 1442->1442 1443 7ff76d67c6aa-7ff76d67c6fd call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 1442->1443 1457 7ff76d67c733-7ff76d67c7b0 call 7ff76d68f67c call 7ff76d69067c call 7ff76d690a88 1443->1457 1458 7ff76d67c6ff-7ff76d67c713 1443->1458 1452 7ff76d67d3d1-7ff76d67d3d6 call 7ff76d688d28 1446->1452 1459 7ff76d67d3d7-7ff76d67d3dc call 7ff76d688d28 1452->1459 1475 7ff76d67c7b3-7ff76d67c7bb 1457->1475 1460 7ff76d67c72e call 7ff76d6a5240 1458->1460 1461 7ff76d67c715-7ff76d67c728 1458->1461 1468 7ff76d67d3dd-7ff76d67d3e2 call 7ff76d688d28 1459->1468 1460->1457 1461->1434 1461->1460 1474 7ff76d67d3e3-7ff76d67d3e8 call 7ff76d688d28 1468->1474 1480 7ff76d67d3e9-7ff76d67d3ee call 7ff76d688d28 1474->1480 1475->1475 1477 7ff76d67c7bd-7ff76d67c8d5 call 7ff76d621d20 call 7ff76d634380 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 1475->1477 1507 7ff76d67c90b-7ff76d67c96d call 7ff76d6a7bf0 GetModuleFileNameA 1477->1507 1508 7ff76d67c8d7-7ff76d67c8eb 1477->1508 1486 7ff76d67d3ef-7ff76d67d3f4 call 7ff76d688d28 1480->1486 1492 7ff76d67d3f5-7ff76d67d3fa call 7ff76d688d28 1486->1492 1498 7ff76d67d3fb-7ff76d67d400 call 7ff76d688d28 1492->1498 1504 7ff76d67d401-7ff76d67d406 call 7ff76d688d28 1498->1504 1512 7ff76d67d407-7ff76d67d40f call 7ff76d688d28 1504->1512 1518 7ff76d67c970-7ff76d67c978 1507->1518 1510 7ff76d67c8ed-7ff76d67c900 1508->1510 1511 7ff76d67c906 call 7ff76d6a5240 1508->1511 1510->1439 1510->1511 1511->1507 1518->1518 1519 7ff76d67c97a-7ff76d67cab9 call 7ff76d621d20 call 7ff76d6340b0 call 7ff76d634380 call 7ff76d621d20 call 7ff76d630ac0 1518->1519 1530 7ff76d67cac0-7ff76d67cac8 1519->1530 1530->1530 1531 7ff76d67caca-7ff76d67cb2b call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 1530->1531 1538 7ff76d67cb2d-7ff76d67cb41 1531->1538 1539 7ff76d67cb61-7ff76d67cb89 1531->1539 1542 7ff76d67cb5c call 7ff76d6a5240 1538->1542 1543 7ff76d67cb43-7ff76d67cb56 1538->1543 1540 7ff76d67cbbc-7ff76d67cbef call 7ff76d67adb0 1539->1540 1541 7ff76d67cb8b-7ff76d67cb9c 1539->1541 1550 7ff76d67cbf4-7ff76d67ccfc call 7ff76d6340b0 call 7ff76d634380 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 1540->1550 1551 7ff76d67cbf1 1540->1551 1545 7ff76d67cb9e-7ff76d67cbb1 1541->1545 1546 7ff76d67cbb7 call 7ff76d6a5240 1541->1546 1542->1539 1543->1446 1543->1542 1545->1452 1545->1546 1546->1540 1566 7ff76d67ccfe-7ff76d67cd0f 1550->1566 1567 7ff76d67cd2f-7ff76d67cd4b 1550->1567 1551->1550 1568 7ff76d67cd2a call 7ff76d6a5240 1566->1568 1569 7ff76d67cd11-7ff76d67cd24 1566->1569 1570 7ff76d67cd4d-7ff76d67cd61 1567->1570 1571 7ff76d67cd81-7ff76d67cebe call 7ff76d6340b0 call 7ff76d634380 call 7ff76d621d20 call 7ff76d630ac0 1567->1571 1568->1567 1569->1459 1569->1568 1574 7ff76d67cd7c call 7ff76d6a5240 1570->1574 1575 7ff76d67cd63-7ff76d67cd76 1570->1575 1584 7ff76d67cec0-7ff76d67cec7 1571->1584 1574->1571 1575->1468 1575->1574 1584->1584 1585 7ff76d67cec9-7ff76d67cf1e call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 1584->1585 1592 7ff76d67cf51-7ff76d67cf74 1585->1592 1593 7ff76d67cf20-7ff76d67cf31 1585->1593 1596 7ff76d67cf7a-7ff76d67d043 call 7ff76d6442c0 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d621d20 call 7ff76d630ac0 1592->1596 1597 7ff76d67d048-7ff76d67d0fd call 7ff76d632620 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d621d20 call 7ff76d630ac0 1592->1597 1594 7ff76d67cf4c call 7ff76d6a5240 1593->1594 1595 7ff76d67cf33-7ff76d67cf46 1593->1595 1594->1592 1595->1474 1595->1594 1619 7ff76d67d102-7ff76d67d11d call 7ff76d632e00 1596->1619 1597->1619 1622 7ff76d67d153-7ff76d67d177 1619->1622 1623 7ff76d67d11f-7ff76d67d133 1619->1623 1626 7ff76d67d1ad-7ff76d67d1cf 1622->1626 1627 7ff76d67d179-7ff76d67d18d 1622->1627 1624 7ff76d67d14e call 7ff76d6a5240 1623->1624 1625 7ff76d67d135-7ff76d67d148 1623->1625 1624->1622 1625->1480 1625->1624 1631 7ff76d67d205-7ff76d67d227 1626->1631 1632 7ff76d67d1d1-7ff76d67d1e5 1626->1632 1629 7ff76d67d1a8 call 7ff76d6a5240 1627->1629 1630 7ff76d67d18f-7ff76d67d1a2 1627->1630 1629->1626 1630->1486 1630->1629 1633 7ff76d67d25d-7ff76d67d27f 1631->1633 1634 7ff76d67d229-7ff76d67d23d 1631->1634 1636 7ff76d67d1e7-7ff76d67d1fa 1632->1636 1637 7ff76d67d200 call 7ff76d6a5240 1632->1637 1640 7ff76d67d2b5-7ff76d67d2d7 1633->1640 1641 7ff76d67d281-7ff76d67d295 1633->1641 1638 7ff76d67d258 call 7ff76d6a5240 1634->1638 1639 7ff76d67d23f-7ff76d67d252 1634->1639 1636->1492 1636->1637 1637->1631 1638->1633 1639->1498 1639->1638 1646 7ff76d67d30d-7ff76d67d32f 1640->1646 1647 7ff76d67d2d9-7ff76d67d2ed 1640->1647 1644 7ff76d67d297-7ff76d67d2aa 1641->1644 1645 7ff76d67d2b0 call 7ff76d6a5240 1641->1645 1644->1504 1644->1645 1645->1640 1651 7ff76d67d361-7ff76d67d3ac call 7ff76d6a5220 1646->1651 1652 7ff76d67d331-7ff76d67d345 1646->1652 1649 7ff76d67d308 call 7ff76d6a5240 1647->1649 1650 7ff76d67d2ef-7ff76d67d302 1647->1650 1649->1646 1650->1512 1650->1649 1653 7ff76d67d35c call 7ff76d6a5240 1652->1653 1654 7ff76d67d347-7ff76d67d35a 1652->1654 1653->1651 1654->1653 1657 7ff76d67d3ad-7ff76d67d3b2 call 7ff76d688d28 1654->1657 1657->1423
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$Name$ComputerDevicesDisplayEnumFileGlobalMemoryModuleStatusUserValuewcsftime
                                • String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                • API String ID: 3508509583-1182675529
                                • Opcode ID: 33fd77bb17ad21160df8aa85449941a91be0ba10db99b9be6800edfbca8bac3c
                                • Instruction ID: eb1a3b7d43b4c2745b08f4b95cbc751759b4a491479f0a683e12ba18baf2fa5d
                                • Opcode Fuzzy Hash: 33fd77bb17ad21160df8aa85449941a91be0ba10db99b9be6800edfbca8bac3c
                                • Instruction Fuzzy Hash: 15E28122A28BC5C9D720DF35E8402ED7762FB85788F909635DA8D47B99EF78D284C710
                                Function 00007FF76D6677F0 Relevance: 39.1, APIs: 18, Strings: 4, Instructions: 585COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1662 7ff76d6677f0-7ff76d667823 1663 7ff76d667855-7ff76d66787a call 7ff76d6a5240 1662->1663 1664 7ff76d667825 1662->1664 1669 7ff76d66787c 1663->1669 1670 7ff76d6678a5-7ff76d6678c9 call 7ff76d6a5240 1663->1670 1666 7ff76d667830-7ff76d667853 call 7ff76d66d6d0 call 7ff76d6a5240 1664->1666 1666->1663 1673 7ff76d667880-7ff76d6678a3 call 7ff76d66d6d0 call 7ff76d6a5240 1669->1673 1679 7ff76d6678cb 1670->1679 1680 7ff76d6678e5-7ff76d667902 call 7ff76d6a5240 1670->1680 1673->1670 1683 7ff76d6678d0-7ff76d6678e3 call 7ff76d6a5240 1679->1683 1688 7ff76d667938-7ff76d667968 1680->1688 1689 7ff76d667904-7ff76d667915 1680->1689 1683->1680 1692 7ff76d66796a 1688->1692 1693 7ff76d667995-7ff76d6679c8 call 7ff76d6a5240 call 7ff76d668a90 * 2 1688->1693 1690 7ff76d667917-7ff76d66792a 1689->1690 1691 7ff76d667933 call 7ff76d6a5240 1689->1691 1695 7ff76d667bb4-7ff76d667bb9 call 7ff76d688d28 1690->1695 1696 7ff76d667930 1690->1696 1691->1688 1698 7ff76d667970-7ff76d667993 call 7ff76d66d6d0 call 7ff76d6a5240 1692->1698 1713 7ff76d6679fe-7ff76d667a22 1693->1713 1714 7ff76d6679ca-7ff76d6679db 1693->1714 1706 7ff76d667bba-7ff76d667bbf call 7ff76d688d28 1695->1706 1696->1691 1698->1693 1715 7ff76d667bc0-7ff76d667bc5 call 7ff76d688d28 1706->1715 1719 7ff76d667a58-7ff76d667a79 1713->1719 1720 7ff76d667a24-7ff76d667a35 1713->1720 1716 7ff76d6679dd-7ff76d6679f0 1714->1716 1717 7ff76d6679f9 call 7ff76d6a5240 1714->1717 1734 7ff76d667bc6-7ff76d667bcb call 7ff76d688d28 1715->1734 1716->1706 1723 7ff76d6679f6 1716->1723 1717->1713 1721 7ff76d667aac-7ff76d667ac4 1719->1721 1722 7ff76d667a7b-7ff76d667a89 1719->1722 1726 7ff76d667a37-7ff76d667a4a 1720->1726 1727 7ff76d667a53 call 7ff76d6a5240 1720->1727 1732 7ff76d667af7-7ff76d667b0f 1721->1732 1733 7ff76d667ac6-7ff76d667ad4 1721->1733 1730 7ff76d667a8b-7ff76d667a9e 1722->1730 1731 7ff76d667aa7 call 7ff76d6a5240 1722->1731 1723->1717 1726->1715 1728 7ff76d667a50 1726->1728 1727->1719 1728->1727 1730->1734 1737 7ff76d667aa4 1730->1737 1731->1721 1735 7ff76d667b3e-7ff76d667b56 1732->1735 1736 7ff76d667b11-7ff76d667b1f 1732->1736 1739 7ff76d667ad6-7ff76d667ae9 1733->1739 1740 7ff76d667af2 call 7ff76d6a5240 1733->1740 1746 7ff76d667bcc-7ff76d667c13 call 7ff76d688d28 call 7ff76d672ac0 1734->1746 1744 7ff76d667b58-7ff76d667b65 1735->1744 1745 7ff76d667b84-7ff76d667ba7 1735->1745 1742 7ff76d667b39 call 7ff76d6a5240 1736->1742 1743 7ff76d667b21-7ff76d667b34 1736->1743 1737->1731 1739->1746 1747 7ff76d667aef 1739->1747 1740->1732 1742->1735 1750 7ff76d667ba8-7ff76d667bad call 7ff76d688d28 1743->1750 1751 7ff76d667b36 1743->1751 1753 7ff76d667b67-7ff76d667b7a 1744->1753 1754 7ff76d667b7f call 7ff76d6a5240 1744->1754 1766 7ff76d667c45-7ff76d667d4c call 7ff76d6a7bf0 call 7ff76d621d20 1746->1766 1767 7ff76d667c15-7ff76d667c3e call 7ff76d672ef0 call 7ff76d67e0a0 call 7ff76d631740 ExitProcess 1746->1767 1747->1740 1758 7ff76d667bae-7ff76d667bb3 call 7ff76d688d28 1750->1758 1751->1742 1757 7ff76d667b7c 1753->1757 1753->1758 1754->1745 1757->1754 1758->1695 1777 7ff76d667d50-7ff76d667d58 1766->1777 1777->1777 1778 7ff76d667d5a-7ff76d667dda call 7ff76d621d20 call 7ff76d664ef0 call 7ff76d66be40 call 7ff76d66afb0 1777->1778 1788 7ff76d667ddc-7ff76d667dee 1778->1788 1789 7ff76d667e0e-7ff76d667ee3 call 7ff76d66be40 call 7ff76d66c030 call 7ff76d66c0b0 call 7ff76d690120 call 7ff76d690118 call 7ff76d6655d0 call 7ff76d632590 call 7ff76d66c1c0 1778->1789 1790 7ff76d667e09 call 7ff76d6a5240 1788->1790 1791 7ff76d667df0-7ff76d667e03 1788->1791 1819 7ff76d667fce-7ff76d66805e call 7ff76d67b750 call 7ff76d654e60 1789->1819 1820 7ff76d667ee9-7ff76d667f32 call 7ff76d631bd0 call 7ff76d66c2b0 call 7ff76d6318c0 1789->1820 1790->1789 1791->1790 1793 7ff76d668257-7ff76d66825c call 7ff76d688d28 1791->1793 1801 7ff76d66825d-7ff76d668262 call 7ff76d688d28 1793->1801 1807 7ff76d668263-7ff76d668268 call 7ff76d688d28 1801->1807 1830 7ff76d668095-7ff76d6680d8 OpenMutexA 1819->1830 1831 7ff76d668060-7ff76d668075 1819->1831 1838 7ff76d667f38-7ff76d667f60 call 7ff76d65f820 call 7ff76d631320 1820->1838 1839 7ff76d667fc5-7ff76d667fc7 ExitProcess 1820->1839 1835 7ff76d6680da-7ff76d6680df ExitProcess 1830->1835 1836 7ff76d6680e6-7ff76d668126 CreateMutexExA call 7ff76d660970 call 7ff76d673030 1830->1836 1832 7ff76d668077-7ff76d66808a 1831->1832 1833 7ff76d668090 call 7ff76d6a5240 1831->1833 1832->1801 1832->1833 1833->1830 1848 7ff76d668128-7ff76d66812d ExitProcess 1836->1848 1849 7ff76d668134-7ff76d66818e call 7ff76d67ba60 call 7ff76d62d510 call 7ff76d62e5a0 call 7ff76d62ec50 call 7ff76d62fa60 call 7ff76d62c9c0 call 7ff76d6514c0 call 7ff76d6541a0 call 7ff76d622c20 call 7ff76d62ae00 call 7ff76d629820 call 7ff76d670550 call 7ff76d62bee0 call 7ff76d627810 call 7ff76d624ad0 call 7ff76d627b00 call 7ff76d678210 1836->1849 1850 7ff76d667fb8-7ff76d667fc0 call 7ff76d622b10 1838->1850 1851 7ff76d667f62-7ff76d667fb7 call 7ff76d6352c0 call 7ff76d631300 call 7ff76d661e50 call 7ff76d6352a0 call 7ff76d631290 call 7ff76d631990 1838->1851 1899 7ff76d668193-7ff76d6681a3 call 7ff76d662b90 1849->1899 1850->1839 1851->1850 1903 7ff76d6681b7-7ff76d6681be 1899->1903 1904 7ff76d6681a5-7ff76d6681b1 ReleaseMutex CloseHandle 1899->1904 1905 7ff76d6681c6-7ff76d6681d2 1903->1905 1906 7ff76d6681c0-7ff76d6681c5 call 7ff76d668270 1903->1906 1904->1903 1908 7ff76d668205-7ff76d668256 call 7ff76d6677f0 call 7ff76d6a5220 1905->1908 1909 7ff76d6681d4-7ff76d6681e9 1905->1909 1906->1905 1911 7ff76d6681eb-7ff76d6681fe 1909->1911 1912 7ff76d668200 call 7ff76d6a5240 1909->1912 1911->1807 1911->1912 1912->1908
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID: --key$--type$1.0$APPB:
                                • API String ID: 0-155154914
                                • Opcode ID: 37530bec965e337c4374fe987a11795c6172ab59ef2ccda900970f72c56cccd3
                                • Instruction ID: 932ab3ad39a7629202e49648f6b6fbd33f635758eb7a37560dbf22a270e91cae
                                • Opcode Fuzzy Hash: 37530bec965e337c4374fe987a11795c6172ab59ef2ccda900970f72c56cccd3
                                • Instruction Fuzzy Hash: 2D429232E2CAC6D1EA14EB65E4503EEE362FB857C0F805135D68D13A9AEF7CE4948711
                                Function 00007FF76D62D510 Relevance: 35.9, APIs: 17, Strings: 3, Instructions: 864libraryloaderCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1918 7ff76d62d510-7ff76d62d600 LoadLibraryA 1919 7ff76d62e4b7-7ff76d62e4c1 1918->1919 1920 7ff76d62d606-7ff76d62d9bf GetProcAddress * 6 1918->1920 1922 7ff76d62e4d0-7ff76d62e4d3 1919->1922 1923 7ff76d62e4c3-7ff76d62e4c5 1919->1923 1920->1919 1921 7ff76d62d9c5-7ff76d62d9c8 1920->1921 1921->1919 1926 7ff76d62d9ce-7ff76d62d9d1 1921->1926 1924 7ff76d62e4de-7ff76d62e50d call 7ff76d6a5220 1922->1924 1925 7ff76d62e4d5-7ff76d62e4d8 FreeLibrary 1922->1925 1923->1922 1925->1924 1926->1919 1929 7ff76d62d9d7-7ff76d62d9da 1926->1929 1929->1919 1931 7ff76d62d9e0-7ff76d62d9e3 1929->1931 1931->1919 1932 7ff76d62d9e9-7ff76d62d9ec 1931->1932 1932->1919 1933 7ff76d62d9f2-7ff76d62da00 1932->1933 1934 7ff76d62da04-7ff76d62da06 1933->1934 1934->1919 1935 7ff76d62da0c-7ff76d62da18 1934->1935 1935->1919 1936 7ff76d62da1e 1935->1936 1937 7ff76d62da23-7ff76d62da3e 1936->1937 1939 7ff76d62e49e-7ff76d62e4aa 1937->1939 1940 7ff76d62da44-7ff76d62da62 1937->1940 1939->1937 1941 7ff76d62e4b0 1939->1941 1940->1939 1943 7ff76d62da68-7ff76d62da7a 1940->1943 1941->1919 1944 7ff76d62da80 1943->1944 1945 7ff76d62e485-7ff76d62e497 1943->1945 1946 7ff76d62da84-7ff76d62dad5 call 7ff76d6a54e0 1944->1946 1945->1939 1951 7ff76d62dadb-7ff76d62dae2 1946->1951 1952 7ff76d62dd54 1946->1952 1951->1952 1953 7ff76d62dae8-7ff76d62dbdb call 7ff76d661a40 call 7ff76d6340b0 call 7ff76d634380 1951->1953 1954 7ff76d62dd56-7ff76d62dd5d 1952->1954 1979 7ff76d62dbe2-7ff76d62dbea 1953->1979 1956 7ff76d62dd63-7ff76d62dd6a 1954->1956 1957 7ff76d62dfd4-7ff76d62e010 1954->1957 1956->1957 1958 7ff76d62dd70-7ff76d62de5e call 7ff76d661a40 call 7ff76d6340b0 call 7ff76d634380 1956->1958 1965 7ff76d62e2a7-7ff76d62e2a9 1957->1965 1966 7ff76d62e016-7ff76d62e024 1957->1966 1991 7ff76d62de65-7ff76d62de6d 1958->1991 1971 7ff76d62e457-7ff76d62e46d call 7ff76d630120 1965->1971 1972 7ff76d62e2af-7ff76d62e3d4 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 call 7ff76d6a54e0 call 7ff76d64a460 1965->1972 1969 7ff76d62e02a-7ff76d62e031 1966->1969 1970 7ff76d62e2a0-7ff76d62e2a3 1966->1970 1969->1970 1977 7ff76d62e037-7ff76d62e12c call 7ff76d661a40 call 7ff76d6340b0 call 7ff76d634380 1969->1977 1970->1965 1975 7ff76d62e2a5 1970->1975 1986 7ff76d62da82 1971->1986 1987 7ff76d62e473-7ff76d62e47e 1971->1987 2064 7ff76d62e3e0-7ff76d62e3f9 call 7ff76d632620 1972->2064 2065 7ff76d62e3d6-7ff76d62e3d8 1972->2065 1975->1965 2008 7ff76d62e130-7ff76d62e137 1977->2008 1979->1979 1984 7ff76d62dbec-7ff76d62dc46 call 7ff76d621d20 call 7ff76d6355e0 call 7ff76d632e00 1979->1984 2015 7ff76d62dc79-7ff76d62dca3 1984->2015 2016 7ff76d62dc48-7ff76d62dc59 1984->2016 1986->1946 1987->1945 1991->1991 1995 7ff76d62de6f-7ff76d62dec8 call 7ff76d621d20 call 7ff76d6355e0 call 7ff76d632e00 1991->1995 2034 7ff76d62deca-7ff76d62dedb 1995->2034 2035 7ff76d62defb-7ff76d62df25 1995->2035 2008->2008 2013 7ff76d62e139-7ff76d62e192 call 7ff76d621d20 call 7ff76d6355e0 call 7ff76d632e00 2008->2013 2073 7ff76d62e1c5-7ff76d62e1ee 2013->2073 2074 7ff76d62e194-7ff76d62e1a5 2013->2074 2019 7ff76d62dcdb-7ff76d62dd01 2015->2019 2020 7ff76d62dca5-7ff76d62dcb9 2015->2020 2022 7ff76d62dc5b-7ff76d62dc6e 2016->2022 2023 7ff76d62dc74 call 7ff76d6a5240 2016->2023 2030 7ff76d62dd39-7ff76d62dd52 2019->2030 2031 7ff76d62dd03-7ff76d62dd17 2019->2031 2027 7ff76d62dcbb-7ff76d62dcce 2020->2027 2028 7ff76d62dcd4-7ff76d62dcd9 call 7ff76d6a5240 2020->2028 2022->2023 2032 7ff76d62e56c-7ff76d62e571 call 7ff76d688d28 2022->2032 2023->2015 2027->2028 2039 7ff76d62e572-7ff76d62e577 call 7ff76d688d28 2027->2039 2028->2019 2030->1954 2045 7ff76d62dd19-7ff76d62dd2c 2031->2045 2046 7ff76d62dd32-7ff76d62dd37 call 7ff76d6a5240 2031->2046 2032->2039 2036 7ff76d62dedd-7ff76d62def0 2034->2036 2037 7ff76d62def6 call 7ff76d6a5240 2034->2037 2042 7ff76d62df27-7ff76d62df3b 2035->2042 2043 7ff76d62df5d-7ff76d62df83 2035->2043 2036->2037 2047 7ff76d62e57e-7ff76d62e583 call 7ff76d688d28 2036->2047 2037->2035 2055 7ff76d62e578-7ff76d62e57d call 7ff76d688d28 2039->2055 2052 7ff76d62df3d-7ff76d62df50 2042->2052 2053 7ff76d62df56-7ff76d62df5b call 7ff76d6a5240 2042->2053 2057 7ff76d62dfbb-7ff76d62dfcd 2043->2057 2058 7ff76d62df85-7ff76d62df99 2043->2058 2045->2046 2045->2055 2046->2030 2066 7ff76d62e584-7ff76d62e589 call 7ff76d688d28 2047->2066 2052->2053 2052->2066 2053->2043 2055->2047 2057->1957 2068 7ff76d62df9b-7ff76d62dfae 2058->2068 2069 7ff76d62dfb4-7ff76d62dfb9 call 7ff76d6a5240 2058->2069 2086 7ff76d62e3fd-7ff76d62e409 2064->2086 2075 7ff76d62e3de 2065->2075 2076 7ff76d62e514-7ff76d62e565 call 7ff76d6327e0 call 7ff76d636310 call 7ff76d6363e0 call 7ff76d6a8404 2065->2076 2079 7ff76d62e58a-7ff76d62e58f call 7ff76d688d28 2066->2079 2068->2069 2068->2079 2069->2057 2087 7ff76d62e1f0-7ff76d62e204 2073->2087 2088 7ff76d62e224-7ff76d62e24a 2073->2088 2083 7ff76d62e1a7-7ff76d62e1ba 2074->2083 2084 7ff76d62e1c0 call 7ff76d6a5240 2074->2084 2075->2086 2110 7ff76d62e566-7ff76d62e56b call 7ff76d688d28 2076->2110 2092 7ff76d62e590-7ff76d62e595 call 7ff76d688d28 2079->2092 2083->2084 2083->2092 2084->2073 2097 7ff76d62e40b-7ff76d62e42e 2086->2097 2098 7ff76d62e430-7ff76d62e43a call 7ff76d63b840 2086->2098 2095 7ff76d62e21f call 7ff76d6a5240 2087->2095 2096 7ff76d62e206-7ff76d62e219 2087->2096 2100 7ff76d62e24c-7ff76d62e260 2088->2100 2101 7ff76d62e280-7ff76d62e299 2088->2101 2095->2088 2096->2095 2103 7ff76d62e50e-7ff76d62e513 call 7ff76d688d28 2096->2103 2105 7ff76d62e43f-7ff76d62e450 call 7ff76d632e00 2097->2105 2098->2105 2108 7ff76d62e27b call 7ff76d6a5240 2100->2108 2109 7ff76d62e262-7ff76d62e275 2100->2109 2101->1970 2103->2076 2105->1971 2108->2101 2109->2108 2109->2110 2110->2032
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$AddressProc$Library$FreeLoad
                                • String ID: cannot use push_back() with $system$vault
                                • API String ID: 2463004387-1741236777
                                • Opcode ID: 1ea414b87033da06aa110d05bf6cdcd166eecbfa065522dcbb495f8999a22835
                                • Instruction ID: b11bedcfc6b139c8a517c251e13b484493c84ab336d3d11c7de0c4f8fff5ba9a
                                • Opcode Fuzzy Hash: 1ea414b87033da06aa110d05bf6cdcd166eecbfa065522dcbb495f8999a22835
                                • Instruction Fuzzy Hash: 72926B32A19BC58ADB609F25E8403EDB3B5F789798F504235EA9C57B99EF78C244C700
                                Function 00007FF76D651A80 Relevance: 28.6, APIs: 11, Strings: 5, Instructions: 571COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2125 7ff76d651a80-7ff76d652394 call 7ff76d6203b0 * 2 2133 7ff76d6527a8-7ff76d6527d2 call 7ff76d6a5220 2125->2133 2134 7ff76d65239a-7ff76d65275f call 7ff76d61f020 call 7ff76d61eeb0 call 7ff76d654a50 call 7ff76d672b90 call 7ff76d622bb0 2125->2134 2150 7ff76d652791-7ff76d6527a1 2134->2150 2151 7ff76d652761-7ff76d652775 2134->2151 2150->2133 2152 7ff76d65278c call 7ff76d6a5240 2151->2152 2153 7ff76d652777-7ff76d65278a 2151->2153 2152->2150 2153->2152 2154 7ff76d6527d3-7ff76d652dad call 7ff76d688d28 call 7ff76d6327e0 call 7ff76d636310 call 7ff76d6363e0 call 7ff76d6a8404 call 7ff76d61fb70 * 3 call 7ff76d688d28 * 4 call 7ff76d61fb70 call 7ff76d688d28 * 2 call 7ff76d61ea20 call 7ff76d688d28 call 7ff76d61fb70 call 7ff76d688d28 * 2 call 7ff76d61ea20 call 7ff76d61f020 call 7ff76d61eeb0 2153->2154 2204 7ff76d652db0-7ff76d652db7 2154->2204 2204->2204 2205 7ff76d652db9-7ff76d652f79 call 7ff76d63de60 call 7ff76d61f320 call 7ff76d61f3f0 2204->2205 2212 7ff76d652f80-7ff76d652f88 2205->2212 2212->2212 2213 7ff76d652f8a-7ff76d65304b call 7ff76d621d20 call 7ff76d63de60 call 7ff76d626c10 call 7ff76d61ec60 call 7ff76d671f20 2212->2213 2223 7ff76d653050-7ff76d653329 call 7ff76d61f3f0 * 2 call 7ff76d631d90 2213->2223 2230 7ff76d653330-7ff76d653337 2223->2230 2230->2230 2231 7ff76d653339-7ff76d653362 call 7ff76d636070 2230->2231 2234 7ff76d653368-7ff76d653377 call 7ff76d620310 2231->2234 2235 7ff76d653d49-7ff76d653d54 2231->2235 2234->2235 2245 7ff76d65337d-7ff76d653432 2234->2245 2237 7ff76d653d8e-7ff76d653db1 2235->2237 2238 7ff76d653d56-7ff76d653d60 2235->2238 2239 7ff76d653db3-7ff76d653dbc 2237->2239 2240 7ff76d653dd0-7ff76d653e53 call 7ff76d622bb0 call 7ff76d631990 call 7ff76d61f3f0 call 7ff76d631990 call 7ff76d6a5220 2237->2240 2238->2237 2242 7ff76d653d62-7ff76d653d6a 2238->2242 2239->2240 2250 7ff76d653dbe-7ff76d653dcf 2239->2250 2243 7ff76d653d70-7ff76d653d73 2242->2243 2243->2237 2246 7ff76d653d75-7ff76d653d8c 2243->2246 2245->2235 2249 7ff76d653e66-7ff76d653ee6 call 7ff76d61ea20 call 7ff76d61fbe0 call 7ff76d61fb70 call 7ff76d688d28 call 7ff76d651850 2245->2249 2246->2243 2250->2240
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
                                • API String ID: 0-2713369562
                                • Opcode ID: baa696ad5cd76eb19276f8acb3fb410db83ae414b653db0f685a07237c69f330
                                • Instruction ID: 072187c270283e1d6477932d5a4b08be30cda009e3698a46eb6c1d7ee1b9e987
                                • Opcode Fuzzy Hash: baa696ad5cd76eb19276f8acb3fb410db83ae414b653db0f685a07237c69f330
                                • Instruction Fuzzy Hash: 9952483291DBC5C4E671AB15E8813EAB3A5FB89784F805235DACC42B59EF7CD184CB50
                                Function 00007FF76D6AC138 Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2272 7ff76d6ac138-7ff76d6ac178 2273 7ff76d6ac17a-7ff76d6ac181 2272->2273 2274 7ff76d6ac18d-7ff76d6ac196 2272->2274 2273->2274 2277 7ff76d6ac183-7ff76d6ac188 2273->2277 2275 7ff76d6ac1b2-7ff76d6ac1b4 2274->2275 2276 7ff76d6ac198-7ff76d6ac19b 2274->2276 2280 7ff76d6ac40a 2275->2280 2281 7ff76d6ac1ba-7ff76d6ac1be 2275->2281 2276->2275 2279 7ff76d6ac19d-7ff76d6ac1a5 2276->2279 2278 7ff76d6ac40c-7ff76d6ac432 call 7ff76d6a5220 2277->2278 2283 7ff76d6ac1a7-7ff76d6ac1a9 2279->2283 2284 7ff76d6ac1ab-7ff76d6ac1ae 2279->2284 2280->2278 2285 7ff76d6ac295-7ff76d6ac2bc call 7ff76d6ac50c 2281->2285 2286 7ff76d6ac1c4-7ff76d6ac1c7 2281->2286 2283->2275 2283->2284 2284->2275 2296 7ff76d6ac2de-7ff76d6ac2e7 2285->2296 2297 7ff76d6ac2be-7ff76d6ac2c7 2285->2297 2289 7ff76d6ac1c9-7ff76d6ac1d1 2286->2289 2290 7ff76d6ac1db-7ff76d6ac1ed GetFileAttributesExW 2286->2290 2289->2290 2292 7ff76d6ac1d3-7ff76d6ac1d5 2289->2292 2293 7ff76d6ac1ef-7ff76d6ac1f8 GetLastError 2290->2293 2294 7ff76d6ac240-7ff76d6ac24f 2290->2294 2292->2285 2292->2290 2293->2278 2298 7ff76d6ac1fe-7ff76d6ac210 FindFirstFileW 2293->2298 2295 7ff76d6ac253-7ff76d6ac255 2294->2295 2299 7ff76d6ac261-7ff76d6ac28f 2295->2299 2300 7ff76d6ac257-7ff76d6ac25f 2295->2300 2303 7ff76d6ac2ed-7ff76d6ac305 GetFileInformationByHandleEx 2296->2303 2304 7ff76d6ac39b-7ff76d6ac3a4 2296->2304 2301 7ff76d6ac2c9-7ff76d6ac2d1 CloseHandle 2297->2301 2302 7ff76d6ac2d7-7ff76d6ac2d9 2297->2302 2305 7ff76d6ac212-7ff76d6ac218 GetLastError 2298->2305 2306 7ff76d6ac21d-7ff76d6ac23e FindClose 2298->2306 2299->2280 2299->2285 2300->2285 2300->2299 2301->2302 2307 7ff76d6ac44d-7ff76d6ac452 call 7ff76d69876c 2301->2307 2302->2278 2310 7ff76d6ac307-7ff76d6ac313 GetLastError 2303->2310 2311 7ff76d6ac32d-7ff76d6ac346 2303->2311 2308 7ff76d6ac3a6-7ff76d6ac3ba GetFileInformationByHandleEx 2304->2308 2309 7ff76d6ac3f3-7ff76d6ac3f5 2304->2309 2305->2278 2306->2295 2332 7ff76d6ac453-7ff76d6ac458 call 7ff76d69876c 2307->2332 2313 7ff76d6ac3e0-7ff76d6ac3f0 2308->2313 2314 7ff76d6ac3bc-7ff76d6ac3c8 GetLastError 2308->2314 2317 7ff76d6ac433-7ff76d6ac437 2309->2317 2318 7ff76d6ac3f7-7ff76d6ac3fb 2309->2318 2315 7ff76d6ac315-7ff76d6ac320 CloseHandle 2310->2315 2316 7ff76d6ac326-7ff76d6ac328 2310->2316 2311->2304 2319 7ff76d6ac348-7ff76d6ac34c 2311->2319 2313->2309 2314->2316 2325 7ff76d6ac3ce-7ff76d6ac3d9 CloseHandle 2314->2325 2315->2316 2326 7ff76d6ac45f-7ff76d6ac467 call 7ff76d69876c 2315->2326 2316->2278 2322 7ff76d6ac446-7ff76d6ac44b 2317->2322 2323 7ff76d6ac439-7ff76d6ac444 CloseHandle 2317->2323 2318->2280 2327 7ff76d6ac3fd-7ff76d6ac408 CloseHandle 2318->2327 2320 7ff76d6ac394 2319->2320 2321 7ff76d6ac34e-7ff76d6ac368 GetFileInformationByHandleEx 2319->2321 2331 7ff76d6ac398 2320->2331 2328 7ff76d6ac36a-7ff76d6ac376 GetLastError 2321->2328 2329 7ff76d6ac38b-7ff76d6ac392 2321->2329 2322->2278 2323->2307 2323->2322 2333 7ff76d6ac459-7ff76d6ac45e call 7ff76d69876c 2325->2333 2334 7ff76d6ac3db 2325->2334 2327->2280 2327->2307 2328->2316 2335 7ff76d6ac378-7ff76d6ac383 CloseHandle 2328->2335 2329->2331 2331->2304 2332->2333 2333->2326 2334->2316 2335->2332 2339 7ff76d6ac389 2335->2339 2339->2316
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                                • String ID:
                                • API String ID: 2398595512-0
                                • Opcode ID: d61a8205c22dd417f485a3e9fb419a33c3a905dc4861a856e94f2a43c5fae776
                                • Instruction ID: 38b545287858587de28a5881a97082ff7aa8f03c16fdce1e9fe9ade098befb2d
                                • Opcode Fuzzy Hash: d61a8205c22dd417f485a3e9fb419a33c3a905dc4861a856e94f2a43c5fae776
                                • Instruction Fuzzy Hash: A3918535F2CA03C6E674AB15A814679A392AF557F0F9D0330D9BE47AD4EE3CE8018660
                                Function 00007FF76D621D4E Relevance: 27.1, APIs: 10, Strings: 5, Instructions: 804COMMON
                                Download Yara Rule

                                Control-flow Graph

                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID: content$directory_iterator::directory_iterator$exists$filename$status
                                • API String ID: 0-3429737954
                                • Opcode ID: f72b44e5f63ad384debeb5166e6e59b33fc48c263dc904b0b84a5255a8d13743
                                • Instruction ID: fa2c19993cbd121633c144ce9ecce7e3716f122bc491612db4154351d1499327
                                • Opcode Fuzzy Hash: f72b44e5f63ad384debeb5166e6e59b33fc48c263dc904b0b84a5255a8d13743
                                • Instruction Fuzzy Hash: 1A828222E29BC6C5EB20EF25D8843ED6362FB89794F845231DA4D47A99FF78D644C310
                                Function 00007FF76D62C9C0 Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 668COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2426 7ff76d62c9c0-7ff76d62ca2a CredEnumerateA 2427 7ff76d62d43a-7ff76d62d469 call 7ff76d6a5220 2426->2427 2428 7ff76d62ca30-7ff76d62ca39 2426->2428 2430 7ff76d62d42d-7ff76d62d434 CredFree 2428->2430 2431 7ff76d62ca3f-7ff76d62ca57 2428->2431 2430->2427 2433 7ff76d62ca60-7ff76d62cab2 call 7ff76d6a54e0 2431->2433 2436 7ff76d62cab8-7ff76d62cadc 2433->2436 2437 7ff76d62ccee-7ff76d62ccf5 2433->2437 2438 7ff76d62cae0-7ff76d62cae8 2436->2438 2439 7ff76d62ccfb-7ff76d62cd1b 2437->2439 2440 7ff76d62cf4f-7ff76d62cf56 2437->2440 2438->2438 2441 7ff76d62caea-7ff76d62cb9d call 7ff76d621d20 call 7ff76d6340b0 call 7ff76d634380 2438->2441 2442 7ff76d62cd22-7ff76d62cd2a 2439->2442 2443 7ff76d62d19c-7ff76d62d19f 2440->2443 2444 7ff76d62cf5c-7ff76d62d03e call 7ff76d621d20 call 7ff76d6340b0 call 7ff76d634380 2440->2444 2473 7ff76d62cba4-7ff76d62cbac 2441->2473 2442->2442 2448 7ff76d62cd2c-7ff76d62cdea call 7ff76d621d20 call 7ff76d6340b0 call 7ff76d634380 2442->2448 2445 7ff76d62d411-7ff76d62d427 call 7ff76d630120 2443->2445 2446 7ff76d62d1a5-7ff76d62d229 2443->2446 2475 7ff76d62d045-7ff76d62d04d 2444->2475 2445->2430 2445->2433 2451 7ff76d62d230-7ff76d62d238 2446->2451 2478 7ff76d62cdf1-7ff76d62cdf9 2448->2478 2451->2451 2456 7ff76d62d23a-7ff76d62d2ec call 7ff76d621d20 call 7ff76d630ac0 2451->2456 2476 7ff76d62d2f0-7ff76d62d2f8 2456->2476 2473->2473 2477 7ff76d62cbae-7ff76d62cc07 call 7ff76d621d20 call 7ff76d6355e0 call 7ff76d632e00 2473->2477 2475->2475 2479 7ff76d62d04f-7ff76d62d0a8 call 7ff76d621d20 call 7ff76d6355e0 call 7ff76d632e00 2475->2479 2476->2476 2480 7ff76d62d2fa-7ff76d62d398 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 call 7ff76d6a54e0 call 7ff76d64a460 2476->2480 2505 7ff76d62cc09-7ff76d62cc1a 2477->2505 2506 7ff76d62cc3a-7ff76d62cc5d 2477->2506 2478->2478 2482 7ff76d62cdfb-7ff76d62ce54 call 7ff76d621d20 call 7ff76d6355e0 call 7ff76d632e00 2478->2482 2508 7ff76d62d0aa-7ff76d62d0bb 2479->2508 2509 7ff76d62d0db-7ff76d62d0fb 2479->2509 2569 7ff76d62d39a-7ff76d62d39c 2480->2569 2570 7ff76d62d3a4-7ff76d62d3b7 call 7ff76d632620 2480->2570 2513 7ff76d62ce87-7ff76d62cead 2482->2513 2514 7ff76d62ce56-7ff76d62ce67 2482->2514 2511 7ff76d62cc1c-7ff76d62cc2f 2505->2511 2512 7ff76d62cc35 call 7ff76d6a5240 2505->2512 2517 7ff76d62cc5f-7ff76d62cc70 2506->2517 2518 7ff76d62cc90-7ff76d62cca8 2506->2518 2515 7ff76d62d0bd-7ff76d62d0d0 2508->2515 2516 7ff76d62d0d6 call 7ff76d6a5240 2508->2516 2519 7ff76d62d0fd-7ff76d62d111 2509->2519 2520 7ff76d62d131-7ff76d62d153 2509->2520 2511->2512 2522 7ff76d62d4c2-7ff76d62d4c7 call 7ff76d688d28 2511->2522 2512->2506 2528 7ff76d62ceaf-7ff76d62cec3 2513->2528 2529 7ff76d62cee3-7ff76d62cf05 2513->2529 2523 7ff76d62ce69-7ff76d62ce7c 2514->2523 2524 7ff76d62ce82 call 7ff76d6a5240 2514->2524 2515->2516 2525 7ff76d62d4e6-7ff76d6357bd call 7ff76d688d28 2515->2525 2516->2509 2530 7ff76d62cc8b call 7ff76d6a5240 2517->2530 2531 7ff76d62cc72-7ff76d62cc85 2517->2531 2534 7ff76d62ccaa-7ff76d62ccbb 2518->2534 2535 7ff76d62ccdb-7ff76d62cceb 2518->2535 2532 7ff76d62d12c call 7ff76d6a5240 2519->2532 2533 7ff76d62d113-7ff76d62d126 2519->2533 2536 7ff76d62d187-7ff76d62d19a 2520->2536 2537 7ff76d62d155-7ff76d62d167 2520->2537 2544 7ff76d62d4c8-7ff76d62d4cd call 7ff76d688d28 2522->2544 2523->2524 2539 7ff76d62d4d4-7ff76d62d4d9 call 7ff76d688d28 2523->2539 2524->2513 2587 7ff76d6357f1-7ff76d635804 2525->2587 2588 7ff76d6357bf 2525->2588 2542 7ff76d62cede call 7ff76d6a5240 2528->2542 2543 7ff76d62cec5-7ff76d62ced8 2528->2543 2548 7ff76d62cf39-7ff76d62cf4c 2529->2548 2549 7ff76d62cf07-7ff76d62cf19 2529->2549 2530->2518 2531->2530 2531->2544 2532->2520 2533->2532 2545 7ff76d62d46a-7ff76d62d46f call 7ff76d688d28 2533->2545 2550 7ff76d62ccbd-7ff76d62ccd0 2534->2550 2551 7ff76d62ccd6 call 7ff76d6a5240 2534->2551 2535->2437 2536->2446 2552 7ff76d62d169-7ff76d62d17c 2537->2552 2553 7ff76d62d182 call 7ff76d6a5240 2537->2553 2557 7ff76d62d4da-7ff76d62d4df call 7ff76d688d28 2539->2557 2542->2529 2543->2542 2543->2557 2562 7ff76d62d4ce-7ff76d62d4d3 call 7ff76d688d28 2544->2562 2581 7ff76d62d470-7ff76d62d4bb call 7ff76d6327e0 call 7ff76d636310 call 7ff76d6363e0 call 7ff76d6a8404 2545->2581 2548->2440 2560 7ff76d62cf1b-7ff76d62cf2e 2549->2560 2561 7ff76d62cf34 call 7ff76d6a5240 2549->2561 2550->2551 2550->2562 2551->2535 2552->2553 2563 7ff76d62d4bc-7ff76d62d4c1 call 7ff76d688d28 2552->2563 2553->2536 2573 7ff76d62d4e0-7ff76d62d4e5 call 7ff76d688d28 2557->2573 2560->2561 2560->2573 2561->2548 2562->2539 2563->2522 2580 7ff76d62d3a2 2569->2580 2569->2581 2590 7ff76d62d3bb-7ff76d62d3c7 2570->2590 2573->2525 2580->2590 2581->2563 2589 7ff76d6357c0-7ff76d6357ef call 7ff76d637af0 call 7ff76d641b50 call 7ff76d6a5240 2588->2589 2589->2587 2595 7ff76d62d3c9-7ff76d62d3e8 2590->2595 2596 7ff76d62d3ea-7ff76d62d3f4 call 7ff76d63b840 2590->2596 2600 7ff76d62d3f9-7ff76d62d407 call 7ff76d632e00 2595->2600 2596->2600 2600->2445
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$Cred$EnumerateFree
                                • String ID: cannot use push_back() with
                                • API String ID: 1347986415-4122110429
                                • Opcode ID: 313090f729bf93b01659435f84f566bce3f38d1441092de9202f4dc5bf61f37a
                                • Instruction ID: 3450fc12f554e7ad75be74d398fcc528fc31d984ca78bac7b1fa83752fda630b
                                • Opcode Fuzzy Hash: 313090f729bf93b01659435f84f566bce3f38d1441092de9202f4dc5bf61f37a
                                • Instruction Fuzzy Hash: 0F627032A18BC5C9E7209F25E8403ED7762FB89798F905335DAAD07A99EF78D184C710
                                Function 00007FF76D682150 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 421COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2614 7ff76d682150-7ff76d682191 2615 7ff76d68246d-7ff76d6824a7 call 7ff76d6857d0 call 7ff76d6827f0 2614->2615 2616 7ff76d682197-7ff76d6821c1 call 7ff76d6a7bf0 2614->2616 2625 7ff76d6824ac-7ff76d6824b2 2615->2625 2621 7ff76d6821c3-7ff76d6821cc 2616->2621 2622 7ff76d6821d0-7ff76d682209 call 7ff76d655c60 call 7ff76d684930 call 7ff76d6827f0 2616->2622 2621->2622 2656 7ff76d6823b0-7ff76d6823b7 2622->2656 2657 7ff76d68220f-7ff76d682294 call 7ff76d621d20 call 7ff76d655dc0 call 7ff76d659600 call 7ff76d656340 2622->2657 2628 7ff76d6824b8-7ff76d682533 call 7ff76d621d20 call 7ff76d655dc0 call 7ff76d659600 call 7ff76d656340 2625->2628 2629 7ff76d68264f-7ff76d682653 2625->2629 2681 7ff76d68278e-7ff76d6827aa call 7ff76d654a10 call 7ff76d6a8404 2628->2681 2682 7ff76d682539-7ff76d682541 2628->2682 2632 7ff76d68271c-7ff76d682723 2629->2632 2633 7ff76d682659-7ff76d6826b6 call 7ff76d632620 call 7ff76d632e00 2629->2633 2635 7ff76d6826f5-7ff76d68271b call 7ff76d6a5220 2632->2635 2636 7ff76d682725-7ff76d68273a 2632->2636 2633->2635 2659 7ff76d6826b8-7ff76d6826cd 2633->2659 2641 7ff76d68273c-7ff76d68274f 2636->2641 2642 7ff76d6826e4-7ff76d6826f0 call 7ff76d6a5240 2636->2642 2649 7ff76d682759-7ff76d68275e call 7ff76d688d28 2641->2649 2650 7ff76d682751 2641->2650 2642->2635 2668 7ff76d68275f-7ff76d68277b call 7ff76d654a10 call 7ff76d6a8404 2649->2668 2650->2642 2662 7ff76d6823b9-7ff76d6823ff call 7ff76d632620 2656->2662 2663 7ff76d682401-7ff76d682404 2656->2663 2657->2668 2709 7ff76d68229a-7ff76d6822a2 2657->2709 2659->2642 2667 7ff76d6826cf-7ff76d6826e2 2659->2667 2677 7ff76d68244c-7ff76d68245b call 7ff76d632e00 2662->2677 2665 7ff76d68245c-7ff76d682468 call 7ff76d655a80 2663->2665 2666 7ff76d682406-7ff76d682447 call 7ff76d632620 2663->2666 2665->2635 2666->2677 2667->2642 2667->2649 2699 7ff76d68277c-7ff76d682781 call 7ff76d688d28 2668->2699 2677->2665 2700 7ff76d6827ab-7ff76d6827b0 call 7ff76d688d28 2681->2700 2688 7ff76d682574-7ff76d6825b9 call 7ff76d6a71f4 * 2 2682->2688 2689 7ff76d682543-7ff76d682554 2682->2689 2712 7ff76d6825ed-7ff76d682608 2688->2712 2713 7ff76d6825bb-7ff76d6825cd 2688->2713 2694 7ff76d682556-7ff76d682569 2689->2694 2695 7ff76d68256f call 7ff76d6a5240 2689->2695 2694->2695 2694->2700 2695->2688 2717 7ff76d682782-7ff76d682787 call 7ff76d688d28 2699->2717 2716 7ff76d6827b1-7ff76d6827d6 call 7ff76d688d28 2700->2716 2714 7ff76d6822d6-7ff76d68231c call 7ff76d6a71f4 * 2 2709->2714 2715 7ff76d6822a4-7ff76d6822b6 2709->2715 2720 7ff76d68263c-7ff76d68264a 2712->2720 2721 7ff76d68260a-7ff76d68261c 2712->2721 2718 7ff76d6825e8 call 7ff76d6a5240 2713->2718 2719 7ff76d6825cf-7ff76d6825e2 2713->2719 2746 7ff76d68231e-7ff76d68232f 2714->2746 2747 7ff76d68234f-7ff76d682369 2714->2747 2722 7ff76d6822b8-7ff76d6822cb 2715->2722 2723 7ff76d6822d1 call 7ff76d6a5240 2715->2723 2737 7ff76d6827d8-7ff76d6827dd call 7ff76d6a5240 2716->2737 2738 7ff76d6827e2-7ff76d6827ea 2716->2738 2739 7ff76d682788-7ff76d68278d call 7ff76d688d28 2717->2739 2718->2712 2719->2716 2719->2718 2720->2629 2728 7ff76d68261e-7ff76d682631 2721->2728 2729 7ff76d682637 call 7ff76d6a5240 2721->2729 2722->2699 2722->2723 2723->2714 2728->2729 2735 7ff76d682753-7ff76d682758 call 7ff76d688d28 2728->2735 2729->2720 2735->2649 2737->2738 2739->2681 2748 7ff76d68234a call 7ff76d6a5240 2746->2748 2749 7ff76d682331-7ff76d682344 2746->2749 2750 7ff76d68239d-7ff76d6823ab 2747->2750 2751 7ff76d68236b-7ff76d68237d 2747->2751 2748->2747 2749->2717 2749->2748 2750->2656 2753 7ff76d682398 call 7ff76d6a5240 2751->2753 2754 7ff76d68237f-7ff76d682392 2751->2754 2753->2750 2754->2739 2754->2753
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
                                • String ID: value
                                • API String ID: 1346393832-494360628
                                • Opcode ID: febe89cee9fabced139ff552026d4de5017502df10622a41fb6033d7a37dffde
                                • Instruction ID: 81486ae9f73c1253c29bd350c89814fbea51721cd9bf1302b8d319221834ee6a
                                • Opcode Fuzzy Hash: febe89cee9fabced139ff552026d4de5017502df10622a41fb6033d7a37dffde
                                • Instruction Fuzzy Hash: B712A722E2CBC1C5EB10DB75D4443ADA762EB997E4F945331EA9D02AD9EF6CD184C320
                                Function 00007FF76D678210 Relevance: 19.9, APIs: 13, Instructions: 431networkCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2812 7ff76d678210-7ff76d67826d call 7ff76d6a6060 call 7ff76d67fc70 2817 7ff76d678272-7ff76d6782b9 call 7ff76d6340b0 call 7ff76d633d90 2812->2817 2818 7ff76d67826f 2812->2818 2823 7ff76d6782ed-7ff76d67830c 2817->2823 2824 7ff76d6782bb-7ff76d6782cd 2817->2824 2818->2817 2825 7ff76d67830e-7ff76d678323 2823->2825 2826 7ff76d678343-7ff76d6783d1 call 7ff76d674540 call 7ff76d6a7bf0 2823->2826 2827 7ff76d6782e8 call 7ff76d6a5240 2824->2827 2828 7ff76d6782cf-7ff76d6782e2 2824->2828 2829 7ff76d67833e call 7ff76d6a5240 2825->2829 2830 7ff76d678325-7ff76d678338 2825->2830 2844 7ff76d6783d6-7ff76d6783f9 recv 2826->2844 2827->2823 2828->2827 2832 7ff76d678a0d-7ff76d678a12 call 7ff76d688d28 2828->2832 2829->2826 2830->2829 2834 7ff76d678a13-7ff76d678a18 call 7ff76d688d28 2830->2834 2832->2834 2843 7ff76d678a19-7ff76d678a1e call 7ff76d688d28 2834->2843 2854 7ff76d678a1f-7ff76d678a24 call 7ff76d688d28 2843->2854 2846 7ff76d6784d0-7ff76d6784fe 2844->2846 2847 7ff76d6783ff-7ff76d678408 2844->2847 2848 7ff76d678504-7ff76d678512 call 7ff76d68f800 2846->2848 2849 7ff76d67881f-7ff76d678837 2846->2849 2851 7ff76d67840a-7ff76d678446 call 7ff76d6a7540 2847->2851 2852 7ff76d678448-7ff76d678464 call 7ff76d637860 2847->2852 2867 7ff76d678518-7ff76d67851b 2848->2867 2868 7ff76d678813-7ff76d678819 2848->2868 2856 7ff76d67883d-7ff76d6788aa call 7ff76d638e20 call 7ff76d674540 2849->2856 2857 7ff76d678a31-7ff76d678a36 call 7ff76d61d450 2849->2857 2859 7ff76d678469-7ff76d678478 2851->2859 2852->2859 2875 7ff76d678a25-7ff76d678a2a call 7ff76d688d28 2854->2875 2881 7ff76d6788de-7ff76d6788f1 2856->2881 2882 7ff76d6788ac-7ff76d6788be 2856->2882 2874 7ff76d678a37-7ff76d678a3c call 7ff76d688d28 2857->2874 2865 7ff76d67847a-7ff76d67848a 2859->2865 2866 7ff76d67848f-7ff76d6784c8 2859->2866 2865->2844 2866->2846 2867->2868 2873 7ff76d678521-7ff76d6785ca call 7ff76d6350b0 call 7ff76d654ee0 call 7ff76d632620 call 7ff76d6745d0 call 7ff76d67fc70 2867->2873 2868->2848 2868->2849 2921 7ff76d6785cc 2873->2921 2922 7ff76d6785cf-7ff76d67865b call 7ff76d6340b0 call 7ff76d632c10 call 7ff76d674540 2873->2922 2890 7ff76d678a3d-7ff76d678a42 call 7ff76d688d28 2874->2890 2885 7ff76d678a2b-7ff76d678a30 call 7ff76d688d28 2875->2885 2888 7ff76d6788f3-7ff76d678919 recv 2881->2888 2886 7ff76d6788d9 call 7ff76d6a5240 2882->2886 2887 7ff76d6788c0-7ff76d6788d3 2882->2887 2885->2857 2886->2881 2887->2874 2887->2886 2891 7ff76d67891b closesocket 2888->2891 2892 7ff76d678921-7ff76d67892c WSACleanup 2888->2892 2907 7ff76d678a43-7ff76d678a48 call 7ff76d688d28 2890->2907 2891->2892 2897 7ff76d67892e-7ff76d67893c 2892->2897 2898 7ff76d678960-7ff76d678988 2892->2898 2902 7ff76d67893e-7ff76d678952 2897->2902 2903 7ff76d678958-7ff76d67895b call 7ff76d6a5240 2897->2903 2904 7ff76d67898a-7ff76d67899f 2898->2904 2905 7ff76d6789bf-7ff76d678a0c call 7ff76d6a5220 2898->2905 2902->2890 2902->2903 2903->2898 2909 7ff76d6789ba call 7ff76d6a5240 2904->2909 2910 7ff76d6789a1-7ff76d6789b4 2904->2910 2909->2905 2910->2907 2910->2909 2921->2922 2928 7ff76d678660-7ff76d678670 2922->2928 2929 7ff76d6786a4-7ff76d6786ca 2928->2929 2930 7ff76d678672-7ff76d678684 2928->2930 2933 7ff76d6786cc-7ff76d6786e1 2929->2933 2934 7ff76d678701-7ff76d678726 2929->2934 2931 7ff76d678686-7ff76d678699 2930->2931 2932 7ff76d67869f call 7ff76d6a5240 2930->2932 2931->2843 2931->2932 2932->2929 2938 7ff76d6786fc call 7ff76d6a5240 2933->2938 2939 7ff76d6786e3-7ff76d6786f6 2933->2939 2935 7ff76d67875d-7ff76d6787ae call 7ff76d632e00 * 2 2934->2935 2936 7ff76d678728-7ff76d67873d 2934->2936 2948 7ff76d6787e5-7ff76d67880e 2935->2948 2949 7ff76d6787b0-7ff76d6787c5 2935->2949 2941 7ff76d678758 call 7ff76d6a5240 2936->2941 2942 7ff76d67873f-7ff76d678752 2936->2942 2938->2934 2939->2854 2939->2938 2941->2935 2942->2875 2942->2941 2948->2888 2950 7ff76d6787c7-7ff76d6787da 2949->2950 2951 7ff76d6787e0 call 7ff76d6a5240 2949->2951 2950->2885 2950->2951 2951->2948
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$recv$Cleanupclosesocket
                                • String ID:
                                • API String ID: 3402187201-0
                                • Opcode ID: 7e02839f8e8191f0211a094e47d185844e52548a3a89fb8f6b96793e82fcd201
                                • Instruction ID: f1433760a34ed470119c7343f6bbb70c99e2e36ece2360dd749bf492eaf7c097
                                • Opcode Fuzzy Hash: 7e02839f8e8191f0211a094e47d185844e52548a3a89fb8f6b96793e82fcd201
                                • Instruction Fuzzy Hash: 59127172E2CBC5C0EA20EB15E4443EAA762FB997D0F904631D69C02AE9EF7CD484C710
                                Function 00007FF76D678A50 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 377networkfileCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2953 7ff76d678a50-7ff76d678aac 2954 7ff76d678ab2-7ff76d678ac5 call 7ff76d6a53d0 2953->2954 2955 7ff76d678c70-7ff76d678c92 InternetOpenA 2953->2955 2954->2955 2965 7ff76d678acb-7ff76d678c3b 2954->2965 2956 7ff76d678cb7-7ff76d678cd0 2955->2956 2957 7ff76d678c94-7ff76d678cb2 2955->2957 2960 7ff76d678cd5-7ff76d678d02 InternetOpenUrlA 2956->2960 2961 7ff76d678cd2 2956->2961 2959 7ff76d679041-7ff76d67906a call 7ff76d6a5220 2957->2959 2963 7ff76d678d2a-7ff76d678d55 HttpQueryInfoW 2960->2963 2964 7ff76d678d04-7ff76d678d25 2960->2964 2961->2960 2968 7ff76d678d87-7ff76d678ddb HttpQueryInfoW 2963->2968 2969 7ff76d678d57-7ff76d678d82 2963->2969 2967 7ff76d679038 2964->2967 2970 7ff76d678c40-7ff76d678c48 2965->2970 2967->2959 2973 7ff76d678ddd-7ff76d678df1 call 7ff76d68d010 2968->2973 2974 7ff76d678e04-7ff76d678e19 InternetQueryDataAvailable 2968->2974 2969->2967 2970->2970 2972 7ff76d678c4a-7ff76d678c6b call 7ff76d621d20 call 7ff76d6a5824 call 7ff76d6a5370 2970->2972 2972->2955 2973->2974 2985 7ff76d678df3-7ff76d678e00 call 7ff76d636d30 2973->2985 2975 7ff76d678fee-7ff76d679034 InternetCloseHandle 2974->2975 2976 7ff76d678e1f 2974->2976 2975->2967 2980 7ff76d678e24-7ff76d678e29 2976->2980 2980->2975 2983 7ff76d678e2f-7ff76d678e49 2980->2983 2986 7ff76d678ebc-7ff76d678ed3 InternetReadFile 2983->2986 2987 7ff76d678e4b-7ff76d678e51 2983->2987 2985->2974 2991 7ff76d678ed9-7ff76d678ede 2986->2991 2992 7ff76d678fa8-7ff76d678faf 2986->2992 2993 7ff76d678e53-7ff76d678e5a 2987->2993 2994 7ff76d678e7f-7ff76d678e82 call 7ff76d6a54e0 2987->2994 2991->2992 2996 7ff76d678ee4-7ff76d678eef 2991->2996 2992->2975 2997 7ff76d678fb1-7ff76d678fc2 2992->2997 2998 7ff76d679071-7ff76d679076 call 7ff76d61d390 2993->2998 2999 7ff76d678e60-7ff76d678e6b call 7ff76d6a54e0 2993->2999 3007 7ff76d678e87-7ff76d678eb7 call 7ff76d6a7bf0 2994->3007 3002 7ff76d678f1e-7ff76d678f37 call 7ff76d637860 2996->3002 3003 7ff76d678ef1-7ff76d678f1c call 7ff76d6a7540 2996->3003 3004 7ff76d678fdd-7ff76d678fea call 7ff76d6a5240 2997->3004 3005 7ff76d678fc4-7ff76d678fd7 2997->3005 3010 7ff76d67906b-7ff76d679070 call 7ff76d688d28 2999->3010 3018 7ff76d678e71-7ff76d678e7d 2999->3018 3022 7ff76d678f38-7ff76d678f3f 3002->3022 3003->3022 3004->2975 3005->3004 3005->3010 3007->2986 3010->2998 3018->3007 3023 7ff76d678f82 3022->3023 3024 7ff76d678f41-7ff76d678f52 3022->3024 3025 7ff76d678f84-7ff76d678f99 InternetQueryDataAvailable 3023->3025 3026 7ff76d678f6d-7ff76d678f80 call 7ff76d6a5240 3024->3026 3027 7ff76d678f54-7ff76d678f67 3024->3027 3025->2975 3028 7ff76d678f9b-7ff76d678fa3 3025->3028 3026->3025 3027->3010 3027->3026 3028->2980
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskCriticalEnterFileHandleReadSection_invalid_parameter_noinfo_noreturn
                                • String ID: `;b
                                • API String ID: 2754876294-2329670205
                                • Opcode ID: fac61afa368332affd44006f306dcaf430422c897361d7a3e192ef2638905564
                                • Instruction ID: 7e5fe1abcb40353e7ef1bf9951bc599795284d193365497ee4c07c263fd20afa
                                • Opcode Fuzzy Hash: fac61afa368332affd44006f306dcaf430422c897361d7a3e192ef2638905564
                                • Instruction Fuzzy Hash: AC028C32E28B95C5F700DB65E8406ADB7A6FB84798F501235EE8D57B98EF38D480C750
                                Function 00007FF76D62E5A0 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 324processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 3146 7ff76d62e5a0-7ff76d62e616 CreateToolhelp32Snapshot call 7ff76d6a7bf0 call 7ff76d62ffc0 3151 7ff76d62e61c-7ff76d62e62a Process32FirstW 3146->3151 3152 7ff76d62e834-7ff76d62e850 call 7ff76d62fee0 3146->3152 3153 7ff76d62e630-7ff76d62e632 3151->3153 3157 7ff76d62ea98-7ff76d62eaad CloseHandle 3152->3157 3158 7ff76d62e856-7ff76d62e93c call 7ff76d6340b0 call 7ff76d634380 3152->3158 3153->3152 3156 7ff76d62e638-7ff76d62e650 call 7ff76d661a40 3153->3156 3167 7ff76d62e652 3156->3167 3168 7ff76d62e655-7ff76d62e679 call 7ff76d63ad00 call 7ff76d6352c0 3156->3168 3161 7ff76d62eadf-7ff76d62eb33 call 7ff76d62eb50 call 7ff76d6a5220 3157->3161 3162 7ff76d62eaaf-7ff76d62eac3 3157->3162 3182 7ff76d62e940-7ff76d62e948 3158->3182 3165 7ff76d62eada call 7ff76d6a5240 3162->3165 3166 7ff76d62eac5-7ff76d62ead8 3162->3166 3165->3161 3166->3165 3173 7ff76d62eb34-7ff76d62eb39 call 7ff76d688d28 3166->3173 3167->3168 3186 7ff76d62e680-7ff76d62e6a7 3168->3186 3184 7ff76d62eb3a-7ff76d62eb3f call 7ff76d688d28 3173->3184 3182->3182 3185 7ff76d62e94a-7ff76d62e9f0 call 7ff76d621d20 call 7ff76d630ac0 3182->3185 3194 7ff76d62eb40-7ff76d62eb45 call 7ff76d688d28 3184->3194 3202 7ff76d62e9f5-7ff76d62e9fc 3185->3202 3186->3186 3189 7ff76d62e6a9-7ff76d62e6cb 3186->3189 3192 7ff76d62e6e7-7ff76d62e6fb call 7ff76d63dd60 3189->3192 3193 7ff76d62e6cd-7ff76d62e6e5 3189->3193 3196 7ff76d62e700-7ff76d62e783 call 7ff76d63ad00 call 7ff76d6352c0 call 7ff76d633a20 call 7ff76d638c50 call 7ff76d638af0 3192->3196 3193->3196 3204 7ff76d62eb46-7ff76d62eb4b call 7ff76d688d28 3194->3204 3226 7ff76d62e7b9-7ff76d62e7db 3196->3226 3227 7ff76d62e785-7ff76d62e799 3196->3227 3202->3202 3205 7ff76d62e9fe-7ff76d62ea54 call 7ff76d621d20 call 7ff76d630ac0 call 7ff76d632e00 3202->3205 3221 7ff76d62ea87-7ff76d62ea94 3205->3221 3222 7ff76d62ea56-7ff76d62ea67 3205->3222 3221->3157 3224 7ff76d62ea69-7ff76d62ea7c 3222->3224 3225 7ff76d62ea82 call 7ff76d6a5240 3222->3225 3224->3204 3224->3225 3225->3221 3231 7ff76d62e7dd-7ff76d62e7ef 3226->3231 3232 7ff76d62e80f-7ff76d62e82f Process32NextW 3226->3232 3229 7ff76d62e79b-7ff76d62e7ae 3227->3229 3230 7ff76d62e7b4 call 7ff76d6a5240 3227->3230 3229->3184 3229->3230 3230->3226 3234 7ff76d62e80a call 7ff76d6a5240 3231->3234 3235 7ff76d62e7f1-7ff76d62e804 3231->3235 3232->3153 3234->3232 3235->3194 3235->3234
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                • String ID: [PID:
                                • API String ID: 1946380282-2210602247
                                • Opcode ID: 2e98722eda0985c94e24bd3d9f72c1d81085f42899550c162b2b0af844e38f11
                                • Instruction ID: fe15c2c408be0bf75a717df4aa27af260bdd0c90d1c6de6926acf7737381a8ab
                                • Opcode Fuzzy Hash: 2e98722eda0985c94e24bd3d9f72c1d81085f42899550c162b2b0af844e38f11
                                • Instruction Fuzzy Hash: 50E19472A28BC185E720DF25E8803EDB766F784794F804235EA9D47B99EF78D284C710
                                Function 00007FF76D62EC50 Relevance: 15.7, APIs: 10, Instructions: 716COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: 6788cebbe8b05759457b1506817ae21ad95c6f4b341e056836f9150a18ed290e
                                • Instruction ID: 11d7321f56201350c4e5a8a911bbb01172b64f8ae041d22fceeb6729a49196b0
                                • Opcode Fuzzy Hash: 6788cebbe8b05759457b1506817ae21ad95c6f4b341e056836f9150a18ed290e
                                • Instruction Fuzzy Hash: A9724E32A18BC5C9DB309F29E8403ED63A5F788798F505335EA9C56B99EF78D284C710
                                Function 00007FF76D671F20 Relevance: 14.5, APIs: 4, Strings: 4, Instructions: 452fileCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: File$PointerReadSize_invalid_parameter_noinfo_noreturn
                                • String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                • API String ID: 2478245620-15404121
                                • Opcode ID: d8da539ebf60621fe167a0c0dfa5e5e9ad05ba32cf1afa242e7554c68b68d236
                                • Instruction ID: 203f844cfece491dadca438cd79197a54cd8a5cf430d7f40b0e136d574c5e9d2
                                • Opcode Fuzzy Hash: d8da539ebf60621fe167a0c0dfa5e5e9ad05ba32cf1afa242e7554c68b68d236
                                • Instruction Fuzzy Hash: 3F322A22A28BC5C9EB20DF28D8903ED77A2FB44788F844236DA8D57B59EF78D554C710
                                Function 00007FF76D699D08 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335timeCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • _get_daylight.LIBCMT ref: 00007FF76D699D4D
                                  • Part of subcall function 00007FF76D6993B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF76D6993CC
                                  • Part of subcall function 00007FF76D694454: RtlFreeHeap.NTDLL(?,?,?,00007FF76D69E5C2,?,?,?,00007FF76D69E93F,?,?,00000000,00007FF76D69C67C,?,?,?,00007FF76D69C5AF), ref: 00007FF76D69446A
                                  • Part of subcall function 00007FF76D694454: GetLastError.KERNEL32(?,?,?,00007FF76D69E5C2,?,?,?,00007FF76D69E93F,?,?,00000000,00007FF76D69C67C,?,?,?,00007FF76D69C5AF), ref: 00007FF76D694474
                                  • Part of subcall function 00007FF76D688D58: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF76D688D06,?,?,?,?,8000000000000000,00007FF76D688BEE), ref: 00007FF76D688D61
                                  • Part of subcall function 00007FF76D688D58: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF76D688D06,?,?,?,?,8000000000000000,00007FF76D688BEE), ref: 00007FF76D688D86
                                  • Part of subcall function 00007FF76D6A2470: _invalid_parameter_noinfo.LIBCMT ref: 00007FF76D6A23BB
                                • _get_daylight.LIBCMT ref: 00007FF76D699D3C
                                  • Part of subcall function 00007FF76D699418: _invalid_parameter_noinfo.LIBCMT ref: 00007FF76D69942C
                                • _get_daylight.LIBCMT ref: 00007FF76D699FB2
                                • _get_daylight.LIBCMT ref: 00007FF76D699FC3
                                • _get_daylight.LIBCMT ref: 00007FF76D699FD4
                                • GetTimeZoneInformation.KERNEL32(00007FF76D69A2C2), ref: 00007FF76D699FFB
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                • String ID: Eastern Standard Time$Eastern Summer Time
                                • API String ID: 4070488512-239921721
                                • Opcode ID: 7f3e2c6d8f544dcf824fc2204b4da78a5b48d0e44cc0b0bd3589fe12c5d04071
                                • Instruction ID: d5c2469596fd906630cd7e5071da3496fcdec2123821037127debb83c7905f6d
                                • Opcode Fuzzy Hash: 7f3e2c6d8f544dcf824fc2204b4da78a5b48d0e44cc0b0bd3589fe12c5d04071
                                • Instruction Fuzzy Hash: F4D1A326E2C643CAEB20BF25D4505B9A3A3EF447C8F845136DA5D4BA95FF3CE8418760
                                Function 00007FF76D696504 Relevance: 10.8, APIs: 7, Instructions: 286COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: 6af02b40caf86ad04c16c058bb45c72eaa5f81482c5d575273d1da7d3666781d
                                • Instruction ID: 3853076151d177b35089934ed12fe47c0ec7b6151b2b199f3bdd943c29376a82
                                • Opcode Fuzzy Hash: 6af02b40caf86ad04c16c058bb45c72eaa5f81482c5d575273d1da7d3666781d
                                • Instruction Fuzzy Hash: 5FC1B122E2C787D5EB607B5194403B9A793EF81BD0F844175EA4E0B295EE7CE85487B0
                                Function 00007FF76D699F84 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • _get_daylight.LIBCMT ref: 00007FF76D699FB2
                                  • Part of subcall function 00007FF76D699418: _invalid_parameter_noinfo.LIBCMT ref: 00007FF76D69942C
                                • _get_daylight.LIBCMT ref: 00007FF76D699FC3
                                  • Part of subcall function 00007FF76D6993B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF76D6993CC
                                • _get_daylight.LIBCMT ref: 00007FF76D699FD4
                                  • Part of subcall function 00007FF76D6993E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF76D6993FC
                                  • Part of subcall function 00007FF76D694454: RtlFreeHeap.NTDLL(?,?,?,00007FF76D69E5C2,?,?,?,00007FF76D69E93F,?,?,00000000,00007FF76D69C67C,?,?,?,00007FF76D69C5AF), ref: 00007FF76D69446A
                                  • Part of subcall function 00007FF76D694454: GetLastError.KERNEL32(?,?,?,00007FF76D69E5C2,?,?,?,00007FF76D69E93F,?,?,00000000,00007FF76D69C67C,?,?,?,00007FF76D69C5AF), ref: 00007FF76D694474
                                • GetTimeZoneInformation.KERNEL32(00007FF76D69A2C2), ref: 00007FF76D699FFB
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                • String ID: Eastern Standard Time$Eastern Summer Time
                                • API String ID: 3458911817-239921721
                                • Opcode ID: be1835f9fd9397b4c0447581b518a2abff0f58810eff9969caeeccc32c0612b5
                                • Instruction ID: 56da5057d8df31b9995d26bce5e325359e61fc9c3d8f7f34a3c8265aa2eb4e88
                                • Opcode Fuzzy Hash: be1835f9fd9397b4c0447581b518a2abff0f58810eff9969caeeccc32c0612b5
                                • Instruction Fuzzy Hash: F7514132E2C643C6E710FF25D4909A9A7A3BB487C4F845136DA5D47A95EF3CE8418760
                                Function 00007FF76D679FB0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 250COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: cores
                                • API String ID: 3668304517-2370456839
                                • Opcode ID: 5a56a27a6a12292f8f056ae5051b58c18cb399631a994091f64dc84101bfa3dc
                                • Instruction ID: 776243d1ef6e9e1d84831b4a02b1e1605a9ef099779660e457dca84b3be67b3a
                                • Opcode Fuzzy Hash: 5a56a27a6a12292f8f056ae5051b58c18cb399631a994091f64dc84101bfa3dc
                                • Instruction Fuzzy Hash: 7CB1A362F28B85CAF700DFB8D0413AC7372AB55398FA05335DE5C22A9AEB789195C350
                                Function 00007FF76D673360 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 428COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FF76D6A53D0: EnterCriticalSection.KERNEL32(?,?,0000000100000000,00007FF76D621944), ref: 00007FF76D6A53E0
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76D673BAE
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76D673BB4
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$CriticalEnterSection
                                • String ID: exists$ios_base::badbit set
                                • API String ID: 555700303-2074760687
                                • Opcode ID: 211bf8ed80172411212655d15e50f84c739a6300d7cc6cbddb125a93418e7dca
                                • Instruction ID: e9524da3d512c8d857fe4ddd963c4bf406aef357ed1f393164436afac11e4d8c
                                • Opcode Fuzzy Hash: 211bf8ed80172411212655d15e50f84c739a6300d7cc6cbddb125a93418e7dca
                                • Instruction Fuzzy Hash: F3324332E2DBC5D5DA21EB14E4903EAB366FB94780F804235DA9D43AA9EF7CD144CB10
                                Function 00007FF76D620BD0 Relevance: 4.8, APIs: 3, Instructions: 336COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 47db54cdc77b99b8a0aea0f1502c255d51c94eec2d03ff0ce8315311750e19c0
                                • Instruction ID: a910e11b206a86a9008fb6d29d796a03809cb7c9c107577c18ff0f35b794942c
                                • Opcode Fuzzy Hash: 47db54cdc77b99b8a0aea0f1502c255d51c94eec2d03ff0ce8315311750e19c0
                                • Instruction Fuzzy Hash: 74F16032A18F8889EB208B69E44139DB7B1F789798F504325EEDC57B98EF7CD1808700
                                Function 00007FF76D6212C0 Relevance: 4.8, APIs: 3, Instructions: 328COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 013e423ae74e6ac55b6184ae608de63b910e93e29112b48b6cf5f6059d3d39fa
                                • Instruction ID: 3a253e26140bf65c92606ef666fcd0aa1e299827d2c0dd517aa91b62d8fdf3c7
                                • Opcode Fuzzy Hash: 013e423ae74e6ac55b6184ae608de63b910e93e29112b48b6cf5f6059d3d39fa
                                • Instruction Fuzzy Hash: B2F13E32A18F8889EB208B69E44139DB7B1F789798F505325EEDC57B99EF7CD1908700
                                Function 00007FF76D67AB00 Relevance: 4.7, APIs: 3, Instructions: 160COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$DriveLogicalStrings
                                • String ID:
                                • API String ID: 3916208290-0
                                • Opcode ID: 8df1d4c67eb389f700f34094b18bd9600d27059f3efc52be58bca253bad1cae3
                                • Instruction ID: 98234e1c6fc9d4cba1836e582eebe3e58fd7ab774fe8c54dc73f0d0bb4db1492
                                • Opcode Fuzzy Hash: 8df1d4c67eb389f700f34094b18bd9600d27059f3efc52be58bca253bad1cae3
                                • Instruction Fuzzy Hash: E9715E32E2CB85C2E7109B24E4803ADB765FB94798F545225EA9C13AA9EF7CE1D0D740
                                Function 00007FF76D67ADB0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 171timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: InformationTimeZone
                                • String ID: [UTC
                                • API String ID: 565725191-1715286942
                                • Opcode ID: 32cfad913eb78652faaf34ab0dc984f513f5d8a2433cb94acb5931d164039b4a
                                • Instruction ID: 9404dc42c75488dd723a2b342bfb91ebdb2794d01cb81fa2f147b8061be2b03c
                                • Opcode Fuzzy Hash: 32cfad913eb78652faaf34ab0dc984f513f5d8a2433cb94acb5931d164039b4a
                                • Instruction Fuzzy Hash: A091D832A19FC889D7708F29E84129AB7A5F789788F505325EACD57B19EF38C250CB40
                                Function 00007FF76D661CF0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: CryptDataFreeLocalUnprotect
                                • String ID:
                                • API String ID: 1561624719-0
                                • Opcode ID: f88957cfd2b51bcb633bef7ba602987a2d0c6455c83a8ba819920da39e749fc3
                                • Instruction ID: 278f32791aa13c25166538c6272ee1904aa1725cde26d16f137b626795e7b607
                                • Opcode Fuzzy Hash: f88957cfd2b51bcb633bef7ba602987a2d0c6455c83a8ba819920da39e749fc3
                                • Instruction Fuzzy Hash: 1A418B32A28B81CAE3209F74E4403ED77A5FB5978CF444235EA8C12E8AEF79D164C354
                                Function 00007FF76D679A60 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: NameUser
                                • String ID:
                                • API String ID: 2645101109-0
                                • Opcode ID: 90496fcf6dfcee039494cb4054596e234e531b545ff591467ece2fe3a88e0abf
                                • Instruction ID: 12bda5a29ebfc093854fd296f40821f916515df94fdd8ae1b3913586bbdaaec0
                                • Opcode Fuzzy Hash: 90496fcf6dfcee039494cb4054596e234e531b545ff591467ece2fe3a88e0abf
                                • Instruction Fuzzy Hash: F901523292C681C2D720DF15F5003AAA3A1FB987C8F940131E68D42659EFBCD1908B40
                                Function 00007FF76D680A90 Relevance: 1.5, Strings: 1, Instructions: 227COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID: \u%04x
                                • API String ID: 0-2916071157
                                • Opcode ID: 1fad9b3796bb0d5fdcf9dafeee4abe8aa7886122a64dabba2bcf5863bcbe4c67
                                • Instruction ID: e2882054164e16216ab5909f7bfb3b257ea925d695239955d2fbc7ce995a6fc3
                                • Opcode Fuzzy Hash: 1fad9b3796bb0d5fdcf9dafeee4abe8aa7886122a64dabba2bcf5863bcbe4c67
                                • Instruction Fuzzy Hash: 56910262E1D682C2EB54EF26D4902ADA762FB85BC4F849431DB4E03B91EF7CE515C320
                                Function 00007FF76D6800A8 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID: ":
                                • API String ID: 0-3662656813
                                • Opcode ID: b9b08ee33fba6464ba4a034b66aaf27c00bb5b847e315b820d08c0993251eba8
                                • Instruction ID: 888c95bbcc2a6c9cee8f9246fceb3be946ef212cc68e98acabe658e0d3576a02
                                • Opcode Fuzzy Hash: b9b08ee33fba6464ba4a034b66aaf27c00bb5b847e315b820d08c0993251eba8
                                • Instruction Fuzzy Hash: DE911676619A46C1DB10EF2AE09466DA762FB88FC8F859022CF5E07B64DF39D158C710
                                Function 00007FF76D6340B0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                Download Yara Rule
                                Strings
                                • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 00007FF76D634139
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                • API String ID: 0-1713319389
                                • Opcode ID: 437ae662eb117c41f44ff7f9c77615c2854eafd9d66bebc79b763ab490802efe
                                • Instruction ID: 93610bed24222183f9663bd486d6c8f5b081c9a2526016635dcefc9ce8ade991
                                • Opcode Fuzzy Hash: 437ae662eb117c41f44ff7f9c77615c2854eafd9d66bebc79b763ab490802efe
                                • Instruction Fuzzy Hash: D4412663A2D7E08AD702CB39841127DBFB2E366B88B1DC172D7D887746DA6DD206C710
                                Function 00007FF76D671B00 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 192windowCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2373 7ff76d671b00-7ff76d671b3b call 7ff76d671970 2376 7ff76d671b3d-7ff76d671b4c EnterCriticalSection 2373->2376 2377 7ff76d671b7c 2373->2377 2378 7ff76d671b4e-7ff76d671b70 GdiplusStartup 2376->2378 2379 7ff76d671ba0-7ff76d671bba LeaveCriticalSection GdipGetImageEncodersSize 2376->2379 2380 7ff76d671b81-7ff76d671b9f call 7ff76d6a5220 2377->2380 2378->2379 2382 7ff76d671b72-7ff76d671b76 LeaveCriticalSection 2378->2382 2379->2377 2381 7ff76d671bbc-7ff76d671bcf 2379->2381 2384 7ff76d671c0b-7ff76d671c19 call 7ff76d690aa4 2381->2384 2385 7ff76d671bd1-7ff76d671bda call 7ff76d671700 2381->2385 2382->2377 2393 7ff76d671c1b-7ff76d671c1e 2384->2393 2394 7ff76d671c20-7ff76d671c2a 2384->2394 2391 7ff76d671bdc-7ff76d671be6 2385->2391 2392 7ff76d671c08 2385->2392 2396 7ff76d671be8 2391->2396 2397 7ff76d671bf2-7ff76d671c06 call 7ff76d6a6060 2391->2397 2392->2384 2395 7ff76d671c2e-7ff76d671c31 2393->2395 2394->2395 2398 7ff76d671c3d-7ff76d671c4e GdipGetImageEncoders 2395->2398 2399 7ff76d671c33-7ff76d671c38 2395->2399 2396->2397 2397->2395 2402 7ff76d671d93-7ff76d671d98 2398->2402 2403 7ff76d671c54-7ff76d671c5d 2398->2403 2401 7ff76d671da8-7ff76d671dab 2399->2401 2407 7ff76d671dad 2401->2407 2408 7ff76d671dc4-7ff76d671dc6 2401->2408 2402->2401 2405 7ff76d671c8f 2403->2405 2406 7ff76d671c5f-7ff76d671c6d 2403->2406 2411 7ff76d671c96-7ff76d671ca6 2405->2411 2409 7ff76d671c70-7ff76d671c7b 2406->2409 2410 7ff76d671db0-7ff76d671dc2 call 7ff76d688110 2407->2410 2408->2380 2412 7ff76d671c7d-7ff76d671c82 2409->2412 2413 7ff76d671c88-7ff76d671c8d 2409->2413 2410->2408 2415 7ff76d671cb9-7ff76d671cd5 2411->2415 2416 7ff76d671ca8-7ff76d671cb3 2411->2416 2412->2413 2417 7ff76d671d37-7ff76d671d3b 2412->2417 2413->2405 2413->2409 2419 7ff76d671cd7-7ff76d671d30 GdipCreateBitmapFromScan0 GdipSaveImageToStream 2415->2419 2420 7ff76d671d42-7ff76d671d81 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 2415->2420 2416->2402 2416->2415 2417->2411 2423 7ff76d671d32-7ff76d671d35 2419->2423 2424 7ff76d671d40 2419->2424 2421 7ff76d671d9a-7ff76d671da7 GdipDisposeImage 2420->2421 2422 7ff76d671d83 2420->2422 2421->2401 2425 7ff76d671d86-7ff76d671d8d GdipDisposeImage 2422->2425 2423->2425 2424->2421 2425->2402
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
                                • String ID: &
                                • API String ID: 1703174404-3042966939
                                • Opcode ID: a799f0d6590f995dc081d60b5774d6bb27e4fbd63746d95bb83c1d8aad6cf0fd
                                • Instruction ID: 45e73b2b3dcc4ac0f3f6a3625584316a7bca2964135f2d52ad85a6bd885c9247
                                • Opcode Fuzzy Hash: a799f0d6590f995dc081d60b5774d6bb27e4fbd63746d95bb83c1d8aad6cf0fd
                                • Instruction Fuzzy Hash: D591C432E2CB46CAE720EF21E8105A8B3A2FB54BD8B845136DA4D47B94EF3CE555C750
                                Function 00007FF76D673030 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 193networkCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                • String ID: geo$system
                                • API String ID: 2440148987-2364779556
                                • Opcode ID: f9b9bf502d635d518ba8d4ea29e5bdb740b61dcfc69bba0197c85f47a6f257a1
                                • Instruction ID: 862c5565c07e5671209f7fe9fdf2032e2a39c728d1a8333ce2284c0e56786f62
                                • Opcode Fuzzy Hash: f9b9bf502d635d518ba8d4ea29e5bdb740b61dcfc69bba0197c85f47a6f257a1
                                • Instruction Fuzzy Hash: 6D917E62F2CA46C9EB00EB64E4501EC7373EB443D8F805636DA6D12AA9FE7CE549C310
                                Function 00007FF76D67B136 Relevance: 16.9, APIs: 11, Instructions: 377COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 3031 7ff76d67b136-7ff76d67b19e call 7ff76d632c10 call 7ff76d631850 3036 7ff76d67b1d1-7ff76d67b1ea 3031->3036 3037 7ff76d67b1a0-7ff76d67b1b1 3031->3037 3040 7ff76d67b21d-7ff76d67b268 call 7ff76d670ec0 call 7ff76d66db20 3036->3040 3041 7ff76d67b1ec-7ff76d67b1fd 3036->3041 3038 7ff76d67b1cc call 7ff76d6a5240 3037->3038 3039 7ff76d67b1b3-7ff76d67b1c6 3037->3039 3038->3036 3039->3038 3042 7ff76d67b706-7ff76d67b70b call 7ff76d688d28 3039->3042 3057 7ff76d67b26a-7ff76d67b279 3040->3057 3058 7ff76d67b286-7ff76d67b297 call 7ff76d637540 3040->3058 3044 7ff76d67b218 call 7ff76d6a5240 3041->3044 3045 7ff76d67b1ff-7ff76d67b212 3041->3045 3048 7ff76d67b70c-7ff76d67b711 call 7ff76d688d28 3042->3048 3044->3040 3045->3044 3045->3048 3056 7ff76d67b712-7ff76d67b717 call 7ff76d688d28 3048->3056 3066 7ff76d67b718-7ff76d67b71d call 7ff76d688d28 3056->3066 3061 7ff76d67b27e-7ff76d67b284 3057->3061 3062 7ff76d67b27b 3057->3062 3063 7ff76d67b29c-7ff76d67b3b4 call 7ff76d632c10 * 3 3058->3063 3061->3063 3062->3061 3077 7ff76d67b3e7-7ff76d67b408 3063->3077 3078 7ff76d67b3b6-7ff76d67b3c7 3063->3078 3072 7ff76d67b71e-7ff76d67b723 call 7ff76d688d28 3066->3072 3079 7ff76d67b724-7ff76d67b729 call 7ff76d688d28 3072->3079 3083 7ff76d67b43c-7ff76d67b45f 3077->3083 3084 7ff76d67b40a-7ff76d67b41c 3077->3084 3081 7ff76d67b3c9-7ff76d67b3dc 3078->3081 3082 7ff76d67b3e2 call 7ff76d6a5240 3078->3082 3092 7ff76d67b72a-7ff76d67b72f call 7ff76d688d28 3079->3092 3081->3056 3081->3082 3082->3077 3088 7ff76d67b493-7ff76d67b4ae 3083->3088 3089 7ff76d67b461-7ff76d67b473 3083->3089 3085 7ff76d67b41e-7ff76d67b431 3084->3085 3086 7ff76d67b437 call 7ff76d6a5240 3084->3086 3085->3066 3085->3086 3086->3083 3095 7ff76d67b4e1-7ff76d67b4fa 3088->3095 3096 7ff76d67b4b0-7ff76d67b4c1 3088->3096 3093 7ff76d67b48e call 7ff76d6a5240 3089->3093 3094 7ff76d67b475-7ff76d67b488 3089->3094 3110 7ff76d67b730-7ff76d67b735 call 7ff76d688d28 3092->3110 3093->3088 3094->3072 3094->3093 3101 7ff76d67b52d-7ff76d67b557 call 7ff76d67a4c0 3095->3101 3102 7ff76d67b4fc-7ff76d67b50d 3095->3102 3099 7ff76d67b4dc call 7ff76d6a5240 3096->3099 3100 7ff76d67b4c3-7ff76d67b4d6 3096->3100 3099->3095 3100->3079 3100->3099 3109 7ff76d67b55c-7ff76d67b586 call 7ff76d632c10 3101->3109 3106 7ff76d67b528 call 7ff76d6a5240 3102->3106 3107 7ff76d67b50f-7ff76d67b522 3102->3107 3106->3101 3107->3092 3107->3106 3115 7ff76d67b5b9-7ff76d67b5d7 3109->3115 3116 7ff76d67b588-7ff76d67b599 3109->3116 3117 7ff76d67b736-7ff76d67b73b call 7ff76d688d28 3110->3117 3121 7ff76d67b60d-7ff76d67b631 3115->3121 3122 7ff76d67b5d9-7ff76d67b5ed 3115->3122 3118 7ff76d67b59b-7ff76d67b5ae 3116->3118 3119 7ff76d67b5b4 call 7ff76d6a5240 3116->3119 3133 7ff76d67b73c-7ff76d67b741 call 7ff76d688d28 3117->3133 3118->3110 3118->3119 3119->3115 3123 7ff76d67b667-7ff76d67b689 3121->3123 3124 7ff76d67b633-7ff76d67b647 3121->3124 3127 7ff76d67b608 call 7ff76d6a5240 3122->3127 3128 7ff76d67b5ef-7ff76d67b602 3122->3128 3131 7ff76d67b6bb-7ff76d67b6ff call 7ff76d6a5220 3123->3131 3132 7ff76d67b68b-7ff76d67b69f 3123->3132 3129 7ff76d67b649-7ff76d67b65c 3124->3129 3130 7ff76d67b662 call 7ff76d6a5240 3124->3130 3127->3121 3128->3117 3128->3127 3129->3130 3129->3133 3130->3123 3136 7ff76d67b6b6 call 7ff76d6a5240 3132->3136 3137 7ff76d67b6a1-7ff76d67b6b4 3132->3137 3136->3131 3137->3136 3140 7ff76d67b700-7ff76d67b705 call 7ff76d688d28 3137->3140 3140->3042
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: 4ecf03b484961b4e3d84f576676e6ba032df54f9d8a594d07bc2a7ae52410360
                                • Instruction ID: 61a3f72d4d473d416605d70dafbb378675539414ddfb89d909365918423c0d65
                                • Opcode Fuzzy Hash: 4ecf03b484961b4e3d84f576676e6ba032df54f9d8a594d07bc2a7ae52410360
                                • Instruction Fuzzy Hash: F5F17762E287C5C5EB10DB39D4453ADA722EB957E4F909331DAAC06ADAEF7CD1C08350
                                Function 00007FF76D6514C0 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 225COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: chrome_key$directory_iterator::directory_iterator$exists$key$status
                                • API String ID: 3668304517-2866355200
                                • Opcode ID: 08b92d76e2e3f11f03edf2e011446b00a9d06c3c12f3ffdb4d37cbbd82b36e5f
                                • Instruction ID: 65201cd25af4e54b0dc7d01dedeffc32fd850ffda7a04ac36af76a28d93f7cea
                                • Opcode Fuzzy Hash: 08b92d76e2e3f11f03edf2e011446b00a9d06c3c12f3ffdb4d37cbbd82b36e5f
                                • Instruction Fuzzy Hash: 8CA18472E28B86C5EB10EF28E8442AD7362FB447D8F905635EA5D07A99EF7CD181C710
                                Function 00007FF76D660390 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 118COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: QAH3HKAu0+BYhcT7vSH07CMO3LWM4XxPLt3kmwYOIVE=$port$type must be number, but is $zNuHWZk7sUY=
                                • API String ID: 3668304517-3400936290
                                • Opcode ID: 7d82c991707c4129d014f9c2bf4edb22411221f1a20e94ed221207c3070c9aca
                                • Instruction ID: a7dc44eb88fa84fc29dd8bb43fa99aaca7832de569ecc0a03c260ef9ffb8e2c4
                                • Opcode Fuzzy Hash: 7d82c991707c4129d014f9c2bf4edb22411221f1a20e94ed221207c3070c9aca
                                • Instruction Fuzzy Hash: 7B41A472A286C5C5EB18EF65D1583BDA363EB01FC8FD48431D64C1A69AEF6CD4C48361
                                Function 00007FF76D6B4258 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                • String ID:
                                • API String ID: 1330151763-0
                                • Opcode ID: c371a098d1ed890db9e0e1017008efad7e651166628c24d51931c4570b1b57a6
                                • Instruction ID: bf61be4bd4029caafc214e63de0d64b9dc16fdec7dea12da8862abadcaa3f0ce
                                • Opcode Fuzzy Hash: c371a098d1ed890db9e0e1017008efad7e651166628c24d51931c4570b1b57a6
                                • Instruction Fuzzy Hash: 30C1C232F28A42C5EB10EFA9C4906AC7762FB49BD8B415235DA1E57794EF38E461C720
                                Function 00007FF76D622BB0 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 36COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: content$directory_iterator::directory_iterator$exists$filename$status
                                • API String ID: 3668304517-3429737954
                                • Opcode ID: 38c4d0cce02b34758d65185788091ff6bbb0dec24bda6f9e6456dfe30f3163b0
                                • Instruction ID: df5d40b7a80f24bd11d9764cffb56933b09f4ec4da6af04ba7dca254e2cdc8d1
                                • Opcode Fuzzy Hash: 38c4d0cce02b34758d65185788091ff6bbb0dec24bda6f9e6456dfe30f3163b0
                                • Instruction Fuzzy Hash: 7DF030A2F3868585FB28AB64D00836DA352AB18FC9F944430DA8C0A696FF6DD4D58351
                                Function 00007FF76D67A861 Relevance: 9.2, APIs: 6, Instructions: 163registryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$CloseEnumOpen
                                • String ID:
                                • API String ID: 2177193445-0
                                • Opcode ID: a05794525d12b9a30d821ce8a90ca9d5e16ba8f7435d7b89c5328b8e4cf372e1
                                • Instruction ID: 558c2a8ca4613db5f77b8443eabf377514af1e123c84833c806e0833f0d679a4
                                • Opcode Fuzzy Hash: a05794525d12b9a30d821ce8a90ca9d5e16ba8f7435d7b89c5328b8e4cf372e1
                                • Instruction Fuzzy Hash: C0717072E2CB8585EB109B64E4447ADA762FB453E8F904235EAAD03AD5EF7CE0C0C710
                                Function 00007FF76D6541A0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 225COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: exists
                                • API String ID: 3668304517-2996790960
                                • Opcode ID: 53aca73c336c9b658f26f7cf69bbf6a261e67c0e16274f19d30e58f184160f29
                                • Instruction ID: 22d40b74128bf6646cce49af9f614858a9ebe5eb04c2b6ca25f700505ae943cf
                                • Opcode Fuzzy Hash: 53aca73c336c9b658f26f7cf69bbf6a261e67c0e16274f19d30e58f184160f29
                                • Instruction Fuzzy Hash: 64A1A772E28B46C5EB10DF64E8402AD7362FB487D8F905235EA5D07AA9EF7CE191C310
                                Function 00007FF76D67DB80 Relevance: 7.6, APIs: 5, Instructions: 123COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: EnvironmentInitStringStringsUnicode$Free_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 1868271193-0
                                • Opcode ID: 793d1491775f71d3672786ed8f4fe9ca6eed7059fa49f464038b53ec1853dd54
                                • Instruction ID: 8d59aaebc218ac80f086ed0183327ac09838c934f55ce8ca9c5381a1fc1b2554
                                • Opcode Fuzzy Hash: 793d1491775f71d3672786ed8f4fe9ca6eed7059fa49f464038b53ec1853dd54
                                • Instruction Fuzzy Hash: 25518A62E2CB85C2EA109F15E440369B362FB88BD4F949231EB9D03B95EF7CE1D08714
                                Function 00007FF76D67A7F0 Relevance: 7.6, APIs: 5, Instructions: 96registryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: EnumOpen
                                • String ID:
                                • API String ID: 3231578192-0
                                • Opcode ID: 040e917cd92afba456472a363a755aca85739ca197cddf1a1abe7dc66a18d0d3
                                • Instruction ID: e7ebfa0d5414fe770fe7a8e3a417e4e31a07f186f81ad23c5f0d0ebaff4c2155
                                • Opcode Fuzzy Hash: 040e917cd92afba456472a363a755aca85739ca197cddf1a1abe7dc66a18d0d3
                                • Instruction Fuzzy Hash: 6E318132E28B85C5E7209BA1E844AAEB365FB447D8F900235EE9D17A54EF7CD095C700
                                Function 00007FF76D673C90 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 413COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FF76D6A53D0: EnterCriticalSection.KERNEL32(?,?,0000000100000000,00007FF76D621944), ref: 00007FF76D6A53E0
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76D67445A
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76D674460
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$CriticalEnterSection
                                • String ID: exists$ios_base::badbit set
                                • API String ID: 555700303-2074760687
                                • Opcode ID: 156d8fc8e3239c3ba34aac912e0a6b7e8b418469f6ac63b91b7a225825b6313c
                                • Instruction ID: f99919867a3409761c0cfef37a6cc5a901533fb2a7665ada64841c3dab14ddf1
                                • Opcode Fuzzy Hash: 156d8fc8e3239c3ba34aac912e0a6b7e8b418469f6ac63b91b7a225825b6313c
                                • Instruction Fuzzy Hash: 20224532D2DAC6D1DA21EB15E4943EAA362FB847D0F944231DA9D43AA9FF7CD144CB10
                                Function 00007FF76D627B00 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$DriveFileFindFirstLogicalStrings
                                • String ID: content$filename
                                • API String ID: 3820383557-474635906
                                • Opcode ID: 7eb452ec9a494ae9f8cf64919d389b38330d63c44f44d2914f15c9dd8d6365eb
                                • Instruction ID: 4251841b618a3e4dd46ac563e049cc03a9644403931803f6acc79cd2cc0bf13e
                                • Opcode Fuzzy Hash: 7eb452ec9a494ae9f8cf64919d389b38330d63c44f44d2914f15c9dd8d6365eb
                                • Instruction Fuzzy Hash: 82417962E2C646C1EA20AF25F44056EE362EBD47F4F985331E69D07BE9FE7CD5808610
                                Function 00007FF76D679E20 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45registryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Value
                                • String ID: --type$ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                • API String ID: 3702945584-3762788641
                                • Opcode ID: 1f53e9f22b8ee8aa6c5cf43c21f35ff434b2e8a0e3a3b8a612928dfcfa761872
                                • Instruction ID: c55a7fa73d1ea826b7d95bd0ad49cf8ef92898a19e78ee0420ebde39817e233b
                                • Opcode Fuzzy Hash: 1f53e9f22b8ee8aa6c5cf43c21f35ff434b2e8a0e3a3b8a612928dfcfa761872
                                • Instruction Fuzzy Hash: BA114A32A1CB85C2D7209B21F4403AAB3A5FB89788F900235EA9C06B59EFBCD154CB40
                                Function 00007FF76D672AC0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                • String ID:
                                • API String ID: 215268677-0
                                • Opcode ID: b58325ce29b780eef651909379bfc8c714b7e3d5217266914ac01701143baf7a
                                • Instruction ID: 5b9dab42d15a483bdc17a8efa431b45b6a320213bf89621e6ee6690aa78aeb93
                                • Opcode Fuzzy Hash: b58325ce29b780eef651909379bfc8c714b7e3d5217266914ac01701143baf7a
                                • Instruction Fuzzy Hash: 7811FC32A2CB82C6E7509F11F84075AB3A1FB88B84F845135EA8D47B68EF7CE455CB50
                                Function 00007FF76D637540 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                • String ID: cannot use operator[] with a numeric argument with
                                • API String ID: 73155330-485864652
                                • Opcode ID: 67eda7f26889bc733ddfeff5fe4890f10ca60ac539fe7f83e408ccdd1cd7b394
                                • Instruction ID: 3d4adc17938a774b58f36f1c0c80067cc336d7824fc4e1cdc9bbbdd268430bf3
                                • Opcode Fuzzy Hash: 67eda7f26889bc733ddfeff5fe4890f10ca60ac539fe7f83e408ccdd1cd7b394
                                • Instruction Fuzzy Hash: 9A31B671F1D782C4EE14EB1AE5042A8E257AB45BE4F991730DE6D0BBD5EEBCE0518310
                                Function 00007FF76D67A380 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: CurrentProfile
                                • String ID: --type$Unknown
                                • API String ID: 2104809126-2669863112
                                • Opcode ID: 50e4149a4f36fe9e45017b92ad617ba725f782cca4f6cb9131f1630fd3cab9eb
                                • Instruction ID: 77062f9ff2ee432917dd19942715bda1d2a057ab55d2e5118a3aaf8267857bc3
                                • Opcode Fuzzy Hash: 50e4149a4f36fe9e45017b92ad617ba725f782cca4f6cb9131f1630fd3cab9eb
                                • Instruction Fuzzy Hash: E231B222A2CBC5C2E620DF15F4406AAF761FB99784F941235EBCD02A4AEF7DD184CB10
                                Function 00007FF76D670800 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69registryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: CloseOpen
                                • String ID: --type
                                • API String ID: 47109696-2654721227
                                • Opcode ID: 2699ab7f269dbce92234196c397df38ce889de949ca90d1c3d969e5c8547cd87
                                • Instruction ID: 314bc5300bd993e05c2d8fc6cdc56e09d7b21d30d7d63c00faee475ff9ba92d0
                                • Opcode Fuzzy Hash: 2699ab7f269dbce92234196c397df38ce889de949ca90d1c3d969e5c8547cd87
                                • Instruction Fuzzy Hash: D4218521F3CA45C5EF50AB22E8402AAE362EF98BD4F985131EA4D43B95EE6DD081C750
                                Function 00007FF76D62FA60 Relevance: 4.8, APIs: 3, Instructions: 273COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: EnvironmentStrings$Free
                                • String ID:
                                • API String ID: 3328510275-0
                                • Opcode ID: f6bb018091e4ad3e0167fd5f73ff4f1a969460449a085c0ba2f9688596738a1e
                                • Instruction ID: fa688abcb6e14b2d3fac1c4755a076c78e594764dc2f4973071faf7b93b4289e
                                • Opcode Fuzzy Hash: f6bb018091e4ad3e0167fd5f73ff4f1a969460449a085c0ba2f9688596738a1e
                                • Instruction Fuzzy Hash: 80C19232A28B85C5EB20DB25E4403EDB762FB887D4F905235EA9D57B99EF78C180C710
                                Function 00007FF76D67859E Relevance: 4.7, APIs: 3, Instructions: 186networkCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$Cleanupclosesocketrecv
                                • String ID:
                                • API String ID: 1729841683-0
                                • Opcode ID: 3b3df0f135933830fb0054218f7aef5ff891a4c65a9293cd01eedeff48581b97
                                • Instruction ID: 8193fa2ed54acdee8d08447aae53c5947e03a4290ba54176ebbbc3bbe284bca9
                                • Opcode Fuzzy Hash: 3b3df0f135933830fb0054218f7aef5ff891a4c65a9293cd01eedeff48581b97
                                • Instruction Fuzzy Hash: 02914672E2CBC5C1EA21DB19E4443ADA722FB997E0F905331D6AC56AE5EF6CD4808710
                                Function 00007FF76D671DD0 Relevance: 4.6, APIs: 3, Instructions: 87COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: FolderFreeKnownPathTask_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 2444108017-0
                                • Opcode ID: 172967b71784c052f5cd2d2a4d5613b6e69080b217eb3b5ea33015cbd0a5ac62
                                • Instruction ID: 9f8f0646c26c8ae2f64f827c00c6fb956c4c109b92946f56e709af4cd1a8d98d
                                • Opcode Fuzzy Hash: 172967b71784c052f5cd2d2a4d5613b6e69080b217eb3b5ea33015cbd0a5ac62
                                • Instruction Fuzzy Hash: 10316472D2CB8581E720DF65E44026AA761FB987E4F545336EAAC03AA5EF7CD1818B40
                                Function 00007FF76D687764 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo$_local_unwind
                                • String ID:
                                • API String ID: 1677304287-0
                                • Opcode ID: bf7ff17dcb7492c4667a4e3f85a5f987f8021e196c42520ea16941355517f9df
                                • Instruction ID: 342961139806f1ef20101a620380978873f289494efc2b24932fe07f56a62251
                                • Opcode Fuzzy Hash: bf7ff17dcb7492c4667a4e3f85a5f987f8021e196c42520ea16941355517f9df
                                • Instruction Fuzzy Hash: 03216972E3CA46C1EA50FB14E8501B9A363AB95BD4FC81132E61E462A2EE7DE504C730
                                Function 00007FF76D67A52B Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: CloseOpenQueryValue
                                • String ID:
                                • API String ID: 3677997916-0
                                • Opcode ID: f077da70b4df0df4445bd9fb1d487173819d964e831059c3839018c83ece85ec
                                • Instruction ID: d4d6c603864a4c2dc946243203d543d3ba346b5201963e6f341b069e6088b560
                                • Opcode Fuzzy Hash: f077da70b4df0df4445bd9fb1d487173819d964e831059c3839018c83ece85ec
                                • Instruction Fuzzy Hash: 6221A762E2C785C1EA10DB25E45177EE762FFD57D4F805231EA9D42A99FE2CD0848B10
                                Function 00007FF76D679080 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Info$User
                                • String ID:
                                • API String ID: 2017065092-0
                                • Opcode ID: 13d6c8570dd485256c110f571c40c9a01fa7513018fe1e8d2ffc8141344c43e0
                                • Instruction ID: c4347a1d863391255c76d9ff3737b156125738ad5f59911c41016a61d26f6cca
                                • Opcode Fuzzy Hash: 13d6c8570dd485256c110f571c40c9a01fa7513018fe1e8d2ffc8141344c43e0
                                • Instruction Fuzzy Hash: 0211BE32A28B85C7D7109F21E45475AB3A2FB90BC8F445135EB8903B59EF7CE5508B84
                                Function 00007FF76D68FB24 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Process$CurrentExitTerminate
                                • String ID:
                                • API String ID: 1703294689-0
                                • Opcode ID: 00e5c381b48270d40a54af0ff3367ad9dc702e6598c8cac93f1b96722a3b8739
                                • Instruction ID: be0d49efc6344cc24ab8955458b7d31dd0adcfeecfb48c77c0dc3f519e5c9897
                                • Opcode Fuzzy Hash: 00e5c381b48270d40a54af0ff3367ad9dc702e6598c8cac93f1b96722a3b8739
                                • Instruction Fuzzy Hash: 8ED06C10F3C603C6EA283B7098A507893935F987D1F901438C90A077A2EE3CE84A8630
                                Function 00007FF76D6810D0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 157COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: ios_base::badbit set
                                • API String ID: 3668304517-3882152299
                                • Opcode ID: 52db09497a5d91ac7e02eea905f8d1ed387ec103d0ff1c56d0a58c43504bcc7e
                                • Instruction ID: eb310f3d483eb895c46032f5c19e57a035d2a2bcc260e9bb480ffed34f221a38
                                • Opcode Fuzzy Hash: 52db09497a5d91ac7e02eea905f8d1ed387ec103d0ff1c56d0a58c43504bcc7e
                                • Instruction Fuzzy Hash: B961D322F1CA81CAFB119BB8D4003FCB372AF55788F445230DF9D22A95EF38A5958364
                                Function 00007FF76D67FC70 Relevance: 3.3, APIs: 2, Instructions: 257COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2a37f049a9f8dbf12e284a61f8f3ec1f4250e8bf9391b6cd93a1fbb91f70d8dd
                                • Instruction ID: 46c979576157c06e9e7654f68a7f99289faf952e479da362b9e77497ba3d33b1
                                • Opcode Fuzzy Hash: 2a37f049a9f8dbf12e284a61f8f3ec1f4250e8bf9391b6cd93a1fbb91f70d8dd
                                • Instruction Fuzzy Hash: 19A19172E18B8586EB10DF25D8443ADB7A1FB85B98F588235EA4D47799EF3CC481C710
                                Function 00007FF76D63B840 Relevance: 3.2, APIs: 2, Instructions: 206COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 73155330-0
                                • Opcode ID: 8a1450b686805fa37bca6adc8c0aebeb1de2dbd846e7303aa09ce8a3a431e301
                                • Instruction ID: 25fca854b137c981896c79d64b78b7add5395d263a486e09ba95d2ba6b60fd2b
                                • Opcode Fuzzy Hash: 8a1450b686805fa37bca6adc8c0aebeb1de2dbd846e7303aa09ce8a3a431e301
                                • Instruction Fuzzy Hash: EC61CF22F2CB8581E910EB1AE80027AA351FB45BE4F958635DEAD077D4EF7CE051C310
                                Function 00007FF76D686720 Relevance: 3.2, APIs: 2, Instructions: 183COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 73155330-0
                                • Opcode ID: 90c6a1321480a5bb2a134b98c1104961fed274e6a5262b1de9d70769bd84d02e
                                • Instruction ID: db2f432be314e4bba8bfcb5b72b233bfb71364d06102280a521937874cfc1684
                                • Opcode Fuzzy Hash: 90c6a1321480a5bb2a134b98c1104961fed274e6a5262b1de9d70769bd84d02e
                                • Instruction Fuzzy Hash: 2F618F72E2D646C4EE24EE96904427DA762EB15BD4F944631CFAD0B7D1EE3CE48183B0
                                Function 00007FF76D670550 Relevance: 3.2, APIs: 2, Instructions: 161COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$CloseOpen
                                • String ID:
                                • API String ID: 3087652857-0
                                • Opcode ID: 99108861c545486321ea3f073711e629e90b01f7b5e2f93642e8af6af0c3cdbc
                                • Instruction ID: 29d3258af3a18608887d3ce01ea614df7606e5d67d6cd82a777b714c2f5d83ec
                                • Opcode Fuzzy Hash: 99108861c545486321ea3f073711e629e90b01f7b5e2f93642e8af6af0c3cdbc
                                • Instruction Fuzzy Hash: 3971AE32A2CB85C4EB10DB65E4403ADB762F7887D4F945232EA9C47B99EF78D184C710
                                Function 00007FF76D631020 Relevance: 3.2, APIs: 2, Instructions: 157COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 73155330-0
                                • Opcode ID: d3b2b29c12d76606109adc5272ae60bb3f9a894a02f4870b54990e5e516f1c04
                                • Instruction ID: 383ab9673273034b61d07461d2fe5ff4c02f003b98a8783d668fadb069df4025
                                • Opcode Fuzzy Hash: d3b2b29c12d76606109adc5272ae60bb3f9a894a02f4870b54990e5e516f1c04
                                • Instruction Fuzzy Hash: 53518A32A18B42C5EB15AF29D4542ACA3A2FB49FE4F955231CE2D47398EF7CD481C310
                                Function 00007FF76D684220 Relevance: 3.2, APIs: 2, Instructions: 153COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 73155330-0
                                • Opcode ID: 917f2990652e247f87a23d6c1984d931d10ac0dabe79eb90012f6a05e0376f17
                                • Instruction ID: e69de4f009a6a67a78f14d14a5f70190b4723980c8c741423d093efc4a8259d9
                                • Opcode Fuzzy Hash: 917f2990652e247f87a23d6c1984d931d10ac0dabe79eb90012f6a05e0376f17
                                • Instruction Fuzzy Hash: F651E672B28B45C2E610EF56E440269A7A6FB58BE4F944635DFAC437C4EF78E090C310
                                Function 00007FF76D679BA0 Relevance: 3.2, APIs: 2, Instructions: 151COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: InformationVolume__std_fs_get_current_path_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3375085511-0
                                • Opcode ID: 829792834a69022ed63cbf821d847143a14b4c8bbfa548f85f648e8f154bbd2f
                                • Instruction ID: 95ce74beb77ac55c204c989cbdabb3761d9f3e0ea609550c5a93bf34b3d5d8d4
                                • Opcode Fuzzy Hash: 829792834a69022ed63cbf821d847143a14b4c8bbfa548f85f648e8f154bbd2f
                                • Instruction Fuzzy Hash: F1714C32E28B85C9E710DF64E8802ED77B5F788798F904236EA8D53A59EF78D184C750
                                Function 00007FF76D65BC80 Relevance: 3.1, APIs: 2, Instructions: 125COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 73155330-0
                                • Opcode ID: e961f39f10dea6b1b951e3f702a5665c75e0fb64c003f873190661657069de4f
                                • Instruction ID: a7d5ac9c2b73be622e497dfea43b50326ba3499ecf58f6fab279fd71f8ed0e23
                                • Opcode Fuzzy Hash: e961f39f10dea6b1b951e3f702a5665c75e0fb64c003f873190661657069de4f
                                • Instruction Fuzzy Hash: D5417372A1CA85C1D924EF55E4442BDE7A2FB48BD0FA44635DBAD03B95EF3CD0958210
                                Function 00007FF76D6376B0 Relevance: 3.1, APIs: 2, Instructions: 125COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 73155330-0
                                • Opcode ID: 358258d3dcc3a5e45d7442ed84536c277b9443a3dc230a617b72cf71502c3497
                                • Instruction ID: c3724a5d0dc9e576c5f9ad36892f7d4cf211e7d85397b7e2a7e98be9d62dcd20
                                • Opcode Fuzzy Hash: 358258d3dcc3a5e45d7442ed84536c277b9443a3dc230a617b72cf71502c3497
                                • Instruction Fuzzy Hash: D441B221F2C685C1EA20EB15E5042AAE766FB45BD4F985631DFAD07BC9EEBCE041C310
                                Function 00007FF76D61FC40 Relevance: 3.1, APIs: 2, Instructions: 123COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: __std_fs_directory_iterator_open
                                • String ID:
                                • API String ID: 4007087469-0
                                • Opcode ID: ee834aff421969feab66dfcbe23238124499f408b33a583414f1b0ff1dd4b975
                                • Instruction ID: e0c28379a6121fcc26c155371276a82c23dcd65fb9dfc8ad7260fbc83be8a0de
                                • Opcode Fuzzy Hash: ee834aff421969feab66dfcbe23238124499f408b33a583414f1b0ff1dd4b975
                                • Instruction Fuzzy Hash: ED41E363E2C64281EA21AB19E8402B9A362EB857F4F844335EE6D437D5FF3CE0858710
                                Function 00007FF76D63B9D0 Relevance: 3.1, APIs: 2, Instructions: 111COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 73155330-0
                                • Opcode ID: a6bac2aa78eae61604f67457e4f2594b90f5bfa48044f55b22bd3801929c0bb4
                                • Instruction ID: 086f84ce88c00ef2b2ed26ae8d97719f2e7b8f18b237ebbc37069080623ad1fd
                                • Opcode Fuzzy Hash: a6bac2aa78eae61604f67457e4f2594b90f5bfa48044f55b22bd3801929c0bb4
                                • Instruction Fuzzy Hash: 4531E322F2CB85C1E924EB5AE8001BAE351FB45BE4F954A35DEAD07BD5EE7CE0418310
                                Function 00007FF76D636D59 Relevance: 3.1, APIs: 2, Instructions: 102COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bca5caea0c0b3309ab7f85286d9bd6a9805a08802168af73e164575559199924
                                • Instruction ID: 2c91373b3064b73298689381adb7e842186a887b81dba7f92e88f80373346f53
                                • Opcode Fuzzy Hash: bca5caea0c0b3309ab7f85286d9bd6a9805a08802168af73e164575559199924
                                • Instruction Fuzzy Hash: 4D31D522F2D641C1EE24EB55E5001B8E393EB48BD4F891631DAAD0BBC5EE6CE0958350
                                Function 00007FF76D64B750 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: bafe73965b2e3d64d017613704750c268096e2ead7eb7d6d81b8e256c907890b
                                • Instruction ID: e74f30a4393de52c7981e728cbfb95a37524babd91af98db4ab702026b4f46c5
                                • Opcode Fuzzy Hash: bafe73965b2e3d64d017613704750c268096e2ead7eb7d6d81b8e256c907890b
                                • Instruction Fuzzy Hash: A841D772E2C685C5EA20EB28E04536EA752FB857E4F904335E6AC467D5EF2CD084CB10
                                Function 00007FF76D631A80 Relevance: 3.1, APIs: 2, Instructions: 95COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 73155330-0
                                • Opcode ID: 333327eab2b5fef04e94eda38af90cb6394d0d07ba610ef94ea7a8ecf7457eca
                                • Instruction ID: 09f45af00b02ba1aafcf215f9f38b09902579eb58e26919c3d8fc681fc5e73b5
                                • Opcode Fuzzy Hash: 333327eab2b5fef04e94eda38af90cb6394d0d07ba610ef94ea7a8ecf7457eca
                                • Instruction Fuzzy Hash: 6A21F422E19B8281EE19EB15E5002B9A252EF44BF4F644731DA7D03BD6FEBCD4D28350
                                Function 00007FF76D626C10 Relevance: 3.1, APIs: 2, Instructions: 94COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 73155330-0
                                • Opcode ID: 73d5e996c6fa946fc4cbfc32bb763f059e6395303f35a3db09b10d0f9e2bc16c
                                • Instruction ID: 5113dd24789868e0e9a3774bc507025dcfda6605b447c3e1981c4b3f53b60847
                                • Opcode Fuzzy Hash: 73d5e996c6fa946fc4cbfc32bb763f059e6395303f35a3db09b10d0f9e2bc16c
                                • Instruction Fuzzy Hash: 5931CF62F19646C1EA19FB55E000278A292EB44BF4FA48731CA7D06BD5FF7CE4D28390
                                Function 00007FF76D668142 Relevance: 3.1, APIs: 2, Instructions: 61synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
                                • String ID:
                                • API String ID: 420082584-0
                                • Opcode ID: 2d37dbbcdc278812d2fb94bd079e8b6fd7dbb725c2e877b23f4f2f28be93ce96
                                • Instruction ID: 7e0e776c1e46fd034ee87f75e32f1c057414389403ac1ab656ade0a3d5e151f0
                                • Opcode Fuzzy Hash: 2d37dbbcdc278812d2fb94bd079e8b6fd7dbb725c2e877b23f4f2f28be93ce96
                                • Instruction Fuzzy Hash: 0A212C61E3CAC2C0FA21BBB594062FDD323AF897D0FC41531E95D52AD7BE2CA4408272
                                Function 00007FF76D696A78 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF76D696A18,?,?,?,?,?,?,?,00007FF76D696B6D), ref: 00007FF76D696AC4
                                • GetLastError.KERNEL32(?,?,?,?,?,00007FF76D696A18,?,?,?,?,?,?,?,00007FF76D696B6D), ref: 00007FF76D696ACE
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: ErrorFileLastPointer
                                • String ID:
                                • API String ID: 2976181284-0
                                • Opcode ID: 558e61541b40b1db2d94306fe445127bdb7d9f4201fb97becbd1ea20618c89ce
                                • Instruction ID: 53aebc7ca6f6d23e5915a5c40320ba6f6d1e14abf0f16d953b13625b2a46ae4c
                                • Opcode Fuzzy Hash: 558e61541b40b1db2d94306fe445127bdb7d9f4201fb97becbd1ea20618c89ce
                                • Instruction Fuzzy Hash: 3E119461A2CB82C5DA10AB26A504169E763AB44BF4F944331EE7E0B7E9EF7CD4508790
                                Function 00007FF76D6A54E0 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                • String ID:
                                • API String ID: 1173176844-0
                                • Opcode ID: 9b26ece190ddfef467b4df6d1441cacb056fd69bbf8aa7748d5518b3e61eb427
                                • Instruction ID: 8ee021869959a4489f8fdbe134ff09dd13a58d379c037e080769622b91ff1dd6
                                • Opcode Fuzzy Hash: 9b26ece190ddfef467b4df6d1441cacb056fd69bbf8aa7748d5518b3e61eb427
                                • Instruction Fuzzy Hash: 2AE0EC60E3D107C5FD29B26A14150B582434F597F1EAC1B30DABD08AC3BD1CE4554570
                                Function 00007FF76D694454 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • RtlFreeHeap.NTDLL(?,?,?,00007FF76D69E5C2,?,?,?,00007FF76D69E93F,?,?,00000000,00007FF76D69C67C,?,?,?,00007FF76D69C5AF), ref: 00007FF76D69446A
                                • GetLastError.KERNEL32(?,?,?,00007FF76D69E5C2,?,?,?,00007FF76D69E93F,?,?,00000000,00007FF76D69C67C,?,?,?,00007FF76D69C5AF), ref: 00007FF76D694474
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: ErrorFreeHeapLast
                                • String ID:
                                • API String ID: 485612231-0
                                • Opcode ID: 2ec01da6e00d8dba875950f448c3bd01e8b433f0394c9c223fce95592ce8bd56
                                • Instruction ID: 5a8e291595fdf4d1f9a8bdd374c6a8c7b2c24b96918cdb711b9a52eede29170d
                                • Opcode Fuzzy Hash: 2ec01da6e00d8dba875950f448c3bd01e8b433f0394c9c223fce95592ce8bd56
                                • Instruction Fuzzy Hash: 1DE04650E2D603C2FA187BB29848178A2939F88BC0B844434CA1D462A1FE6CA8454A74
                                Function 00007FF76D632E3D Relevance: 1.8, APIs: 1, Instructions: 256COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: 92546de198db13050bf6a0ee85f933f0242c43d558a007e956b641f9dacdc5fc
                                • Instruction ID: fdb7e3a4ea419ceb2bb249fbc5f19503320c90e756ef15b7bd9aba16562476a4
                                • Opcode Fuzzy Hash: 92546de198db13050bf6a0ee85f933f0242c43d558a007e956b641f9dacdc5fc
                                • Instruction Fuzzy Hash: B0B17C32F28A41C4EB10EB65D5442ADB772FB04BD8F866136CF5D17A99EFB8D4908360
                                Function 00007FF76D642FD0 Relevance: 1.7, APIs: 1, Instructions: 234COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: e4b8d00b2f4a2b2c3fe659e53da02b0277adb178f8ddf6ec7fb22caa92f537c5
                                • Instruction ID: 13aa917ed2bbd6cacd4a704896ed35805321b5233c6def2f4d29ad304e1cc514
                                • Opcode Fuzzy Hash: e4b8d00b2f4a2b2c3fe659e53da02b0277adb178f8ddf6ec7fb22caa92f537c5
                                • Instruction Fuzzy Hash: 9AB18232B18A41C9DB20DF35D0942ADB3A2FB48B98F845632EB5D43B99EF39D559C310
                                Function 00007FF76D622C20 Relevance: 1.7, APIs: 1, Instructions: 193COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: f68d042aa357bee486a677adf6ce174f7eaaafe39d83ea2a1ca2d5128a296e77
                                • Instruction ID: 39d0e7ff2bf96f1f9c48683ba31bd33c9bc6dadadd7b75a5b1c3e956c9aeed9e
                                • Opcode Fuzzy Hash: f68d042aa357bee486a677adf6ce174f7eaaafe39d83ea2a1ca2d5128a296e77
                                • Instruction Fuzzy Hash: 17919F22E2CBC585E721DB68E4403ADA7A1FB99398F545335EACC12A99FF6CD184C710
                                Function 00007FF76D694950 Relevance: 1.6, APIs: 1, Instructions: 105COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: 985c8f8dae62dc047e201b1b9ca2207f088a02bc60b06dc54add248a105844ea
                                • Instruction ID: 38059ad1303f6706c1c881f1b4c91a2b55a512093c5e24e80c56d5092ad8300b
                                • Opcode Fuzzy Hash: 985c8f8dae62dc047e201b1b9ca2207f088a02bc60b06dc54add248a105844ea
                                • Instruction Fuzzy Hash: B441B632D2C202C7EA34AA199540279B3A3EF547D4F940171D69E4B799EF7DF802C764
                                Function 00007FF76D6798D0 Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: 0152e75ec3e23d29e7f8a3f0aa9e2e3c45109ca1da6a47a27d089a26da3d125d
                                • Instruction ID: 4513a6421de341e24ef8836729034be26702236650079691fe7019fb2d323b06
                                • Opcode Fuzzy Hash: 0152e75ec3e23d29e7f8a3f0aa9e2e3c45109ca1da6a47a27d089a26da3d125d
                                • Instruction Fuzzy Hash: 01413832F25B488DEB009BB9E4413AC73B6E74879CF404625EE9C66B99EE3481648394
                                Function 00007FF76D647F50 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task
                                • String ID:
                                • API String ID: 118556049-0
                                • Opcode ID: 65d0d06f96b867ddb43fd1b4f97a314bbc05da4afbd5cdcd58a656198bf73c93
                                • Instruction ID: 30fc06eca42ee6cd44824f683c744cabc5802e37ac470c6861545181bbd8a28b
                                • Opcode Fuzzy Hash: 65d0d06f96b867ddb43fd1b4f97a314bbc05da4afbd5cdcd58a656198bf73c93
                                • Instruction Fuzzy Hash: AA414973A18B41C6DB14DF16E480169B7B1FB98F98B558635EB8D43364EF38D8A0C3A0
                                Function 00007FF76D6963E8 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: f8a09153dc28454014ad16fa4410b2a8e400d7f5b281336c33c9fc96a651bd4e
                                • Instruction ID: 134843a1d0b237a63cbcc82b2ebcfb3c9d04c4ca21b440391e269ba8006273bf
                                • Opcode Fuzzy Hash: f8a09153dc28454014ad16fa4410b2a8e400d7f5b281336c33c9fc96a651bd4e
                                • Instruction Fuzzy Hash: 13319022E2C603C9F6117B91884137CA653AF81BE5FC54176E91D073D2EF7CA84486B0
                                Function 00007FF76D632B20 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: bee351596a2aef4efa20bf9dd88d37045f3761a70983d77169941ca1d4ddd2e9
                                • Instruction ID: 23946e0438ddb083769b05411220415c7e8b67f658fd5206d18d9c78dbaf9621
                                • Opcode Fuzzy Hash: bee351596a2aef4efa20bf9dd88d37045f3761a70983d77169941ca1d4ddd2e9
                                • Instruction Fuzzy Hash: 61110476A19B49C6DB159F6DD09426C7362EB8CFD9B919032CE4D47368DF38C890C390
                                Function 00007FF76D68FA55 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: HandleModule$AddressFreeLibraryProc
                                • String ID:
                                • API String ID: 3947729631-0
                                • Opcode ID: 0811f9d8943a53f8311caa714f7c9a3ffa867de5962449656e8e36dab8aaf5e5
                                • Instruction ID: e3ee7511569efa83d8842d203e5141f4301936fe4e37e00537901b5481a88f29
                                • Opcode Fuzzy Hash: 0811f9d8943a53f8311caa714f7c9a3ffa867de5962449656e8e36dab8aaf5e5
                                • Instruction Fuzzy Hash: 8F219531E28B06C9EB24AF64C4402FC77A1EB447A8F944636D71D07AD5EF39D585C760
                                Function 00007FF76D6AEFC8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: 071eab0d2ddb6d97d7b7232e2de0088f1d155ba52ad6f2216ba9fc5c62e5c193
                                • Instruction ID: cbfc56b41368163eb35095ed8c6ca5fea8679cf0038b6767fcf1525a40f2d439
                                • Opcode Fuzzy Hash: 071eab0d2ddb6d97d7b7232e2de0088f1d155ba52ad6f2216ba9fc5c62e5c193
                                • Instruction Fuzzy Hash: 16113321F2C686C1EB60BF519410179E3A6EF95BC0F984432EA8C87A97EF7CE9414774
                                Function 00007FF76D6B3AFC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: d449f7bd6633de8b8bd08ff16019e33518f74ffb8b7583db2479c3fafe75e578
                                • Instruction ID: 4fd194f3fe35e7814e8709cb3a1acbd071ecc8d61d3bb38a92572951e8930507
                                • Opcode Fuzzy Hash: d449f7bd6633de8b8bd08ff16019e33518f74ffb8b7583db2479c3fafe75e578
                                • Instruction Fuzzy Hash: 9C21C532F2CA42C7D761AF18E440379B6A2EB94BD4F944234D65D476D9EF3CD4108B10
                                Function 00007FF76D674540 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: send
                                • String ID:
                                • API String ID: 2809346765-0
                                • Opcode ID: 96e4cb0db8931e5393824d0ecfe825f058e215f5b5777a5c71bbd2f46533e8b7
                                • Instruction ID: c311038b425cbc53258ef9949cbec9a5e07136e851075d1bf245cf02742be0b8
                                • Opcode Fuzzy Hash: 96e4cb0db8931e5393824d0ecfe825f058e215f5b5777a5c71bbd2f46533e8b7
                                • Instruction Fuzzy Hash: B901A221F2CA85C1EB509F16B944129A3A1FB8CFD4F885130EE5D03B58EF68E8418B40
                                Function 00007FF76D627671 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: FileFindNext
                                • String ID:
                                • API String ID: 2029273394-0
                                • Opcode ID: 9cd3b2291a3f23570049eab3fc1e6fef5472ba74db640f5840e90f60f9558740
                                • Instruction ID: ca1ebf89f3fc02fc7bbe57cd96ef976bccb457db159fc6eafa16225a00289115
                                • Opcode Fuzzy Hash: 9cd3b2291a3f23570049eab3fc1e6fef5472ba74db640f5840e90f60f9558740
                                • Instruction Fuzzy Hash: C201FF26A2CAC1C1DA70DB56F4542ABA365FB88BD4F944072DE8D43B59EE3CD846CB10
                                Function 00007FF76D687E64 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: e3199247b15e626e1ff80a5878ee6ff274038b46c14856a595a092b0a0f0e46b
                                • Instruction ID: 27db34db700be07fc04b4bcf8c43a1f45dd843166d788867a2720df10db25b06
                                • Opcode Fuzzy Hash: e3199247b15e626e1ff80a5878ee6ff274038b46c14856a595a092b0a0f0e46b
                                • Instruction Fuzzy Hash: E7E0ED32E2C603C1EB20BAA8A584038E2A25F147F0F908731EA7C026C6EF2898504630
                                Function 00007FF76D6AC048 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                Download Yara Rule
                                APIs
                                • FindNextFileW.KERNEL32(?,?,?,?,00007FF76D61FD7B,?,?,?,?,00000000,00000000,FFFFFFFF,?,?,00007FF76D633F5F), ref: 00007FF76D6AC04C
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: FileFindNext
                                • String ID:
                                • API String ID: 2029273394-0
                                • Opcode ID: 90da3352575779015bf82052fd36c7aa4f0d5469104e151cce640f4290d1ac4f
                                • Instruction ID: a8554ee776bd0d83b664236738f822924ebaf3c0b5f403b1dc6162c484af8bf2
                                • Opcode Fuzzy Hash: 90da3352575779015bf82052fd36c7aa4f0d5469104e151cce640f4290d1ac4f
                                • Instruction Fuzzy Hash: 2DC04C14F6D902C2E66437625C8622192A16F45780FD48431C11D84160ED1DA5A64A71
                                Function 00007FF76D6ADB70 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                Download Yara Rule
                                APIs
                                • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF76D67A118), ref: 00007FF76D6ADB79
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: InfoNativeSystem
                                • String ID:
                                • API String ID: 1721193555-0
                                • Opcode ID: 9a96f232a94608228943c1438b0803d9c53371bfd202436300ffcab614f7d4f0
                                • Instruction ID: a11af446190b0dac325c53e0b9255a793a575b0275c43e1730b100f1612160d1
                                • Opcode Fuzzy Hash: 9a96f232a94608228943c1438b0803d9c53371bfd202436300ffcab614f7d4f0
                                • Instruction Fuzzy Hash: 5AB09226E288C0C3C621FB04E842019B332FB98B09FD00021E28D82624EE2CDA2A8E00
                                Function 00007FF76D694ABC Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • HeapAlloc.KERNEL32(?,?,00000000,00007FF76D6912B6,?,?,8000000000000000,00007FF76D68D1D5,?,?,?,?,00007FF76D696E44,?,?,?), ref: 00007FF76D694B11
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: AllocHeap
                                • String ID:
                                • API String ID: 4292702814-0
                                • Opcode ID: 9ea8c36b1c5ce044bdb4946de57d8b5d265c478620b4be733f447649d6e2b818
                                • Instruction ID: 7aa1995048ffe2ce4a16268584531e4c67e42228dae36ab67dd53b4760301154
                                • Opcode Fuzzy Hash: 9ea8c36b1c5ce044bdb4946de57d8b5d265c478620b4be733f447649d6e2b818
                                • Instruction Fuzzy Hash: 5CF04994F2D617C1FE687A6258513B592839F9CBC0F8C5471C91E8A699FDACF8804638
                                Function 00007FF76D696DF4 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • HeapAlloc.KERNEL32(?,?,?,00007FF76D6A71A3,?,?,?,?,?,?,?,?,0000000100000000,00007FF76D6ACE65), ref: 00007FF76D696E32
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: AllocHeap
                                • String ID:
                                • API String ID: 4292702814-0
                                • Opcode ID: c374065ae54e37142203b7ce4bf8e8709c0fa599dd5bee20d3e6af25bcd0fdcb
                                • Instruction ID: 325c8d70cdf6b8c7c359a0cbc01aa809a3fb522b8de26b26aba337a9e2827d1c
                                • Opcode Fuzzy Hash: c374065ae54e37142203b7ce4bf8e8709c0fa599dd5bee20d3e6af25bcd0fdcb
                                • Instruction Fuzzy Hash: ABF0F811E3D307C5FA6477A29D556B592835F847E0FC84670D92E8A2D1FE6CE84145B0

                                Non-executed Functions

                                Function 00007FF76D6745D0 Relevance: 71.1, APIs: 35, Strings: 4, Instructions: 2875COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                • String ID: cannot compare iterators of different containers$cannot use push_back() with $type must be string, but is $value
                                • API String ID: 73155330-2711811579
                                • Opcode ID: 5e122cef7900a2df7c2627a5efcc6042ec1e73dcd0b8c4c9023047299785a60e
                                • Instruction ID: b9205ef538bc128e150d385286222c60d8539df848b50498175be9a947afe278
                                • Opcode Fuzzy Hash: 5e122cef7900a2df7c2627a5efcc6042ec1e73dcd0b8c4c9023047299785a60e
                                • Instruction Fuzzy Hash: 2A635332E29BC5C9EB70AF24D8403ED6362FB45798F805235D69D4BA99EF78D284C350
                                Function 00007FF76D689EE4 Relevance: 47.4, APIs: 24, Strings: 2, Instructions: 1877COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: memcpy_s$_invalid_parameter_noinfo
                                • String ID: $
                                • API String ID: 2880407647-227171996
                                • Opcode ID: 96773815cc5883af5be3912948e5dc75a65a31fd4e8c4fd35706005d9fd3310d
                                • Instruction ID: 001a881cb6db0047fe88dfccb79290f923afeced0bc06cf10f04bfbbe6be3f73
                                • Opcode Fuzzy Hash: 96773815cc5883af5be3912948e5dc75a65a31fd4e8c4fd35706005d9fd3310d
                                • Instruction Fuzzy Hash: F803A672E2C1C2CBE7759E25D540BF9B792FB547CCF845135DA0A57B84EB38AA008B60
                                Function 00007FF76D6400ED Relevance: 36.1, APIs: 10, Strings: 10, Instructions: 1062COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                • String ID: "$#base$#include$No closed word$key declared, but no value$key opened, but never closed$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                • API String ID: 3936042273-2543107223
                                • Opcode ID: be0f1057ab591b81fc1166b9163d378615f76450ddae4790f62b7dc74e39fc5f
                                • Instruction ID: ea3c41a621f83fd5b3329c65b646deb1acca66101da04a97e54980b442ca0b24
                                • Opcode Fuzzy Hash: be0f1057ab591b81fc1166b9163d378615f76450ddae4790f62b7dc74e39fc5f
                                • Instruction Fuzzy Hash: 72A2A262E2CAC6C5EB61AF25C8443ECA762FB547C8F849131DA4D07A99EF7CD589C310
                                Function 00007FF76D629A59 Relevance: 34.3, APIs: 14, Strings: 5, Instructions: 1060COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$__std_fs_convert_wide_to_narrow
                                • String ID: !$content$filename$status$users
                                • API String ID: 1223724100-3795777748
                                • Opcode ID: 68ce50245ca770b9b486228ef90141bd1ceffc7e7a53cc89049ea39f299aa246
                                • Instruction ID: d08eb63f9649dd36419709b70fe510e48933caccd92fdf7df12e99a48837c5f4
                                • Opcode Fuzzy Hash: 68ce50245ca770b9b486228ef90141bd1ceffc7e7a53cc89049ea39f299aa246
                                • Instruction Fuzzy Hash: 07B29162A29BC6C9DB21EF34D8503EDA362FB45798F805231DA5D4BA99FF78D244C310
                                Function 00007FF76D627ED0 Relevance: 31.1, APIs: 15, Strings: 2, Instructions: 1358COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID: Software$exists
                                • API String ID: 0-2364128853
                                • Opcode ID: 3f2ae3aa0db0c83e31de6e3ddd1a350099d328485ec6be8aaa97c0ada7e70598
                                • Instruction ID: d1996ee9ca5947a41f29c692bbec608c3d7dcbf06e061614b5f83b239b4baf51
                                • Opcode Fuzzy Hash: 3f2ae3aa0db0c83e31de6e3ddd1a350099d328485ec6be8aaa97c0ada7e70598
                                • Instruction Fuzzy Hash: 39E27172A28BC5C9EB209F25D8443ED7361FB99798F505232DA9C17BA9EF78D580C310
                                Function 00007FF76D67DD50 Relevance: 29.5, APIs: 19, Instructions: 1017stringmemorynativeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 2979746431-0
                                • Opcode ID: 250b6f680c1bc1b83b1200a70256d023a186c6c5924837420c6d7b7b0f98236c
                                • Instruction ID: e871c9cb82df65a9dd86488ac4c99655afa1ec8b42cda9a95ba088f6dfd3607a
                                • Opcode Fuzzy Hash: 250b6f680c1bc1b83b1200a70256d023a186c6c5924837420c6d7b7b0f98236c
                                • Instruction Fuzzy Hash: E9D2B836629FC48AD7A18F69E88169EB3B5F788788F105225EECD57B18EF38C154C740
                                Function 00007FF76D62AE00 Relevance: 28.9, APIs: 10, Strings: 6, Instructions: 913COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: content$directory_iterator::directory_iterator$exists$filename$files$key
                                • API String ID: 3668304517-2980817763
                                • Opcode ID: 76b3b3eae4928eef49054ac36a9f34ecc1cacc7aeb0752cacdd59ea39a6dc98c
                                • Instruction ID: 572c74858824ea15479f5e66ff5a4ca3ff7e6a32144215366e47793961567861
                                • Opcode Fuzzy Hash: 76b3b3eae4928eef49054ac36a9f34ecc1cacc7aeb0752cacdd59ea39a6dc98c
                                • Instruction Fuzzy Hash: 0EA26072A18BC5C9DB219F28D8803ED7365FB497A8F905635DA9C07B99EF78D284C310
                                Function 00007FF76D67D610 Relevance: 26.6, APIs: 12, Strings: 3, Instructions: 362nativelibraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Handle$CriticalQuerySection$CloseEnterInformationProcessSystem_invalid_parameter_noinfo_noreturn$AddressCurrentFinalLeaveModuleNameObjectOpenPathProc
                                • String ID: File$NtDuplicateObject$ntdll.dll
                                • API String ID: 2860019875-3955674919
                                • Opcode ID: 21da06c63f2867e29d3588a8774fc642046e8667a66b00752823b9a86500d6e1
                                • Instruction ID: dc65820b35533f076c43d67567e88385088d7296f0b9ebfd5d7e69742881ffd0
                                • Opcode Fuzzy Hash: 21da06c63f2867e29d3588a8774fc642046e8667a66b00752823b9a86500d6e1
                                • Instruction Fuzzy Hash: 3AE18062F2CA85CAFB00EF65D4543BCA363BB84BD8F844531DA4D17B99EF38A1458750
                                Function 00007FF76D5F60C0 Relevance: 25.2, Strings: 20, Instructions: 208COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                • String ID: #recycle$$recycle.bin$$windows.~bt$$windows.~ws$$winreagent$All users$AppData$Application Data$Boot$PerfLogs$Program Files$Program Files (x86)$ProgramData$System Volume Information$Windows$Windows.old$Windows.~bt$bootmgr$config.msi$ntldr
                                • API String ID: 73155330-2722463023
                                • Opcode ID: 09db10df498b887c42b6ddd2bb1ccb86b1b81dbdf6e64d0b75542c00bd61434b
                                • Instruction ID: d2876c659f7f4c5ec7864016b3945ddb502a8bb3dc0daaa99d8ec49d48c42273
                                • Opcode Fuzzy Hash: 09db10df498b887c42b6ddd2bb1ccb86b1b81dbdf6e64d0b75542c00bd61434b
                                • Instruction Fuzzy Hash: E5A19652D78BCA84E710EB34D8513F59362BBEA388FA06336E54C65856FF68B2D4C341
                                Function 00007FF76D6A0E74 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1203COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                • API String ID: 808467561-2761157908
                                • Opcode ID: d3ac3c9e6f2a3cc9299820455b8d5a62efe305f74d449836c4ee372b45885f05
                                • Instruction ID: 0106327d1f3974c0cc5d6816845cd8234cac0508f597dd61e1db6836d2e2ceaf
                                • Opcode Fuzzy Hash: d3ac3c9e6f2a3cc9299820455b8d5a62efe305f74d449836c4ee372b45885f05
                                • Instruction Fuzzy Hash: 60B2B372E2C282CAE7649F65D5407FDB6A2FB543C4F985135DA4A57E88EB3CE900CB10
                                Function 00007FF76D663CC0 Relevance: 21.6, APIs: 7, Strings: 5, Instructions: 630COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: or more] $[default: $[nargs: $[nargs=$[required]
                                • API String ID: 3668304517-2670406794
                                • Opcode ID: 4a7ee4e35fed00e19effd432ee15140a84a88d2486dc642c3fe506a6750980aa
                                • Instruction ID: bd9c3d5e951f7e2b907103807551241d5544184a0f7c8afb78e38c7e1fac6a04
                                • Opcode Fuzzy Hash: 4a7ee4e35fed00e19effd432ee15140a84a88d2486dc642c3fe506a6750980aa
                                • Instruction Fuzzy Hash: A152A362E2CB81C1EB10EBA5E4542ADA772EB897D4F945236DA5D137D9EF7CE080C310
                                Function 00007FF76D62BEE0 Relevance: 21.6, APIs: 8, Strings: 4, Instructions: 608COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: content$directory_iterator::directory_iterator$exists$filename
                                • API String ID: 3668304517-1400943384
                                • Opcode ID: f1e899b5ea1c157f01f1dea9f895bd1c5d1e3a652249b1b41e1ccae9a2354e0f
                                • Instruction ID: f510a58f519b17762f7dbb16d3abad13b83e4f9ef3c9ae7f7c07333aeb344e3c
                                • Opcode Fuzzy Hash: f1e899b5ea1c157f01f1dea9f895bd1c5d1e3a652249b1b41e1ccae9a2354e0f
                                • Instruction Fuzzy Hash: 26527172A29BC5C9DB209F24D8403ED7362FB89798F945231DA9D07B99EF78D284C710
                                Function 00007FF76D659600 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 363COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                • String ID: parse_error$value
                                • API String ID: 1944019136-1739288027
                                • Opcode ID: 8596453e50a0a1da90bf6cbcc496ddab7ca13a6123127e71acc5a9c59b74262f
                                • Instruction ID: f39c86675da396c400a7c72eb8e41153e2ecca430772ae8e28dd362d09e51b9b
                                • Opcode Fuzzy Hash: 8596453e50a0a1da90bf6cbcc496ddab7ca13a6123127e71acc5a9c59b74262f
                                • Instruction Fuzzy Hash: 15F1B362F2CA86C5EB00EB64D4512FDA323EB553D8F805632EA5C1699AFF7CE185C350
                                Function 00007FF76D67E0A0 Relevance: 12.8, APIs: 8, Instructions: 839stringCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: lstrcatlstrcpy$Object$AcquireAllocateInitializeLockMemoryUninitializeVirtual
                                • String ID:
                                • API String ID: 3636535045-0
                                • Opcode ID: b7bfeffe4e490a9624e5010149ae55799967800886d82e80360165d1231289cd
                                • Instruction ID: 25321c5615f10928810748e2bbc0a0820ef8c68a20653760973ba8d456e4c07c
                                • Opcode Fuzzy Hash: b7bfeffe4e490a9624e5010149ae55799967800886d82e80360165d1231289cd
                                • Instruction Fuzzy Hash: AFB2673652AFC58AD7A18F29E88169AB3A4F789784F105225FFCD57F18EF34C2548740
                                Function 00007FF76D664EF0 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 431COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                • String ID: --help$--version$prints version information and exits$shows help message and exits
                                • API String ID: 3936042273-1172229024
                                • Opcode ID: 63d5cc829c311e8b9aac001e537e6ac372537cc762d3cabc515976ba405c58a2
                                • Instruction ID: 3b3e3c0a990d60b07fa7aa5f4f42b352a108645127df94529c62b03be7e0497b
                                • Opcode Fuzzy Hash: 63d5cc829c311e8b9aac001e537e6ac372537cc762d3cabc515976ba405c58a2
                                • Instruction Fuzzy Hash: 3E229932A18B81C5E710DF64E4407ADB7B6FB98788F949235DA8C13B6AEF78D195C300
                                Function 00007FF76D688A38 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                • String ID:
                                • API String ID: 1239891234-0
                                • Opcode ID: 35bf856a41f19bc8ee7b8f5e42e7dc75e2a598134c0ac36b1a8c304357de2300
                                • Instruction ID: a1aeb42e1f60711326853ce9fffe1aba6f76e0964c722c0bc1fa50c31c45627e
                                • Opcode Fuzzy Hash: 35bf856a41f19bc8ee7b8f5e42e7dc75e2a598134c0ac36b1a8c304357de2300
                                • Instruction Fuzzy Hash: C4317136A18F81C5DB60DF25E8442ADB3A5FB84794F940136EA8D43B69EF3CC5458B50
                                Function 00007FF76D68BE00 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: memcpy_s
                                • String ID:
                                • API String ID: 1502251526-3916222277
                                • Opcode ID: 1b748593274e8ddd9ac1e908b2a22b3d8043b10f383cd2471e7c6bd1e5b959b4
                                • Instruction ID: 22e789f8e4b5f3588e3fb1f5caafe2b3785d691cf0749accd628f16f440fd5d8
                                • Opcode Fuzzy Hash: 1b748593274e8ddd9ac1e908b2a22b3d8043b10f383cd2471e7c6bd1e5b959b4
                                • Instruction Fuzzy Hash: 15C1C872A2D686C7D720DF59E084A69F7A2F7847C4F858235DB4A43784EB3DE805CB20
                                Function 00007FF76D6849BA Relevance: 6.9, Strings: 5, Instructions: 634COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: __std_exception_destroy$_invalid_parameter_noinfo_noreturn
                                • String ID: array$object$object key$object separator$value
                                • API String ID: 2506729964-2448007618
                                • Opcode ID: 7c18b47fa51d52272e91b6058e1f2322e3705fc6374010a1bf9b3daa432aa964
                                • Instruction ID: 0a859e3f5f0853443a265f0e1ebf70a39d497dd6e4770907f4c7999d656a6ac5
                                • Opcode Fuzzy Hash: 7c18b47fa51d52272e91b6058e1f2322e3705fc6374010a1bf9b3daa432aa964
                                • Instruction Fuzzy Hash: 2642A522E2C686D5EB00EF34C4511FDA362EB957C4F806532EA0E5769AFF6CE185C360
                                Function 00007FF76D668FD0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 499COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: %
                                • API String ID: 3668304517-2567322570
                                • Opcode ID: f8dd17bd03a9ed5b7083d2af580c5c7e25fdb9617f08cc871f9a5d060bb4ec21
                                • Instruction ID: 4a73da7a15e370576702c448aa9b2b01c9672a64d43c9d81af1720703ce38d57
                                • Opcode Fuzzy Hash: f8dd17bd03a9ed5b7083d2af580c5c7e25fdb9617f08cc871f9a5d060bb4ec21
                                • Instruction Fuzzy Hash: 7A120022F2C6C5CAFB259BA4D4103FDA772AB58788F844136DE4D27B89EE3CD4458361
                                Function 00007FF76D6ABC84 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39windowCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: FormatInfoLocaleMessage
                                • String ID: !x-sys-default-locale
                                • API String ID: 4235545615-2729719199
                                • Opcode ID: e03368e1294968a7be98b08cf2acdcb8e5506132744e7f119a71bf8ca3b046b3
                                • Instruction ID: 1942832bff2d54458731b9edbd2f58fcb7dd7f4f11735a18c9faf68423215149
                                • Opcode Fuzzy Hash: e03368e1294968a7be98b08cf2acdcb8e5506132744e7f119a71bf8ca3b046b3
                                • Instruction Fuzzy Hash: A3018C72E2CB8582E7219B11F4507A9ABA2FB897D4F848135DA8912A98DF3CD445CB10
                                Function 00007FF76D646F70 Relevance: 5.0, APIs: 3, Instructions: 460COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 73155330-0
                                • Opcode ID: dcec567ba59e0678dfe92466f97399e346d882922d2dfdc879b2baf602a7689e
                                • Instruction ID: 900e5ce0e5b76f8b6d7a6b6224e79fd542d1ccc1d0984adbd459bcb5a6f4f519
                                • Opcode Fuzzy Hash: dcec567ba59e0678dfe92466f97399e346d882922d2dfdc879b2baf602a7689e
                                • Instruction Fuzzy Hash: 9602A262F28B81C5EB10EFA5D0442ADA372EB48BD4F948232DE5D17795EF38E495C390
                                Function 00007FF76D627C80 Relevance: 4.6, APIs: 3, Instructions: 145encryptionCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: CryptDataFreeLocalUnprotect_invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 2610421622-0
                                • Opcode ID: fe922275ff4f7ed3ae722bdf4a1dbeb117267567780c805f8d684a0cdb6c988d
                                • Instruction ID: f0acb9fa356ca777b19e3a625050cb6a164f4043d59c49441775ad4ea0663362
                                • Opcode Fuzzy Hash: fe922275ff4f7ed3ae722bdf4a1dbeb117267567780c805f8d684a0cdb6c988d
                                • Instruction Fuzzy Hash: 3C616D32F28A81CAF710DF74D4503ADB3A2EB5879CF444635EA8C16E89EF78D5948360
                                Function 00007FF76D666D70 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 506COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: -
                                • API String ID: 3668304517-2547889144
                                • Opcode ID: f6a5f4831f5460d119c130d630406cbaa068cdcb1508787f5bc61b02de43d130
                                • Instruction ID: b2253ee50cdd5c8ca38d6a86b990176b2ac1e2884e4726b9dba95fb94334582c
                                • Opcode Fuzzy Hash: f6a5f4831f5460d119c130d630406cbaa068cdcb1508787f5bc61b02de43d130
                                • Instruction Fuzzy Hash: 7E228F22E28BC1C6EB10DF65D4402ADA7B6FB457D8F945631EA5C27B99EF38E480C350
                                Function 00007FF76D6950AC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: InfoLocale
                                • String ID: GetLocaleInfoEx
                                • API String ID: 2299586839-2904428671
                                • Opcode ID: 3e7302eb2a7978fa3031c2e08be01dfce33e44987349fbcc01d6c54447146e53
                                • Instruction ID: 47a7a6895b9c82ac167c336a68a6fb9a81dc42e23553ee868e72bab57722b1d2
                                • Opcode Fuzzy Hash: 3e7302eb2a7978fa3031c2e08be01dfce33e44987349fbcc01d6c54447146e53
                                • Instruction Fuzzy Hash: 7701A720F1C742C5E744AB56B4404BAE762EF84BD0F944036DE1D477A9EE3CD9418750
                                Function 00007FF76D6666D0 Relevance: 3.4, APIs: 2, Instructions: 361COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: 5b6fbd3d6831e130143ad7c389dd4d0c595e2b1e576dfdc38dac454ea813c2a2
                                • Instruction ID: 7ab0f3e31bf3b739d867fefb6c7ca745a5a94955322bbcce53bf05e79f2413fa
                                • Opcode Fuzzy Hash: 5b6fbd3d6831e130143ad7c389dd4d0c595e2b1e576dfdc38dac454ea813c2a2
                                • Instruction Fuzzy Hash: 59E1A222E2CBD1C1EB109BA5E44436DAB62FB44BD8F844275DE9D23AD5EF78E4808351
                                Function 00007FF76D66F620 Relevance: 3.2, APIs: 2, Instructions: 242COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: d96a3f2f4de2cb4b2b56d7c3ba2d51a1e2ecacb634fa478f72dd04fa704fd67b
                                • Instruction ID: b2357d042ac16423b6e4a2dbda734aef059ae8426695e907c10be9f58d645956
                                • Opcode Fuzzy Hash: d96a3f2f4de2cb4b2b56d7c3ba2d51a1e2ecacb634fa478f72dd04fa704fd67b
                                • Instruction Fuzzy Hash: 58A18122E2CBC5C2EB14DB56E10436DA7B2FB557C4F849235DA8C16A96EF7CE4C08310
                                Function 00007FF76D698C2C Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: ExceptionRaise_clrfp
                                • String ID:
                                • API String ID: 15204871-0
                                • Opcode ID: b71f1d3c42e610c0face707ee20cd6d6a88a4c4d18c7a9917a4b3c1b6102180a
                                • Instruction ID: a4539c6c2781d27d6106dd0518a423a1f94f280bf1e6c3894a46fd8c370be77e
                                • Opcode Fuzzy Hash: b71f1d3c42e610c0face707ee20cd6d6a88a4c4d18c7a9917a4b3c1b6102180a
                                • Instruction Fuzzy Hash: D8B16D73A18B45CBEB19CF29C44236877A2F784B88F548972DA5D87BB8DB39D811C710
                                Function 00007FF76D69762C Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID: e+000$gfff
                                • API String ID: 0-3030954782
                                • Opcode ID: da619a2ec6fb2360145ee9bd85d1454833031957d55182a0f8e54245fbbe8895
                                • Instruction ID: 83fb34c59484f2716da1d93d128ded03724224dbf4f2485d5a4df02bc2820cd2
                                • Opcode Fuzzy Hash: da619a2ec6fb2360145ee9bd85d1454833031957d55182a0f8e54245fbbe8895
                                • Instruction Fuzzy Hash: AF515B62F2C2C6C6E7249A359800769A793E744BD4F888271DB984FAD5EF7DD8418720
                                Function 00007FF76D65DBD0 Relevance: 1.7, APIs: 1, Instructions: 231COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task
                                • String ID:
                                • API String ID: 118556049-0
                                • Opcode ID: 7d491843c00690ab696a29fdecfd2c4cba183d24c7fa3f37e1d8bca5ef92b61c
                                • Instruction ID: 607e7695b7889c01160581e45c7ddb8b17961c527292e5d2920da9091c087521
                                • Opcode Fuzzy Hash: 7d491843c00690ab696a29fdecfd2c4cba183d24c7fa3f37e1d8bca5ef92b61c
                                • Instruction Fuzzy Hash: 77A19D22A19B99C9EB00CB69D4803AC7771F759788F948536CF8D53B95EF38D091C360
                                Function 00007FF76D65D590 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task
                                • String ID:
                                • API String ID: 118556049-0
                                • Opcode ID: bad8c727b8ff3d655bc053341c37552273949757c92367f1c0688fc43b61d822
                                • Instruction ID: 5b4eb90eb8fd60c0768624a40c3481c8941fdb5c1ffee9a5c5c344e1cdaa800c
                                • Opcode Fuzzy Hash: bad8c727b8ff3d655bc053341c37552273949757c92367f1c0688fc43b61d822
                                • Instruction Fuzzy Hash: 4BA18C22B29B96C9EB00DBA9D4803ACA771F758788F948436CF8D57795EF38D091C360
                                Function 00007FF76D65CF60 Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task
                                • String ID:
                                • API String ID: 118556049-0
                                • Opcode ID: 13417d2202afd287088bb860e0e320552aa8449e36adbd92f8f41a755ee18e82
                                • Instruction ID: 145e765c341c7ca391e4f42f3519eb3a5dc74b5dd62e798b97c4cf4516756703
                                • Opcode Fuzzy Hash: 13417d2202afd287088bb860e0e320552aa8449e36adbd92f8f41a755ee18e82
                                • Instruction Fuzzy Hash: D8A1CD62B29B99C9EB10CB69D4803ACA771F759788F948436CF8D17B95EF38D091C360
                                Function 00007FF76D65DF00 Relevance: 1.7, APIs: 1, Instructions: 210COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task
                                • String ID:
                                • API String ID: 118556049-0
                                • Opcode ID: fba7f4fde73bfc44a27cf012c7902ea7c5bcbac1e6c10f5ba2ec33225ba79af6
                                • Instruction ID: 7eaeab5e41266c4c8cf39fd9d8b121273b29ac1b53d81e3e9be839fdc6a0d46c
                                • Opcode Fuzzy Hash: fba7f4fde73bfc44a27cf012c7902ea7c5bcbac1e6c10f5ba2ec33225ba79af6
                                • Instruction Fuzzy Hash: 1CA18A62B19B99C9EB10CB69D4803ACA771F758788F948436CF8D57B96EF38D091C360
                                Function 00007FF76D6B3BC0 Relevance: 1.7, APIs: 1, Instructions: 182COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _get_daylight_invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 474895018-0
                                • Opcode ID: c18a0d9b03aae947ae56912f7fbd91862cf6e30b660de31e07dea2fef0df8077
                                • Instruction ID: a048bc99ce5894299e7cda4e09b4efd676b404e1a44e14aaafe8e8f5432cd43e
                                • Opcode Fuzzy Hash: c18a0d9b03aae947ae56912f7fbd91862cf6e30b660de31e07dea2fef0df8077
                                • Instruction Fuzzy Hash: 7B611922F2C692C7FB60AA68944077CE6839F407E0FD44236DA2D876C1FF6DE8558760
                                Function 00007FF76D69FAE4 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FF76D6910DC: GetLastError.KERNEL32 ref: 00007FF76D6910EB
                                  • Part of subcall function 00007FF76D6910DC: FlsGetValue.KERNEL32 ref: 00007FF76D691100
                                  • Part of subcall function 00007FF76D6910DC: SetLastError.KERNEL32 ref: 00007FF76D69118B
                                • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF76D6A02CF,?,00000000,00000092,?,?,00000000,?,00007FF76D691CC5), ref: 00007FF76D69FB82
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: ErrorLast$EnumLocalesSystemValue
                                • String ID:
                                • API String ID: 3029459697-0
                                • Opcode ID: 6bbfa0cfbcb117d0d0bd7b1f47d6fbf85da9e61559fd768ec35dd84706e269b8
                                • Instruction ID: c3c129421b2a8ed67905d4bf51f85fe0f20c23fac347b0f41238253e3d852a1a
                                • Opcode Fuzzy Hash: 6bbfa0cfbcb117d0d0bd7b1f47d6fbf85da9e61559fd768ec35dd84706e269b8
                                • Instruction Fuzzy Hash: 251105A3E2C646CAEB149F15D0402A8B7A3EB90BE0F858135E629473D4EE38D9D1C710
                                Function 00007FF76D64AF00 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID: .
                                • API String ID: 0-248832578
                                • Opcode ID: 480c4dd7c12b5ca5eff3fd6117f446d7c26e4b4bccc3cab41be6ea2855e47cbb
                                • Instruction ID: 485a75614e9df17dcfdf4958a245d30f2f52c226213e1beba4b463f93f2320df
                                • Opcode Fuzzy Hash: 480c4dd7c12b5ca5eff3fd6117f446d7c26e4b4bccc3cab41be6ea2855e47cbb
                                • Instruction Fuzzy Hash: 65C16422E2C782C6E760EE29D44817EA3A2FB45BD4F958231DA5D43B95EF7CD849C310
                                Function 00007FF76D69FBB4 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FF76D6910DC: GetLastError.KERNEL32 ref: 00007FF76D6910EB
                                  • Part of subcall function 00007FF76D6910DC: FlsGetValue.KERNEL32 ref: 00007FF76D691100
                                  • Part of subcall function 00007FF76D6910DC: SetLastError.KERNEL32 ref: 00007FF76D69118B
                                • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF76D6A028B,?,00000000,00000092,?,?,00000000,?,00007FF76D691CC5), ref: 00007FF76D69FC32
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: ErrorLast$EnumLocalesSystemValue
                                • String ID:
                                • API String ID: 3029459697-0
                                • Opcode ID: 20f033303a7f43631ab577e4b8c174f2a0670d8761bb9d685c12eeb3ee4fc0cb
                                • Instruction ID: f965fcd10999871ed65bc14936e6afb08b2efa251bb2dda8a1059f21693a3204
                                • Opcode Fuzzy Hash: 20f033303a7f43631ab577e4b8c174f2a0670d8761bb9d685c12eeb3ee4fc0cb
                                • Instruction Fuzzy Hash: B301D672F2C286C6E7146F15E4407A9B293EB40BE4F868271E6294B2C4EF6C98D28710
                                Function 00007FF76D694B68 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF76D694FBB,?,?,?,?,?,?,?,?,00000000,00007FF76D69F130), ref: 00007FF76D694BB7
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: EnumLocalesSystem
                                • String ID:
                                • API String ID: 2099609381-0
                                • Opcode ID: 91facb745afbc2f4637f145e0eb14d72f4a938eed1d470420a8036ca57912e6f
                                • Instruction ID: 53ab8a5bb7648b023c752ce2a91022c748d82c2f2081af991ccfed866c7911c9
                                • Opcode Fuzzy Hash: 91facb745afbc2f4637f145e0eb14d72f4a938eed1d470420a8036ca57912e6f
                                • Instruction Fuzzy Hash: A6F0697AA1CA42C2E700EB55F8506A9A363EB88BC0F988035DA4D87365EF3CE8518750
                                Function 00007FF76D68F67C Relevance: 1.5, APIs: 1, Instructions: 27timeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Time$FileSystem
                                • String ID:
                                • API String ID: 2086374402-0
                                • Opcode ID: b5bbfa824154c3d77187a8a3e5b1d839929f2d5cb3525db48a7388bed245af34
                                • Instruction ID: 1e573fbfc680efb2fd4d0b518bfaf9b177ee20d2ad0e9bba2f5e42fc3353c01b
                                • Opcode Fuzzy Hash: b5bbfa824154c3d77187a8a3e5b1d839929f2d5cb3525db48a7388bed245af34
                                • Instruction Fuzzy Hash: EDF02EA2F3D50983ED04AB1084143289282AF28BE4F105730EE3E0E7D4FE1CD0858320
                                Function 00007FF76D68E10C Relevance: 1.5, Strings: 1, Instructions: 250COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-3916222277
                                • Opcode ID: 0e27038ca049793d61ec5ddb93713cae2a321fb0d894cb179eab7f341e6cf820
                                • Instruction ID: c0e39fa3bb1c3d7f1797cda4081ea2d21cf27ec1ff782d631f9d89f69dfc9a2f
                                • Opcode Fuzzy Hash: 0e27038ca049793d61ec5ddb93713cae2a321fb0d894cb179eab7f341e6cf820
                                • Instruction Fuzzy Hash: 39B19172E2C745C6E7649F29C45413CBBA2E70AB88FA40135DA4D87396EF3AD841C731
                                Function 00007FF76D6AEFD0 Relevance: .6, Instructions: 634COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c5325b933501e752e53b4993b7539b7d02dad47a23dec996b8a144fc4eb4aaf5
                                • Instruction ID: 3308c578a4509136a5975a0797fe47f687937b43019ce6927fc0823b658472d9
                                • Opcode Fuzzy Hash: c5325b933501e752e53b4993b7539b7d02dad47a23dec996b8a144fc4eb4aaf5
                                • Instruction Fuzzy Hash: 89626121D3DE56C5E253AF35B461531A366BF5A3C4F818333E84E66A51FF6CB8628320
                                Function 00007FF76D66F9C0 Relevance: .4, Instructions: 428COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 042c13a15fea5a2a1b7fd401a9e4f90c7abfb219e0802bb1e0a5658ac4d56ca8
                                • Instruction ID: 05b0b7208705cce98c73acb09c6e3cc471f794fef25a04b59ebe38610bb16671
                                • Opcode Fuzzy Hash: 042c13a15fea5a2a1b7fd401a9e4f90c7abfb219e0802bb1e0a5658ac4d56ca8
                                • Instruction Fuzzy Hash: 1F02D312E2CAC2C2EB109B65D1002BAA362FB55BC8F449634DF5D67686EF3CF5D18351
                                Function 00007FF76D68E9A4 Relevance: .3, Instructions: 317COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1b7c041a1ddcf11e25cf0bb9e41c031e648fd4e482a102b9d07c79ecb8b8e1b7
                                • Instruction ID: ccc9ba560c98b18f0a78b47b6c96ae35988fa366b2bdbd2ef9c44365460c4bb6
                                • Opcode Fuzzy Hash: 1b7c041a1ddcf11e25cf0bb9e41c031e648fd4e482a102b9d07c79ecb8b8e1b7
                                • Instruction Fuzzy Hash: 25D1D762E2C646C5EB74AB29810027DA7A2FB44BC8F940135DE5D877D6EF3AE446C370
                                Function 00007FF76D691B14 Relevance: .3, Instructions: 309COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 4023145424-0
                                • Opcode ID: 88e75c18b578dfe027ebcec4b74e3b6c1c05ca8ec6d9b2d69b7d7db6122ddb3f
                                • Instruction ID: 698ace65bd26c1c2093ed95a28e848bd10dce1ddff074798d4abd8002d1ed26f
                                • Opcode Fuzzy Hash: 88e75c18b578dfe027ebcec4b74e3b6c1c05ca8ec6d9b2d69b7d7db6122ddb3f
                                • Instruction Fuzzy Hash: 94C1D725E2C687C5EB60AB2194107BAA7ABFB847C8F904071DE4D4BA99FF3CD905C310
                                Function 00007FF76D6899EC Relevance: .3, Instructions: 283COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c4fbf5227913e0886a99989058a49bce39a7f5bda817c3bb378f8f909cfd4537
                                • Instruction ID: 7af6982d62d355a6d96b831ab988e75c729f3beb52d4045adfe0049abb3bac50
                                • Opcode Fuzzy Hash: c4fbf5227913e0886a99989058a49bce39a7f5bda817c3bb378f8f909cfd4537
                                • Instruction Fuzzy Hash: 1D912922F3C542CAFA256E2994503BA96D2AF407DCF841536DE5E477C4FE2CE809D634
                                Function 00007FF76D65FE50 Relevance: .2, Instructions: 225COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b94abd17858a29da6604f084abc8ede15cb37ad89f40817780fbb3ade52cfd43
                                • Instruction ID: 9e53b51b4ecae7e0da0961a35d3804fed28955d2f6f9517d6d64b8ff12375d0e
                                • Opcode Fuzzy Hash: b94abd17858a29da6604f084abc8ede15cb37ad89f40817780fbb3ade52cfd43
                                • Instruction Fuzzy Hash: 409191B7A246808FD354CF19E440A4ABBA4F3C8B48F51E615EF8593B14E739DA06CF40
                                Function 00007FF76D6AEB50 Relevance: .2, Instructions: 207COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: 8d80873ac15429934d4afb07094e68f7099b14570073c19eee78c38702d7cc11
                                • Instruction ID: 9f6ace4af0c56ec48e61e3f592fc2fc9e66afeb5177586823f515a356173b9a0
                                • Opcode Fuzzy Hash: 8d80873ac15429934d4afb07094e68f7099b14570073c19eee78c38702d7cc11
                                • Instruction Fuzzy Hash: 6781B232F18A51C5EB60EE25C49137D63A2FB44BD8F844636DE6E87B96EF38D4458310
                                Function 00007FF76D697CAC Relevance: .2, Instructions: 198COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 03f10e5c36d2c90e3e843d3ee526e322415ff32a223bae658752ee0c55110d05
                                • Instruction ID: b72552a8706b69aa905cb40269c12c7a94a1fae115a59014534fba180b3e8c12
                                • Opcode Fuzzy Hash: 03f10e5c36d2c90e3e843d3ee526e322415ff32a223bae658752ee0c55110d05
                                • Instruction Fuzzy Hash: AD81E272E2C782C5E764DB19A44037AB693FB457D4F904235DA8D4BB99EE3CE8088B10
                                Function 00007FF76D63CB90 Relevance: .2, Instructions: 190COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5ec938e2278b14a04dbb626e947d484f460c30e86730ef98d8f8e7ce8a528cec
                                • Instruction ID: b050eb0058eb12cd341e5baaf3b64476ddf112b6ab2799f52395b4ad8f9a294b
                                • Opcode Fuzzy Hash: 5ec938e2278b14a04dbb626e947d484f460c30e86730ef98d8f8e7ce8a528cec
                                • Instruction Fuzzy Hash: ED61CA72F296A9C2EE209B1DD4455B8A362FB547D4F87A231EA5E07784EF7CE180C310
                                Function 00007FF76D68DAC4 Relevance: .1, Instructions: 137COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 65988544bd8c51d46c1f2ecd44d2c2020be5c6c9d2ff497e3ff94f9df2993759
                                • Instruction ID: 48f0836d6c0cef8f2d4e09406eeaf5ed7f4909c3b1dc80cfc0bc3be4b8e962d5
                                • Opcode Fuzzy Hash: 65988544bd8c51d46c1f2ecd44d2c2020be5c6c9d2ff497e3ff94f9df2993759
                                • Instruction Fuzzy Hash: 465196B3E2C551CAE728AF25D05433CA762EB95BA8F540136CE4917799EF28EC41CB70
                                Function 00007FF76D68D6F4 Relevance: .1, Instructions: 137COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 15eac905c6263da8fcd042729b4cf6c2eac0663125a33ca76778ac8e5de10585
                                • Instruction ID: 5b7ca40877f13df9d0e80e944129583a3599f21ad03e5611d8a06af7bbcefc01
                                • Opcode Fuzzy Hash: 15eac905c6263da8fcd042729b4cf6c2eac0663125a33ca76778ac8e5de10585
                                • Instruction Fuzzy Hash: 72518476E2C551CAE728AF28C05433CA762EB95B98F544136CE4D17799EF28EC42CB70
                                Function 00007FF76D63FDF9 Relevance: 37.2, APIs: 10, Strings: 11, Instructions: 427COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID: *$/$No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                • API String ID: 0-1642088037
                                • Opcode ID: 4955307820b7bf9e95779d9d6c0d7a91414760f1bd60af515bdb3cc33e576e82
                                • Instruction ID: 14bc237f7ca4a1761eab19ac8ac063716230e71e42cfd8191f41e181567c3126
                                • Opcode Fuzzy Hash: 4955307820b7bf9e95779d9d6c0d7a91414760f1bd60af515bdb3cc33e576e82
                                • Instruction Fuzzy Hash: FE129662E2CA86D4EB60EF24D8442E9A362FF447C8FC49432D65D07AA5FE7CD599C310
                                Function 00007FF76D63FD10 Relevance: 35.3, APIs: 11, Strings: 9, Instructions: 341COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID: No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                • API String ID: 0-2490624340
                                • Opcode ID: d5d9abe7fd30bb05289e982250562a2d0cc516ea7e00891d84855f64588a5f90
                                • Instruction ID: f8ac53b032802774504873840b35ebd599a5e34e74ec3d686eacf692727f3e79
                                • Opcode Fuzzy Hash: d5d9abe7fd30bb05289e982250562a2d0cc516ea7e00891d84855f64588a5f90
                                • Instruction Fuzzy Hash: DBF14122E2CA86D4EB60EF24E8542E9A362FB543C8FC45532E65D069A5FF7CD199C310
                                Function 00007FF76D662B90 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 137COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: .exe$.exe$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas$temp_directory_path
                                • API String ID: 3668304517-3845196099
                                • Opcode ID: f65187cc1a08519a886eb721e53edc390a223561ecd8446332388138ded36300
                                • Instruction ID: b398a7586b8707a3c49eb8f1f819fe386e5299b3efce2d160d43989734491823
                                • Opcode Fuzzy Hash: f65187cc1a08519a886eb721e53edc390a223561ecd8446332388138ded36300
                                • Instruction Fuzzy Hash: 0A518322F2DA81C4FB10EBA4D4401BDA772AF487D4F985635DE5C23A99FF78E4818320
                                Function 00007FF76D6910DC Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Value$ErrorLast$Heap$AllocFree
                                • String ID:
                                • API String ID: 570795689-0
                                • Opcode ID: 5c63d7d18e4e6ebad16c3a7f6c7ebd9b6b334e9cfda971f594c1aa4185fbf8d7
                                • Instruction ID: 7a1261ab9d1453454d1504df122a1a4c0c973fefadff63ed4be8715af9e03e69
                                • Opcode Fuzzy Hash: 5c63d7d18e4e6ebad16c3a7f6c7ebd9b6b334e9cfda971f594c1aa4185fbf8d7
                                • Instruction Fuzzy Hash: 06415E24E2C603C1FA68B36199511B9D2475F887F0FA847B9E93D4F6D6FE6CBC418224
                                Function 00007FF76D688EE8 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 415COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID: 0$0$0$0
                                • API String ID: 3215553584-3558443385
                                • Opcode ID: d608b9ccb3a1d19eeeea9c07fe447e196d3edbd60470f6c5e29c92132ad38802
                                • Instruction ID: bd6ab183432421755300aca8694e64cb732821c9aff63fb5b9d78c407d211758
                                • Opcode Fuzzy Hash: d608b9ccb3a1d19eeeea9c07fe447e196d3edbd60470f6c5e29c92132ad38802
                                • Instruction Fuzzy Hash: 1DF1D732D2D686C9F761AE1584542BDBBA2AB56BC8FC48033C78D477D2EE2D94558330
                                Function 00007FF76D655DC0 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 365COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: ; expected $; last read: '$syntax error $unexpected $while parsing
                                • API String ID: 3668304517-4239264347
                                • Opcode ID: 4681162154355e39811ff480a9e67447bde77904a510e332cb30c837dcb95219
                                • Instruction ID: 84a606573a117e880507be6dabaf2c324cc64534696710650c73cca2e11c3b2e
                                • Opcode Fuzzy Hash: 4681162154355e39811ff480a9e67447bde77904a510e332cb30c837dcb95219
                                • Instruction Fuzzy Hash: 8AF1B072F28681C8FB10EBA5D4443AC6B73AB007A8FA15235DE1C17AD9EF7890C5C350
                                Function 00007FF76D6AC564 Relevance: 16.7, APIs: 11, Instructions: 171COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Handle$File$ErrorInformationLast$Close__std_fs_open_handle$Create
                                • String ID:
                                • API String ID: 45822711-0
                                • Opcode ID: ac255b92f54e0decef66a81c590786349c7e4f825fb4b82c92da3dc8683901ab
                                • Instruction ID: 7527bf6c27250a0dd0da3866a65ca038692dbc1e957ede4d483e816430e8cd30
                                • Opcode Fuzzy Hash: ac255b92f54e0decef66a81c590786349c7e4f825fb4b82c92da3dc8683901ab
                                • Instruction Fuzzy Hash: 3761E539F2C642C9F720EB7548145BCA7A26B457E8F9D1234CD6B56ED8EF2CE4018720
                                Function 00007FF76D61F690 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 279COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FF76D6ABDE8: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF76D63DE88,?,?,?,?,?,00000000,FFFFFFFF,?,?,00007FF76D621F0A), ref: 00007FF76D6ABDFA
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76D61F8F0
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76D61F8F6
                                • __std_exception_destroy.LIBVCRUNTIME ref: 00007FF76D61F987
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$ApisFile__std_exception_destroy
                                • String ID: ", "$: "
                                • API String ID: 397665139-747220369
                                • Opcode ID: 4808c2f4d7ba51b5eba26e56e868f074b75028db4d12b02ae2aae601284c77e8
                                • Instruction ID: b91f7952dfe516b77b21d52d455987c6fe07c1e9bda130e1e609c86c2b523d35
                                • Opcode Fuzzy Hash: 4808c2f4d7ba51b5eba26e56e868f074b75028db4d12b02ae2aae601284c77e8
                                • Instruction Fuzzy Hash: D8A1AE72F28A41C5EB00EF69E4543ADA362EB48BC8F908531DA5D07B9AEF7CD495C350
                                Function 00007FF76D66CB80 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 173COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                • String ID: bad locale name$false$true
                                • API String ID: 164343898-1062449267
                                • Opcode ID: 5d1174ca7e0bab63a7590be40b9ba473c4e59d368f8aee5d261ff5225ac7570d
                                • Instruction ID: c871ab244ad78d39e6e511bd67bac0fdbe974a750a4e02094efc99610489fd15
                                • Opcode Fuzzy Hash: 5d1174ca7e0bab63a7590be40b9ba473c4e59d368f8aee5d261ff5225ac7570d
                                • Instruction Fuzzy Hash: CA716022E1DB41CAEB10EFA1E4502AD77B6EF84784F550134DE8D27A95EF38E425C364
                                Function 00007FF76D665850 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 475COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                • String ID: No such argument:
                                • API String ID: 3936042273-4085609673
                                • Opcode ID: 79abb65eb93aa6a136fdcb700339065af4210c5badc938cf3c7f1f184e35faa3
                                • Instruction ID: eb414e5b720c1e938aeab9836d87d4c65712fae9fba271848e0ceb18a620aa5a
                                • Opcode Fuzzy Hash: 79abb65eb93aa6a136fdcb700339065af4210c5badc938cf3c7f1f184e35faa3
                                • Instruction Fuzzy Hash: 16129172F2C6C1C5FB10ABA5D4053BDA372AB487E8F844635DE5C27ADAEE78D1808351
                                Function 00007FF76D694BE4 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • FreeLibrary.KERNEL32(?,00000000,00007FF76D695292,?,?,00000030,00007FF76D69BF50,?,?,?,?,?,?,?), ref: 00007FF76D694D63
                                • GetProcAddress.KERNEL32(?,00000000,00007FF76D695292,?,?,00000030,00007FF76D69BF50,?,?,?,?,?,?,?), ref: 00007FF76D694D6F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: AddressFreeLibraryProc
                                • String ID: api-ms-$ext-ms-
                                • API String ID: 3013587201-537541572
                                • Opcode ID: ea1db75ad569a1f751d6f236fcb11e3532b51c7e1c493ad09dd3763442c21a1b
                                • Instruction ID: 250fb1c41179cd6cede11d52f9a38180c07797446e22b1848ba2ea518504e5b1
                                • Opcode Fuzzy Hash: ea1db75ad569a1f751d6f236fcb11e3532b51c7e1c493ad09dd3763442c21a1b
                                • Instruction Fuzzy Hash: D041C425F2DA03C1EB11AB16A8041B5A397BF49BE0F884135DD2D8B794FE7CF8498264
                                Function 00007FF76D636F90 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 174COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                • String ID: other_error
                                • API String ID: 1944019136-896093151
                                • Opcode ID: 4b15cb577bf646d70d5b569f81aeae6c6e8bfd0d5b8ad027f23cd0faa020be58
                                • Instruction ID: 0f50f9f4e94541c612f57282cad72bce57ba001b053af13716d57d0b1b3c3a11
                                • Opcode Fuzzy Hash: 4b15cb577bf646d70d5b569f81aeae6c6e8bfd0d5b8ad027f23cd0faa020be58
                                • Instruction Fuzzy Hash: 6B718362F28B46C5FB00DF75D4503ED6362AB553D8F809331DA5C16AD9FE789195C310
                                Function 00007FF76D65B9F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 174COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                • String ID: out_of_range
                                • API String ID: 1944019136-3053435996
                                • Opcode ID: 2e5b05abdf5ab5c2e7fc40b45ad401c18c58e3f5f029ac3bdc37ca94060cc540
                                • Instruction ID: f726beb57a8aac2cf33efc656165706c06e65e0980a009b1a16967f95cf75cec
                                • Opcode Fuzzy Hash: 2e5b05abdf5ab5c2e7fc40b45ad401c18c58e3f5f029ac3bdc37ca94060cc540
                                • Instruction Fuzzy Hash: 04718062F28B86C8FB00DF78D4503EDA362AB553D8F809731DA5C16AD9FE78A195C310
                                Function 00007FF76D6A2E64 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                • String ID: CONOUT$
                                • API String ID: 3230265001-3130406586
                                • Opcode ID: 3e87a9d24b09cb7ed727a1284b1e7e38199b0e79d20510dbc5928c805aadcfb1
                                • Instruction ID: ec2c721d3c46a9f22c3211df07d41714d397cabbee79bde8218fa63216863ca7
                                • Opcode Fuzzy Hash: 3e87a9d24b09cb7ed727a1284b1e7e38199b0e79d20510dbc5928c805aadcfb1
                                • Instruction Fuzzy Hash: 4411B431E2CB41C2E3609B56E854325A3A2FB58FE0F440234EA5D83BA4EF7CD8008B50
                                Function 00007FF76D6ADEE4 Relevance: 9.2, APIs: 6, Instructions: 240COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: ByteCharMultiWide$CompareInfoString
                                • String ID:
                                • API String ID: 2984826149-0
                                • Opcode ID: 1f222af0314fcbf6c58ca9d58d599dac593cbc3de6a245fd672c9df98935204f
                                • Instruction ID: 8bbd51e9b1ab77624479f57c5266fa535c852aa7f5f02b3444face72b53305a7
                                • Opcode Fuzzy Hash: 1f222af0314fcbf6c58ca9d58d599dac593cbc3de6a245fd672c9df98935204f
                                • Instruction Fuzzy Hash: D1A1A322F2C692C5EB30AB1594503BAA793AF447E4F8C4231D99D46FD6FE7CE8508720
                                Function 00007FF76D6ADB88 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: ByteCharMultiStringWide
                                • String ID:
                                • API String ID: 2829165498-0
                                • Opcode ID: 1f3243329c99890ad18f8a7cec79f33d9315a9a6983336c811db799711a53098
                                • Instruction ID: ce326a933d4556dd793e5f44740b3deda4b6be39c68a12c03f8bac0d8434d3ec
                                • Opcode Fuzzy Hash: 1f3243329c99890ad18f8a7cec79f33d9315a9a6983336c811db799711a53098
                                • Instruction Fuzzy Hash: E1816272A28742C6EB60AF119440369A692FB94BE8F980235EE9D17BD4FF7CD8458710
                                Function 00007FF76D671A50 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
                                • String ID:
                                • API String ID: 4268643673-0
                                • Opcode ID: 30679f12dbbd152e61c0fe2a4bbedbaa7e9dfe4d4c4f42536384a88b64d7b78a
                                • Instruction ID: b84fb640ab520dbd2dd26507917c7d254af847277a587794c9b48f491dee5d75
                                • Opcode Fuzzy Hash: 30679f12dbbd152e61c0fe2a4bbedbaa7e9dfe4d4c4f42536384a88b64d7b78a
                                • Instruction Fuzzy Hash: 1F112B32D29B52C5EB10AF25E850068B3A9FF44FA4B984236DA5D026B4EF3DD896C750
                                Function 00007FF76D6380E0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 172COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::__invalid_parameter_noinfo_noreturn
                                • String ID: bad locale name
                                • API String ID: 818938248-1405518554
                                • Opcode ID: 9b8325ff8bc74863a41d4be75a682b880fe8c1739dd87e699f09f246b040dfe4
                                • Instruction ID: 30e0e89b40a835f0ca70f409c8cea13278d0760a92244bb3e49031f69f6624f5
                                • Opcode Fuzzy Hash: 9b8325ff8bc74863a41d4be75a682b880fe8c1739dd87e699f09f246b040dfe4
                                • Instruction Fuzzy Hash: 08719E22F19B41CAFB10EFB0D4503EC7362AF44B98F845135DE5D67AA9EE38D45183A4
                                Function 00007FF76D67A650 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101registryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: Open
                                • String ID: ?
                                • API String ID: 71445658-1684325040
                                • Opcode ID: d7e1ae92a0908e142731b4cf36fff3df5c3d7e532b959394d8cd6afee606e306
                                • Instruction ID: 58b92e419ee663d2934fff1e763964406ea3c9aa1cc57a10a57549cef48d1f42
                                • Opcode Fuzzy Hash: d7e1ae92a0908e142731b4cf36fff3df5c3d7e532b959394d8cd6afee606e306
                                • Instruction Fuzzy Hash: F541B332E2C785C1EB10DB25F44476AB362FB947D4F901235EA9D02A99EF7CD084CB40
                                Function 00007FF76D68FB88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: AddressFreeHandleLibraryModuleProc
                                • String ID: CorExitProcess$mscoree.dll
                                • API String ID: 4061214504-1276376045
                                • Opcode ID: e91dbd054835129bd37fca78440ae2e4d78f62940abb7a5c67c7a2dd2baeef04
                                • Instruction ID: 68283c4521f38640fafc15d7cacd7d7c9266762e53753d66575de3633dcf3324
                                • Opcode Fuzzy Hash: e91dbd054835129bd37fca78440ae2e4d78f62940abb7a5c67c7a2dd2baeef04
                                • Instruction Fuzzy Hash: 59F06265F2DA02C1EB20AB24E459379A362EF897E5FD40635C66E466F4EF3CD044CB60
                                Function 00007FF76D689524 Relevance: 7.7, APIs: 5, Instructions: 157COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: ba78767d69c567f9d7c1615b8af23bd7b3554ffd0ebaa4639307bd7a69fb353b
                                • Instruction ID: 9c5a54ee198763b96e5f75d7c572e846fe1b523f57c36e755191374466aba420
                                • Opcode Fuzzy Hash: ba78767d69c567f9d7c1615b8af23bd7b3554ffd0ebaa4639307bd7a69fb353b
                                • Instruction Fuzzy Hash: 90519722D2D746C6F7526F25A45027DBBD6AF51B8CFC88032C68D07346EE2D9445C732
                                Function 00007FF76D63A600 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 289COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                • String ID: 0:
                                • API String ID: 3936042273-4252728285
                                • Opcode ID: 4d6422c0ed559fec9df3e2ec1cab29afe91ce2d7270e1fdc8ef3114d2a04624e
                                • Instruction ID: f043ef423a8ea8110bf1ae4b5cbf17851affbac8457f7926ee10b63665efac36
                                • Opcode Fuzzy Hash: 4d6422c0ed559fec9df3e2ec1cab29afe91ce2d7270e1fdc8ef3114d2a04624e
                                • Instruction Fuzzy Hash: 61C17C32E28B818AEB10DF65E8402ADB3B5F759798F455635DF8D13B59EF78E0A08310
                                Function 00007FF76D647080 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 246COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                • API String ID: 0-1866435925
                                • Opcode ID: ec5111274b0a19fe5499515a09df4fafe80ec9ab2c4b91590fe775fc4f3bae1c
                                • Instruction ID: 5ecb8bc82093d9115bf8221ed8d539628b819b7831aa44cd40fa81934b531a56
                                • Opcode Fuzzy Hash: ec5111274b0a19fe5499515a09df4fafe80ec9ab2c4b91590fe775fc4f3bae1c
                                • Instruction Fuzzy Hash: F9919C72E28A85C1EB14DB11E45836EB366FB44BC4FA48432EA9D47B94EF38C495C390
                                Function 00007FF76D665F90 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 216COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: Optional arguments:$Positional arguments:$Subcommands:
                                • API String ID: 3668304517-2031040180
                                • Opcode ID: 64d2db2aadb8d65ec33f7ec2082bb7302e0c41f167e730c8a20a573962193ca2
                                • Instruction ID: 36872285867f07e852bc2752a1971da1c4c2f76bd899de5e840e09b48e43be42
                                • Opcode Fuzzy Hash: 64d2db2aadb8d65ec33f7ec2082bb7302e0c41f167e730c8a20a573962193ca2
                                • Instruction Fuzzy Hash: 2AA18B62E2CA81C1EB14EB95E4403BDA763EB44BC4F849036DA0D17796EF7CD585C3A1
                                Function 00007FF76D672CC0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 156COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: CurrentDirectory__std_exception_copy__std_fs_get_current_path_invalid_parameter_noinfo_noreturn
                                • String ID: --type$current_path()
                                • API String ID: 2526998938-584980331
                                • Opcode ID: 545f012f757a79460f80532e936a5fb941bcb4a6abbea2a18c132f2fa72ec685
                                • Instruction ID: 3d3b21c07f986a55a8f764b777957c3c2f19cf6ce9b7a9c3dbd9a72b362bd3ff
                                • Opcode Fuzzy Hash: 545f012f757a79460f80532e936a5fb941bcb4a6abbea2a18c132f2fa72ec685
                                • Instruction Fuzzy Hash: 0C519162F24755C9FB20DBB4D8406AC77B2FB48798F904235EE5967B98EF389485C310
                                Function 00007FF76D667E8A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: ExitProcess$InitializeMutexOpen
                                • String ID: --key$--type$APPB:
                                • API String ID: 3710457153-2541764812
                                • Opcode ID: f0dad4a55aebe92829e22db305535894228dfd5e9c5921f9cb9629a2b4d59aba
                                • Instruction ID: b26028075e382b3a1ae0935c4085062a346c0aed75d5246b76da192de9b47167
                                • Opcode Fuzzy Hash: f0dad4a55aebe92829e22db305535894228dfd5e9c5921f9cb9629a2b4d59aba
                                • Instruction Fuzzy Hash: DD214D21E2CAC6E1EA21BB60E4512FAE362EF943C4FC05031D68D5799AFF6CD549C750
                                Function 00007FF76D6ABD98 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: AddressHandleModuleProc
                                • String ID: GetTempPath2W$kernel32.dll
                                • API String ID: 1646373207-1846531799
                                • Opcode ID: 6f9f3995978003d1ccc8dec992d9ad662db8d21aec809d3de5c822f6ec52e1f4
                                • Instruction ID: 9f8def26436b2a5d09bb9bb6c7caf500501cdeb7c676bbf57d90f22f3bbc69c5
                                • Opcode Fuzzy Hash: 6f9f3995978003d1ccc8dec992d9ad662db8d21aec809d3de5c822f6ec52e1f4
                                • Instruction Fuzzy Hash: E9E0ED61F2CE42C1EA15AB05F954065A362EF487C0B888035D90D47334EE3CD4558B20
                                Function 00007FF76D6B3E38 Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo$_get_daylight
                                • String ID:
                                • API String ID: 72036449-0
                                • Opcode ID: 7f2af6dd734c9f49134f5f6cb4caa58708795f3dc7952dab5fe11fe3ab74a09c
                                • Instruction ID: 9e08211834f7f6b8b5a307d040b05ccc03bd1454516d486a65d98e5f639ea77e
                                • Opcode Fuzzy Hash: 7f2af6dd734c9f49134f5f6cb4caa58708795f3dc7952dab5fe11fe3ab74a09c
                                • Instruction Fuzzy Hash: D151D332F2C203C7F7697A289500379EEA6EF40394F994436DA4D462D6FE7CE8608671
                                Function 00007FF76D63DD8E Relevance: 6.1, APIs: 4, Instructions: 148COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 60a9753c5dd5aaecb0f08403194d8510e73776db33929aef7eaf97357db8d0d5
                                • Instruction ID: abcf0588383ca8f4b17fb7c54f00e3ea44fcdcc5d446c21a2c854372f8ff33cf
                                • Opcode Fuzzy Hash: 60a9753c5dd5aaecb0f08403194d8510e73776db33929aef7eaf97357db8d0d5
                                • Instruction Fuzzy Hash: 2B411922F2C64686EA24AF25A440279E292AF917D4F481634EF9D07BD6FF7CE0918710
                                Function 00007FF76D655A80 Relevance: 6.1, APIs: 4, Instructions: 147COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID:
                                • API String ID: 3668304517-0
                                • Opcode ID: c8d8352de661bcc564db49fef8c4ac3b9240e22af63d4045dcd91f7aa2624c67
                                • Instruction ID: 1ae26c7906c9d33f4391eaa6409f641e3633b32d57813cfcedf41dcec5cf850e
                                • Opcode Fuzzy Hash: c8d8352de661bcc564db49fef8c4ac3b9240e22af63d4045dcd91f7aa2624c67
                                • Instruction Fuzzy Hash: D4518C72B29B85C1EE04EF64E05827CA366FB44FD4F944636DA9C07A99EF2CD4A0C340
                                Function 00007FF76D631D90 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
                                • String ID:
                                • API String ID: 3698853521-0
                                • Opcode ID: cd937c2163436b9fb287f8dcd4740911990055bdb6793be5d7727d4a2ed8b4cb
                                • Instruction ID: 4fd658e15c241975651562ff5639029649df6f70da0e7935bcdbfa76b9362b24
                                • Opcode Fuzzy Hash: cd937c2163436b9fb287f8dcd4740911990055bdb6793be5d7727d4a2ed8b4cb
                                • Instruction Fuzzy Hash: 4A416136E2CB41C1EA10EB15E4502BAB3A6FB44BD0F991531EA9D43795EF7CE451C720
                                Function 00007FF76D633BC0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                • String ID:
                                • API String ID: 1168246061-0
                                • Opcode ID: 0369a9c64f1772f6bca1fded505bf389f4c46f7af8db3148ec6ac7e1e0e24fe9
                                • Instruction ID: 5184421119845be54d9140d86ba149302f6148b92b1ad489e682afb733a134c8
                                • Opcode Fuzzy Hash: 0369a9c64f1772f6bca1fded505bf389f4c46f7af8db3148ec6ac7e1e0e24fe9
                                • Instruction Fuzzy Hash: 47416525E2CA41C1EA15EB19E4402B9A362FB84BD4F8D1531EA9D47BA5EF7CE441C720
                                Function 00007FF76D66C6F0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                • String ID:
                                • API String ID: 1168246061-0
                                • Opcode ID: e9aed6b30e84fad8b38908f104a3c73bb54b038ef3e6a91cf5d8b68b06daa922
                                • Instruction ID: 85d7004932d70cda3b4128064679fd5ca020e72d8e1d9ee9c18b7e5c5b6026a7
                                • Opcode Fuzzy Hash: e9aed6b30e84fad8b38908f104a3c73bb54b038ef3e6a91cf5d8b68b06daa922
                                • Instruction Fuzzy Hash: 5C416235E2DE42C1EA10EF55E4402B9AB62FB48BD4F9D0131DA8E576A5EE3CE441C721
                                Function 00007FF76D66C5A0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                • String ID:
                                • API String ID: 1168246061-0
                                • Opcode ID: 5a318f1a63269f86f6f01977b281ee29954bdc37aff602f150dafae79cdb3a6a
                                • Instruction ID: ef3353598764f355c56604397967347564a687c471ee1e98959de7a046c52681
                                • Opcode Fuzzy Hash: 5a318f1a63269f86f6f01977b281ee29954bdc37aff602f150dafae79cdb3a6a
                                • Instruction Fuzzy Hash: 77418425E2DE42C1EA10EF55E4502B9A762FB48BD4F891131DB8E876A5EE3CE441C721
                                Function 00007FF76D6ABF7C Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: ByteCharErrorLastMultiWide
                                • String ID:
                                • API String ID: 203985260-0
                                • Opcode ID: a35a7af96b277efd2b3ef8961dad066aa662e8996eab021f8be0da18f0958b31
                                • Instruction ID: b6bbdd75c4002778dbd7a4571d5da5626b42696b6308865ecd07ff3bd4ce9084
                                • Opcode Fuzzy Hash: a35a7af96b277efd2b3ef8961dad066aa662e8996eab021f8be0da18f0958b31
                                • Instruction Fuzzy Hash: 36212976A28B95C6E3609F16E44432EBBB5F788BC4F640138DB8953B64EF3DD8118B50
                                Function 00007FF76D6ABD20 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: ErrorFileHandleInformationLast
                                • String ID:
                                • API String ID: 275135790-0
                                • Opcode ID: ef666a5330756d5a635ca31cfb1b723dc77e2aec855cfe130d87bc9277cbf906
                                • Instruction ID: bae13f3df7053ab3ac4a50aa1b9c5983a34b0242a07d069a62fd32f7593c5f10
                                • Opcode Fuzzy Hash: ef666a5330756d5a635ca31cfb1b723dc77e2aec855cfe130d87bc9277cbf906
                                • Instruction Fuzzy Hash: BCF0D631E3C542C2F7A4BB7894686B8A792DF057C0F980134C58A42DA4FF3DE9888720
                                Function 00007FF76D64B520 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00007FF76D63DD8E: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF76D63DEDD
                                  • Part of subcall function 00007FF76D63DD8E: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF76D63DF15
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76D64B741
                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76D64B747
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: __std_fs_convert_narrow_to_wide_invalid_parameter_noinfo_noreturn
                                • String ID: exists
                                • API String ID: 522447391-2996790960
                                • Opcode ID: a6848dfe8cbe46310abd85f92e8c869361070070a400ed4726469f5d07cfcf06
                                • Instruction ID: 7703a77fa49835e49cc099a1e4cdc3d3eb29a89257833314c6c6ceab2e8cd2af
                                • Opcode Fuzzy Hash: a6848dfe8cbe46310abd85f92e8c869361070070a400ed4726469f5d07cfcf06
                                • Instruction Fuzzy Hash: DB517172F28A42C9EB00EFA9D4442EC7323EB487E8F809635DA5D17A99EE38D155C350
                                Function 00007FF76D66CDF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                • String ID: bad locale name
                                • API String ID: 3988782225-1405518554
                                • Opcode ID: 1ad9c77ffd22072e2417aa3a4302156ab4d7865e908e4005bab9a5b36d6378d2
                                • Instruction ID: 66c18543cdd97b08ac055401ac4759bac69a91f0bc3a71de05079f9032a1c81b
                                • Opcode Fuzzy Hash: 1ad9c77ffd22072e2417aa3a4302156ab4d7865e908e4005bab9a5b36d6378d2
                                • Instruction Fuzzy Hash: 18516C32F29A41C9EB10EFB0E4902B8B775EF54B88F880435EA4E26A55EE38D555C364
                                Function 00007FF76D699C24 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                • String ID: ?
                                • API String ID: 1286766494-1684325040
                                • Opcode ID: 474fd3e1ec55746607e6cbbec746fddb0031a9f286cfcaa57028f77b386b185d
                                • Instruction ID: dc348cd32eb8997cccdd8e8dc8e87436f04849982c46103880e7308a76f23732
                                • Opcode Fuzzy Hash: 474fd3e1ec55746607e6cbbec746fddb0031a9f286cfcaa57028f77b386b185d
                                • Instruction Fuzzy Hash: 5F410812E2C743C6FB24AB259441379E6A3EB80BE8F545276EE5C0AAD5EF3CD845C710
                                Function 00007FF76D693E14 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: ErrorFileLastWrite
                                • String ID: U
                                • API String ID: 442123175-4171548499
                                • Opcode ID: bee17eca91563b03ee591555d47daf55e6df060aa8ca0c42c3912dffb49774b0
                                • Instruction ID: fb87325200e463e4956424805e88442a1153f82a92aad7f905ef5733d3d21620
                                • Opcode Fuzzy Hash: bee17eca91563b03ee591555d47daf55e6df060aa8ca0c42c3912dffb49774b0
                                • Instruction Fuzzy Hash: D2418222A2CA42C1DB60AF65E4443A9A7A2FB987D4F854031EE4D87B58EF3CD841C750
                                Function 00007FF76D66B870 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo_noreturn
                                • String ID: false$true
                                • API String ID: 3668304517-2658103896
                                • Opcode ID: efb35b21473e905b062275266f2c6b4fc1117c4455827efe1fd332045f7f9afa
                                • Instruction ID: bf2d4e6cc1cd2caed597f7258ed7a6888e5f19282f2a5213773213439df3e0cc
                                • Opcode Fuzzy Hash: efb35b21473e905b062275266f2c6b4fc1117c4455827efe1fd332045f7f9afa
                                • Instruction Fuzzy Hash: E8417263F28B85D9FB00DFB8D4403EC6372AB69398F845331EA5C126D9EE689195C310
                                Function 00007FF76D698F98 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2033526040.00007FF76D5F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF76D5F0000, based on PE: true
                                • Associated: 00000000.00000002.2033489908.00007FF76D5F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033639501.00007FF76D6C8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033682785.00007FF76D6F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033712410.00007FF76D6F6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033744845.00007FF76D6F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2033779710.00007FF76D6FD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ff76d5f0000_mSLEwIfTGL.jbxd
                                Similarity
                                • API ID: _set_errno_from_matherr
                                • String ID: exp
                                • API String ID: 1187470696-113136155
                                • Opcode ID: 4150a5858f8c1529622c9a3be3afac75e5a34536c3a73a8c8f4fb5056da0edb7
                                • Instruction ID: 2f5b835163cb35e272a7001a36e3d1687e2e0fc462473b5f72fca0e9920fd9e2
                                • Opcode Fuzzy Hash: 4150a5858f8c1529622c9a3be3afac75e5a34536c3a73a8c8f4fb5056da0edb7
                                • Instruction Fuzzy Hash: 69212D36E28616CEE750DF78D4406AD77B2FB48788F801535FA0D96B49EF38E9418B50