Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1543491
MD5:eab6ffe7b3ed8b11859e3c2858cb1b48
SHA1:c825fcb349ed78c6fe437605ef17a9c1ab76fc32
SHA256:ddff18268a87a6d5200836c3219ba973a0e1a60135d5e543cf06d315348ab71b
Tags:exeuser-Bitsight
Infos:

Detection

CredGrabber, Meduza Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Allocates memory in foreign processes
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Sets debug register (to hijack the execution of another thread)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Terminates after testing mutex exists (may check infected machine status)
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5748 cmdline: "C:\Users\user\Desktop\file.exe" MD5: EAB6FFE7B3ED8B11859E3C2858CB1B48)
    • conhost.exe (PID: 4920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 3548 cmdline: "C:\Windows\System32\attrib.exe" MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "176.124.204.206", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt", "build_name": "mob2", "links": "", "port": 15666}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2249385777.000001CBC4B34000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    Process Memory Space: attrib.exe PID: 3548JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      Process Memory Space: attrib.exe PID: 3548JoeSecurity_CredGrabberYara detected CredGrabberJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-28T01:34:15.307850+010020494411A Network Trojan was detected192.168.2.649710176.124.204.20615666TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-28T01:34:15.307850+010020508061A Network Trojan was detected192.168.2.649710176.124.204.20615666TCP
        2024-10-28T01:34:15.313555+010020508061A Network Trojan was detected192.168.2.649710176.124.204.20615666TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-28T01:34:15.307850+010020508071A Network Trojan was detected192.168.2.649710176.124.204.20615666TCP
        2024-10-28T01:34:15.313555+010020508071A Network Trojan was detected192.168.2.649710176.124.204.20615666TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Found malware configuration
        Source: 0.2.file.exe.7ff684ca4000.1.raw.unpackMalware Configuration Extractor: Meduza Stealer {"C2 url": "176.124.204.206", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt", "build_name": "mob2", "links": "", "port": 15666}
        Multi AV Scanner detection for submitted file
        Source: file.exeReversingLabs: Detection: 13%
        Source: file.exeVirustotal: Detection: 13%Perma Link
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
        Machine Learning detection for sample
        Source: file.exeJoe Sandbox ML: detected
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140073B40 CryptUnprotectData,LocalFree,2_2_0000000140073B40
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140038060 CryptUnprotectData,LocalFree,2_2_0000000140038060
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400D7090 CryptUnprotectData,2_2_00000001400D7090
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400D7098 CryptProtectData,2_2_00000001400D7098
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140073E40 CryptProtectData,LocalFree,2_2_0000000140073E40
        Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.6:49712 version: TLS 1.2
        Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140037350 FindFirstFileW,FindNextFileW,2_2_0000000140037350
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400BB6BC FindClose,FindFirstFileExW,GetLastError,2_2_00000001400BB6BC
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400BB76C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,2_2_00000001400BB76C
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400D7100 FindFirstFileW,2_2_00000001400D7100
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140082D90 GetLogicalDriveStringsW,2_2_0000000140082D90
        Source: C:\Windows\System32\attrib.exeFile opened: D:\sources\migration\Jump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: D:\sources\migration\wtr\Jump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.6:49710 -> 176.124.204.206:15666
        Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.6:49710 -> 176.124.204.206:15666
        Source: global trafficTCP traffic: 192.168.2.6:49710 -> 176.124.204.206:15666
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
        Source: Joe Sandbox ViewIP Address: 176.124.204.206 176.124.204.206
        Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
        Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
        Source: Joe Sandbox ViewASN Name: GULFSTREAMUA GULFSTREAMUA
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: unknownDNS query: name: api.ipify.org
        Source: unknownDNS query: name: api.ipify.org
        Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.6:49710 -> 176.124.204.206:15666
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: unknownTCP traffic detected without corresponding DNS query: 176.124.204.206
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140080480 recv,recv,closesocket,WSACleanup,2_2_0000000140080480
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
        Source: global trafficDNS traffic detected: DNS query: api.ipify.org
        Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
        Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
        Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
        Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: file.exeString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
        Source: file.exeString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
        Source: file.exeString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
        Source: attrib.exe, 00000002.00000003.2175011716.000001CBC6811000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248296366.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248418397.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248681142.000001CBC6824000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.a.0/sTy
        Source: attrib.exe, 00000002.00000003.2175011716.000001CBC6811000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248296366.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248418397.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248681142.000001CBC6824000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c.0/ti
        Source: attrib.exe, 00000002.00000003.2175011716.000001CBC6811000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248296366.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248418397.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248681142.000001CBC6824000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.hotosh
        Source: attrib.exe, 00000002.00000003.2175011716.000001CBC6811000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248296366.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248418397.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248681142.000001CBC6824000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adoraw-se
        Source: attrib.exe, 00000002.00000003.2175011716.000001CBC6811000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248296366.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248418397.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248681142.000001CBC6824000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.photo/
        Source: file.exeString found in binary or memory: http://ocsp.digicert.com0A
        Source: file.exeString found in binary or memory: http://ocsp.digicert.com0C
        Source: file.exeString found in binary or memory: http://ocsp.digicert.com0H
        Source: file.exeString found in binary or memory: http://ocsp.digicert.com0I
        Source: file.exeString found in binary or memory: http://ocsp.digicert.com0X
        Source: file.exeString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
        Source: attrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2178261280.000001CBC6AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: attrib.exe, 00000002.00000002.2249385777.000001CBC4B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
        Source: attrib.exe, 00000002.00000003.2176826581.000001CBC4BA9000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000002.2249385777.000001CBC4B88000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2179977325.000001CBC4BA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
        Source: attrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189
        Source: attrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
        Source: attrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
        Source: attrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2178261280.000001CBC6AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: attrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2178261280.000001CBC6AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
        Source: attrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2178261280.000001CBC6AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: attrib.exe, 00000002.00000003.2187827583.000001CBC6C49000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
        Source: attrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
        Source: attrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: attrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: attrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: attrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
        Source: attrib.exe, 00000002.00000003.2181457177.000001CBC6D80000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2187555693.000001CBC6CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
        Source: attrib.exe, 00000002.00000003.2187827583.000001CBC6BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
        Source: attrib.exe, 00000002.00000003.2187827583.000001CBC6BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
        Source: attrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
        Source: file.exeString found in binary or memory: https://www.digicert.com/CPS0
        Source: attrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2178261280.000001CBC6AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: attrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
        Source: attrib.exe, 00000002.00000003.2181457177.000001CBC6D88000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2182753886.000001CBC7782000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2187827583.000001CBC6BAE000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2181457177.000001CBC6E0B000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2187555693.000001CBC6CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
        Source: attrib.exe, 00000002.00000003.2181457177.000001CBC6D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org#
        Source: attrib.exe, 00000002.00000003.2187827583.000001CBC6BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
        Source: attrib.exe, 00000002.00000003.2187827583.000001CBC6BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
        Source: attrib.exe, 00000002.00000003.2187827583.000001CBC6BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
        Source: attrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.6:49712 version: TLS 1.2
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140081580 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,2_2_0000000140081580
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140086060 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,2_2_0000000140086060
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400D76C0 NtQuerySystemInformation,2_2_00000001400D76C0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400D76D0 NtAllocateVirtualMemory,LdrEnumerateLoadedModules,2_2_00000001400D76D0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140085920 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,2_2_0000000140085920
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684CE96200_2_00007FF684CE9620
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684CF15F00_2_00007FF684CF15F0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684D3D9CC0_2_00007FF684D3D9CC
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684D2D5800_2_00007FF684D2D580
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684D2DEE00_2_00007FF684D2DEE0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684CD56800_2_00007FF684CD5680
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684CDB6B00_2_00007FF684CDB6B0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684CD52500_2_00007FF684CD5250
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684CD4C200_2_00007FF684CD4C20
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684CE9BE00_2_00007FF684CE9BE0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684D1CFD00_2_00007FF684D1CFD0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684CDCF800_2_00007FF684CDCF80
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684D613800_2_00007FF684D61380
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684D5EB6C0_2_00007FF684D5EB6C
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684CD45300_2_00007FF684CD4530
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684D1DCF00_2_00007FF684D1DCF0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684CF14F00_2_00007FF684CF14F0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400830402_2_0000000140083040
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400632102_2_0000000140063210
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400822402_2_0000000140082240
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400A22FC2_2_00000001400A22FC
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400373502_2_0000000140037350
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400443F02_2_00000001400443F0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400804802_2_0000000140080480
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400815802_2_0000000140081580
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400885782_2_0000000140088578
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400BB76C2_2_00000001400BB76C
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014007A8F02_2_000000014007A8F0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014003D9302_2_000000014003D930
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014003E9C02_2_000000014003E9C0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140083A602_2_0000000140083A60
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014008AAE02_2_000000014008AAE0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140080CC02_2_0000000140080CC0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140098E402_2_0000000140098E40
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140088F602_2_0000000140088F60
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014009EFBC2_2_000000014009EFBC
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400C30102_2_00000001400C3010
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400070102_2_0000000140007010
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400860602_2_0000000140086060
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014003F0602_2_000000014003F060
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400060C02_2_00000001400060C0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400970EC2_2_00000001400970EC
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400A00E42_2_00000001400A00E4
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400311302_2_0000000140031130
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400501892_2_0000000140050189
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014003B1E02_2_000000014003B1E0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400A11E42_2_00000001400A11E4
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014005B2902_2_000000014005B290
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400382B02_2_00000001400382B0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400322AE2_2_00000001400322AE
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014006E2C02_2_000000014006E2C0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400573002_2_0000000140057300
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014003C3002_2_000000014003C300
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400963442_2_0000000140096344
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400723602_2_0000000140072360
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400AB3982_2_00000001400AB398
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400BE4002_2_00000001400BE400
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400864602_2_0000000140086460
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400064802_2_0000000140006480
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400784902_2_0000000140078490
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400745202_2_0000000140074520
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014009652C2_2_000000014009652C
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400A25782_2_00000001400A2578
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014009A5CC2_2_000000014009A5CC
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400665D02_2_00000001400665D0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014006E5F02_2_000000014006E5F0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400975F42_2_00000001400975F4
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014008D60A2_2_000000014008D60A
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014009263C2_2_000000014009263C
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400A66342_2_00000001400A6634
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014006A6602_2_000000014006A660
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400967142_2_0000000140096714
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400A07642_2_00000001400A0764
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014004E7A92_2_000000014004E7A9
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400A97C42_2_00000001400A97C4
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400318202_2_0000000140031820
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014007C8402_2_000000014007C840
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014004C8702_2_000000014004C870
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400069002_2_0000000140006900
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014006E9102_2_000000014006E910
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400299B02_2_00000001400299B0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400269C02_2_00000001400269C0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014007E9E32_2_000000014007E9E3
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014007E9F32_2_000000014007E9F3
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140027A002_2_0000000140027A00
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140094A502_2_0000000140094A50
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400A2B002_2_00000001400A2B00
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400A7B082_2_00000001400A7B08
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140092B342_2_0000000140092B34
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140071B802_2_0000000140071B80
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140079BD02_2_0000000140079BD0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014006EC302_2_000000014006EC30
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014009FC342_2_000000014009FC34
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014005CD2D2_2_000000014005CD2D
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140070D502_2_0000000140070D50
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140096D5C2_2_0000000140096D5C
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140076D602_2_0000000140076D60
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014003CDE02_2_000000014003CDE0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400AAE2C2_2_00000001400AAE2C
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140039E392_2_0000000140039E39
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140031E502_2_0000000140031E50
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140071EB02_2_0000000140071EB0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400A5EC42_2_00000001400A5EC4
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014004CF202_2_000000014004CF20
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014006EF602_2_000000014006EF60
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400BDF802_2_00000001400BDF80
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014006DFC02_2_000000014006DFC0
        Source: C:\Windows\System32\attrib.exeCode function: String function: 0000000140032280 appears 55 times
        Source: C:\Windows\System32\attrib.exeCode function: String function: 000000014002DA30 appears 50 times
        Source: C:\Windows\System32\attrib.exeCode function: String function: 0000000140036EF0 appears 41 times
        Source: file.exeStatic PE information: invalid certificate
        Source: file.exeStatic PE information: Number of sections : 18 > 10
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/1@1/2
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400878B0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,2_2_00000001400878B0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400D7008 AdjustTokenPrivileges,2_2_00000001400D7008
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014003E9C0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,2_2_000000014003E9C0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400D7720 CoCreateInstance,2_2_00000001400D7720
        Source: C:\Windows\System32\attrib.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E6963CD40775F
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4920:120:WilError_03
        Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: file.exeReversingLabs: Detection: 13%
        Source: file.exeVirustotal: Detection: 13%
        Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\attrib.exe "C:\Windows\System32\attrib.exe"
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\attrib.exe "C:\Windows\System32\attrib.exe"Jump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: rstrtmgr.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\System32\attrib.exeSection loaded: wintypes.dllJump to behavior
        Source: file.exeStatic PE information: Image base 0x140000000 > 0x60000000
        Source: file.exeStatic file information: File size 1477025 > 1048576
        Source: file.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x140a00
        Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014003D930 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,2_2_000000014003D930
        Source: file.exeStatic PE information: real checksum: 0x1690d7 should be: 0x174d44
        Source: file.exeStatic PE information: section name: .xdata
        Source: file.exeStatic PE information: section name: /4
        Source: file.exeStatic PE information: section name: /19
        Source: file.exeStatic PE information: section name: /31
        Source: file.exeStatic PE information: section name: /45
        Source: file.exeStatic PE information: section name: /57
        Source: file.exeStatic PE information: section name: /70
        Source: file.exeStatic PE information: section name: /81
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140078020 ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,2_2_0000000140078020
        Source: C:\Windows\System32\attrib.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_2-71570
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140037350 FindFirstFileW,FindNextFileW,2_2_0000000140037350
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400BB6BC FindClose,FindFirstFileExW,GetLastError,2_2_00000001400BB6BC
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400BB76C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,2_2_00000001400BB76C
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400D7100 FindFirstFileW,2_2_00000001400D7100
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140082D90 GetLogicalDriveStringsW,2_2_0000000140082D90
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140098CE0 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,2_2_0000000140098CE0
        Source: C:\Windows\System32\attrib.exeFile opened: D:\sources\migration\Jump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: D:\sources\migration\wtr\Jump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
        Source: attrib.exe, 00000002.00000002.2249385777.000001CBC4B34000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2176826581.000001CBC4BA9000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000002.2249385777.000001CBC4B88000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2179977325.000001CBC4BA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
        Source: attrib.exe, 00000002.00000003.2246844927.000001CBC6C49000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000002.2250160481.000001CBC6C49000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2187827583.000001CBC6C49000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2180361422.000001CBC6C49000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2244587102.000001CBC6C49000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2191849948.000001CBC6C49000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2247908181.000001CBC6C49000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2246418984.000001CBC6C49000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: YuH/A7XSSjYMFTLKZ4wZnSoDq3yWLctBu1VqqSoq0Tvls2kackMH2VC0hk6yY6kauAdK1YEOJdCBUz5rjqnXCsiOI9ty3S7bjmWQ0fkccAYVJE2NYXm7oaGpGZZBZqsZFINmRi/NhkE1JoKGaDoNszmOabSeDdNsdoAhqa2JxMTaA32gVAQwqd4QAI0UvWkTXdZhkfoZE6U0TaBamt16Vgy7Kc+2bWdgVDaVbdMg11EGdjlGh/5rjBlWtPTGGGxHNbizVc+K4jRUVDSTT3vVbplmc1ptQzHMhkq26tgGqaRUL+CemIWyQ90yoB9UqAgwD2rDipajW1qjB902uTNXg7QsQ2sxWAq3YukomCXHGWjQSrFLQ1myYjesoGsa962KwFIMp+UakCJDy6odhtAaM2XJMqa+HpVhGlpTBxNKtWbKVFWnXk2yIcO0TXrFkVXy1YpAk83mIA1b0dWmADin2Ry0amE1qdpAr8eo0kxiMuSSRsf0NpQyVNXQyV9LAsQESKgDDWxvI+5plRl0mqyGVphMRWs8q6am0mSrpUR0YjkNNeEv5G7awCnfaJaJwFQPjJtiAJ5SpmbKttIMZpYu80BSdSqT7Rsuq+o8GtZ9WpgqUKjFMBRL1uXGutdkzajoHcuBUZyBXTwqKixgDQxyV54KHBvuiWWsly+og4Ep/POJh2vbgHq2cPEnsU5NpTT0E7eb7hgDW4yBv9DhxgOKJnbxBmnBgRS1lGtbWAgU/kzxaGoyOahRPGoy5RS4kFALDm+SUrolLecKY4quXOi6Zcu6pL3Jy6Vumhe6ptiWJaUsY/k8iJZEIJuy5CmBjUiiXuiqqUPlzySOMjdXXw0ZJOQE0tubykzHhgxVtWxFchxjpSH0oB0Ly5Qc/22OWXDQhwVrS/OFt7Rs1cIzQpwp5c7vqRsFazcP4oit3SB0N3m8CMIQFI7hKBIWmEYBmHo0TEVic19bKhaNwjAR3fJkEMaks+aAVJrLylug2cYF9Y8OAmWpLk1ZJwU0w5GcxYItHRoTsgYWBNMsF2tKJXrbBj/G763c/PcNSwOWvRqvwTqBZTLo9/oZ5KvXlPlByrz8dZOGGcQgucCWvqvNNT5O3VEcyTdt31cd6tZQHZiOzQcZC8E22ETZKkgudAP+oUn2G+KcQQbBErMtKVCZBX1tsjmSu2SuFLZCAqXhI9FKzFE906Z2Be2GpMiub+uyTB2beHZ83XMdHeNHIAN/4LMoDxZbf05vsAqlTzcMWZ5kn2EQvW8S382ZMJYjBW++Y1oatCZgYUqKp9u6TaNSIF2TEDvtQNfQGaUsS7L0JVKfbZGyWA+S5rE3OIx9oWGlORaMqS90h6xgIArp0pvuywtTd7hyCA1zsj5AzYXmAOlYkuN5JpKphnYFwV7y48/ITdP4M/PSOAzJ/HkaLJcsjdjnhQbDyaoUAa+FMRwoWhJBvMnzeLkMaVCYG1NaWHN/aSrkxVjgiuRb9tsS8Q4WhQcbkim7iMoyOZgJl5OYrQOnOTSVgGNwOB/E3uIC6RH4THKNpfamWGBHPLBt6Lhm3xM34g7ygXlCorNUKYPh8ZZ5braau967FwbeO5o1pHIsdubrKoaNNYEeMvcDymdblm2CC0Q5VXMkOQgYohlMadka/PhNe/MD3YKpEXhNQ4LhdYiADEA6OJjsMUXFJKIDUh4dyJpiEbehY8xIhAvThNKKRcv0Q3mFBaMYnhF4fO1h6ZMFsw1XStckRVu+LYDkoBAWriOp3mrhmjo9a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaC1DF0K1ohFZDl5jASmKR3itQzUXpUraHaACX6vQ/9XAsTV4DSBo7dk3QZrlT5uo4dswPOpnsJUzg7nmNYtWoEgESZWcUTH2xOwuFIKgJgfVnHTK+JLmAb/RowJPMKhAsCv3xIKp3A3J0bIrT6Kneikg7dvk+GJmkHFttaJEguSLSv129ueZxPU8u/jjbOh58SbK79gHC6fbyHtiXugGa2piEQXxG+bmG0Cus4t/nq2zXfIR5aooh8B19rBJQYmQ20FEfz4uFqfTRmf/+lM6Ex746uEtS7v0ouFUMm83c8HpZ5PQzRdxuv47EQAZ9PEP/ZL6ecyVbL+8hOSJm6+yF+1A
        Source: attrib.exe, 00000002.00000002.2249385777.000001CBC4B88000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2179977325.000001CBC4BA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWa
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
        Source: attrib.exe, 00000002.00000003.2179069441.000001CBC6C50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
        Source: C:\Windows\System32\attrib.exeAPI call chain: ExitProcess graph end nodegraph_2-71195
        Source: C:\Windows\System32\attrib.exeAPI call chain: ExitProcess graph end nodegraph_2-71200
        Source: C:\Windows\System32\attrib.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140086060 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,2_2_0000000140086060
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140091688 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0000000140091688
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400BD6E0 GetLastError,IsDebuggerPresent,OutputDebugStringW,2_2_00000001400BD6E0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_000000014003D930 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,2_2_000000014003D930
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400A9084 GetProcessHeap,2_2_00000001400A9084
        Source: C:\Windows\System32\attrib.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684CA1180 Sleep,Sleep,SetUnhandledExceptionFilter,_set_invalid_parameter_handler,malloc,strlen,malloc,memcpy,_initterm,0_2_00007FF684CA1180
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684CA3111 SetUnhandledExceptionFilter,0_2_00007FF684CA3111
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684DE9388 SetUnhandledExceptionFilter,malloc,0_2_00007FF684DE9388
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_00000001400D72E0 SetUnhandledExceptionFilter,2_2_00000001400D72E0
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140091688 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0000000140091688

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Allocates memory in foreign processes
        Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\System32\attrib.exe base: 140000000 protect: page execute and read and writeJump to behavior
        Contains functionality to inject code into remote processes
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684CA1719 GetModuleFileNameA,memset,memset,CreateProcessA,CreateProcessA,GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,puts,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,SetThreadContext,ResumeThread,ResumeThread,0_2_00007FF684CA1719
        Injects a PE file into a foreign processes
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\attrib.exe base: 140000000 value starts with: 4D5AJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Users\user\Desktop\file.exeThread register set: target process: 3548Jump to behavior
        Sets debug register (to hijack the execution of another thread)
        Source: C:\Users\user\Desktop\file.exeThread register set: 3548 20A6AE70000Jump to behavior
        Writes to foreign memory regions
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\attrib.exe base: 140000000Jump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\attrib.exe base: 140001000Jump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\attrib.exe base: 1400D7000Jump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\attrib.exe base: 140135000Jump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\attrib.exe base: 14013D000Jump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\attrib.exe base: 140144000Jump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\attrib.exe base: 140145000Jump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\attrib.exe base: 140146000Jump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\System32\attrib.exe base: D09B29010Jump to behavior
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140076D60 ShellExecuteW,2_2_0000000140076D60
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\attrib.exe "C:\Windows\System32\attrib.exe"Jump to behavior
        Source: C:\Windows\System32\attrib.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,2_2_00000001400A80AC
        Source: C:\Windows\System32\attrib.exeCode function: GetLocaleInfoEx,FormatMessageA,2_2_00000001400BB330
        Source: C:\Windows\System32\attrib.exeCode function: EnumSystemLocalesW,2_2_00000001400A83F8
        Source: C:\Windows\System32\attrib.exeCode function: EnumSystemLocalesW,2_2_00000001400A84C8
        Source: C:\Windows\System32\attrib.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_00000001400A8560
        Source: C:\Windows\System32\attrib.exeCode function: EnumSystemLocalesW,2_2_000000014009D620
        Source: C:\Windows\System32\attrib.exeCode function: GetLocaleInfoW,2_2_00000001400A87AC
        Source: C:\Windows\System32\attrib.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_00000001400A8904
        Source: C:\Windows\System32\attrib.exeCode function: GetLocaleInfoW,2_2_00000001400A89B4
        Source: C:\Windows\System32\attrib.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_00000001400A8AE0
        Source: C:\Windows\System32\attrib.exeCode function: GetLocaleInfoW,2_2_000000014009DB64
        Source: C:\Windows\System32\attrib.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\attrib.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF684CA1450 GetSystemTime,GetCurrentDirectoryA,0_2_00007FF684CA1450
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140081B60 GetUserNameW,2_2_0000000140081B60
        Source: C:\Windows\System32\attrib.exeCode function: 2_2_0000000140083040 GetTimeZoneInformation,2_2_0000000140083040

        Stealing of Sensitive Information

        barindex
        Yara detected CredGrabber
        Source: Yara matchFile source: Process Memory Space: attrib.exe PID: 3548, type: MEMORYSTR
        Yara detected Meduza Stealer
        Source: Yara matchFile source: 00000002.00000002.2249385777.000001CBC4B34000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: attrib.exe PID: 3548, type: MEMORYSTR
        Found many strings related to Crypto-Wallets (likely being stolen)
        Source: attrib.exe, 00000002.00000002.2249385777.000001CBC4B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum\wallets
        Source: attrib.exe, 00000002.00000002.2249385777.000001CBC4B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\config
        Source: attrib.exe, 00000002.00000003.2177938050.000001CBC4BF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzNF0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNTVdCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K
        Source: attrib.exe, 00000002.00000002.2249385777.000001CBC4B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
        Source: attrib.exe, 00000002.00000002.2249385777.000001CBC4B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
        Source: attrib.exe, 00000002.00000002.2249385777.000001CBC4B34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
        Source: C:\Windows\System32\attrib.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior

        Remote Access Functionality

        barindex
        Yara detected CredGrabber
        Source: Yara matchFile source: Process Memory Space: attrib.exe PID: 3548, type: MEMORYSTR
        Yara detected Meduza Stealer
        Source: Yara matchFile source: 00000002.00000002.2249385777.000001CBC4B34000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: attrib.exe PID: 3548, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
        Native API        		1
        DLL Side-Loading        		1
        Exploitation for Privilege Escalation        		1
        Access Token Manipulation        		1
        OS Credential Dumping        		2
        System Time Discovery        		Remote Services1
        Screen Capture        		21
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        Access Token Manipulation        		611
        Process Injection        		LSASS Memory31
        Security Software Discovery        		Remote Desktop Protocol1
        Archive Collected Data        		1
        Non-Standard Port        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)611
        Process Injection        		1
        Deobfuscate/Decode Files or Information        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin Shares2
        Data from Local System        		2
        Ingress Tool Transfer        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading        		1
        Obfuscated Files or Information        		NTDS1
        Account Discovery        		Distributed Component Object ModelInput Capture2
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        DLL Side-Loading        		LSA Secrets1
        System Owner/User Discovery        		SSHKeylogging3
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
        System Network Configuration Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync3
        File and Directory Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem23
        System Information Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        file.exe13%ReversingLabsWin64.Trojan.SpywareX
        file.exe14%VirustotalBrowse
        file.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        api.ipify.org0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        https://api.ipify.org/0%URL Reputationsafe
        https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
        https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
        https://duckduckgo.com/ac/?q=0%URL Reputationsafe
        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.0%URL Reputationsafe
        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
        https://www.ecosia.org/newtab/0%URL Reputationsafe
        https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg0%URL Reputationsafe
        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
        https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_0%URL Reputationsafe
        https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
        https://api.ipify.org0%URL Reputationsafe
        https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt0%URL Reputationsafe
        https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
        https://support.mozilla.org0%URL Reputationsafe
        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
        https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta0%URL Reputationsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        api.ipify.org
        		172.67.74.152
        		truefalseunknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://api.ipify.org/false
        • URL Reputation: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://ns.adobe.hotoshattrib.exe, 00000002.00000003.2175011716.000001CBC6811000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248296366.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248418397.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248681142.000001CBC6824000.00000004.00000020.00020000.00000000.sdmpfalse
          		unknown
          https://duckduckgo.com/chrome_newtabattrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          https://duckduckgo.com/ac/?q=attrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://ns.adobe.c.0/tiattrib.exe, 00000002.00000003.2175011716.000001CBC6811000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248296366.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248418397.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248681142.000001CBC6824000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            http://ns.adoraw-seattrib.exe, 00000002.00000003.2175011716.000001CBC6811000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248296366.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248418397.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248681142.000001CBC6824000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              http://ns.photo/attrib.exe, 00000002.00000003.2175011716.000001CBC6811000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248296366.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248418397.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248681142.000001CBC6824000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://www.google.com/images/branding/product/ico/googleg_lodp.icoattrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://ns.a.0/sTyattrib.exe, 00000002.00000003.2175011716.000001CBC6811000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248296366.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248418397.000001CBC6820000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2248681142.000001CBC6824000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.attrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiattrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=attrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=attrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2178261280.000001CBC6AF8000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.ecosia.org/newtab/attrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2178261280.000001CBC6AF8000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpgattrib.exe, 00000002.00000003.2187827583.000001CBC6C49000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brattrib.exe, 00000002.00000003.2187827583.000001CBC6BB6000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_attrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://ac.ecosia.org/autocomplete?q=attrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2178261280.000001CBC6AF8000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://api.ipify.orgattrib.exe, 00000002.00000002.2249385777.000001CBC4B34000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYtattrib.exe, 00000002.00000003.2187827583.000001CBC6BB6000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgattrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189attrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchattrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2178261280.000001CBC6AF8000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3attrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://support.mozilla.orgattrib.exe, 00000002.00000003.2181457177.000001CBC6D80000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2187555693.000001CBC6CA2000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=attrib.exe, 00000002.00000003.2178063570.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2177693075.000001CBC6B5F000.00000004.00000020.00020000.00000000.sdmp, attrib.exe, 00000002.00000003.2178261280.000001CBC6AF8000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&ctaattrib.exe, 00000002.00000003.2188497809.000001CBC6B20000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          176.124.204.206
                          		unknownRussian Federation
                          		59652GULFSTREAMUAtrue
                          172.67.74.152
                          		api.ipify.orgUnited States
                          		13335CLOUDFLARENETUSfalse

                          General Information

                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1543491
                          Start date and time:2024-10-28 01:33:11 +01:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 5m 31s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:7
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:file.exe
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@4/1@1/2
                          EGA Information:
                          • Successful, ratio: 100%
                          HCA Information:
                          • Successful, ratio: 99%
                          • Number of executed functions: 55
                          • Number of non-executed functions: 136
                          Cookbook Comments:
                          • Found application associated with file extension: .exe

                          Warnings

                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size exceeded maximum capacity and may have missing network information.

                          Simulations

                          Behavior and APIs

                          No simulations

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          176.124.204.206SecuriteInfo.com.Win64.PWSX-gen.11198.18925.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                            SecuriteInfo.com.Win64.PWSX-gen.20413.18083.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                              file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                  file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                    file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                      file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                        mSLEwIfTGL.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                          172.67.74.15267065b4c84713_Javiles.exeGet hashmaliciousRDPWrap ToolBrowse
                                          • api.ipify.org/
                                          Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                          • api.ipify.org/
                                          4F08j2Rmd9.binGet hashmaliciousXmrigBrowse
                                          • api.ipify.org/
                                          y8tCHz7CwC.binGet hashmaliciousXmrigBrowse
                                          • api.ipify.org/
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • api.ipify.org/
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • api.ipify.org/
                                          file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                          • api.ipify.org/
                                          file.exeGet hashmaliciousRDPWrap ToolBrowse
                                          • api.ipify.org/
                                          Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                          • api.ipify.org/
                                          2zYP8qOYmJ.exeGet hashmaliciousUnknownBrowse
                                          • api.ipify.org/

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          api.ipify.orgRemittance Receipt.exeGet hashmaliciousAgentTeslaBrowse
                                          • 104.26.12.205
                                          SecuriteInfo.com.Win64.Malware-gen.4046.15809.exeGet hashmaliciousEICARBrowse
                                          • 104.26.13.205
                                          SecuriteInfo.com.Win64.Malware-gen.4046.15809.exeGet hashmaliciousUnknownBrowse
                                          • 104.26.12.205
                                          SUNNY HONG VSL PARTICULARS.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 172.67.74.152
                                          SecuriteInfo.com.Trojan.Inject5.10837.16335.2292.exeGet hashmaliciousAgentTeslaBrowse
                                          • 172.67.74.152
                                          Rampage.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                          • 104.26.13.205
                                          Order Specifications for Materials.docx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          • 104.26.12.205
                                          https://pub-535a4999ab4b4c1e81647bad9b888e40.r2.dev/onedrivefresh.htmlGet hashmaliciousUnknownBrowse
                                          • 172.67.74.152
                                          https://ipfox.co.uk/pages/thanks.html#RXJpay5Kb2huc29uQGFnLnN0YXRlLm1uLnVzGet hashmaliciousUnknownBrowse
                                          • 104.26.13.205

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          GULFSTREAMUASecuriteInfo.com.Win64.PWSX-gen.11198.18925.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                          • 176.124.204.206
                                          SecuriteInfo.com.Win64.PWSX-gen.20413.18083.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                          • 176.124.204.206
                                          file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                          • 176.124.204.206
                                          file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                          • 176.124.204.206
                                          file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                          • 176.124.204.206
                                          file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                          • 176.124.204.206
                                          file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                          • 176.124.204.206
                                          mSLEwIfTGL.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                          • 176.124.204.206
                                          https://darlin.com.au/Get hashmaliciousUnknownBrowse
                                          • 176.124.222.157
                                          LisectAVT_2403002A_415.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          • 176.124.220.79
                                          CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                                          • 172.67.170.64
                                          file.exeGet hashmaliciousLummaCBrowse
                                          • 172.67.170.64
                                          SecuriteInfo.com.Win32.PWSX-gen.884.23076.exeGet hashmaliciousLummaCBrowse
                                          • 188.114.96.3
                                          Remittance Receipt.exeGet hashmaliciousAgentTeslaBrowse
                                          • 104.26.12.205
                                          file.exeGet hashmaliciousLummaCBrowse
                                          • 172.67.170.64
                                          file.exeGet hashmaliciousLummaCBrowse
                                          • 104.21.95.91
                                          https://bit.ly/3Cbulr1Get hashmaliciousUnknownBrowse
                                          • 172.67.154.120
                                          file.exeGet hashmaliciousLummaCBrowse
                                          • 104.21.95.91
                                          file.exeGet hashmaliciousLummaCBrowse
                                          • 104.21.95.91
                                          SecuriteInfo.com.Win64.Malware-gen.13500.20938.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                          • 162.159.135.232

                                          JA3 Fingerprints

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          37f463bf4616ecd445d4a1937da06e19CQlUZ4KuAa.exeGet hashmaliciousVidarBrowse
                                          • 172.67.74.152
                                          yt5xqAvHnZ.exeGet hashmaliciousVidarBrowse
                                          • 172.67.74.152
                                          9yJSTTEg68.exeGet hashmaliciousVidarBrowse
                                          • 172.67.74.152
                                          f6ffg1sZS2.exeGet hashmaliciousBabuk, DjvuBrowse
                                          • 172.67.74.152
                                          17300406664afe7aec458893633a7734ab1b119dd638ebaf863f6f65e2e732ab9f2f071556149.dat-decoded.exeGet hashmaliciousZhark RATBrowse
                                          • 172.67.74.152
                                          17300406664afe7aec458893633a7734ab1b119dd638ebaf863f6f65e2e732ab9f2f071556149.dat-decoded.exeGet hashmaliciousZhark RATBrowse
                                          • 172.67.74.152
                                          wifipr.exeGet hashmaliciousUnknownBrowse
                                          • 172.67.74.152
                                          T15hf0Y3mp.lnkGet hashmaliciousUnknownBrowse
                                          • 172.67.74.152
                                          sbOq2d6k2t.lnkGet hashmaliciousUnknownBrowse
                                          • 172.67.74.152
                                          t4GNf3V8mp.exeGet hashmaliciousStealc, VidarBrowse
                                          • 172.67.74.152

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          \Device\ConDrv

                                          Download File
                                          Process:C:\Users\user\Desktop\file.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56
                                          Entropy (8bit):4.068814807123832
                                          Encrypted:false
                                          SSDEEP:3:jLt6LI/Q84sB/5qTLjWz:3trrujM
                                          MD5:C9C7A43D59ED199EB6A356D791B4ACEE
                                          SHA1:5EE39DFEE4B05429646FB839D602BCD25C5BB090
                                          SHA-256:5BB69D695BA5ABD8719D81AA3611F0841F41FFB5E840D476BA383444B19F04FA
                                          SHA-512:A416AEC2F37FB87ACAAB1F0F4565C0582DCE08AEE99140DB10ED58FC9579E147EF111F52383C47C9BFE885CB0850A7AA0CD799A641122A21B597C6E43096C2A9
                                          Malicious:false
                                          Reputation:low
                                          Preview:Downloading.....File downloaded....File cant start now..

                                          Static File Info

                                          General

                                          File type:PE32+ executable (console) x86-64, for MS Windows
                                          Entropy (8bit):6.685369495240918
                                          TrID:
                                          • Win64 Executable Console (202006/5) 92.65%
                                          • Win64 Executable (generic) (12005/4) 5.51%
                                          • Generic Win/DOS Executable (2004/3) 0.92%
                                          • DOS Executable Generic (2002/1) 0.92%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:file.exe
                                          File size:1'477'025 bytes
                                          MD5:eab6ffe7b3ed8b11859e3c2858cb1b48
                                          SHA1:c825fcb349ed78c6fe437605ef17a9c1ab76fc32
                                          SHA256:ddff18268a87a6d5200836c3219ba973a0e1a60135d5e543cf06d315348ab71b
                                          SHA512:06f8da78780bd504ad912b1aecfc76b9a4e04ff2b513202fd7ff56ada7a2b60fc74d6c294da74c7c2f3eb75653c730e98fef8f7e1dcc0ab7ea1c9b17cae6375f
                                          SSDEEP:24576:OiGYw/6K/bd1YYJaOZpwxWs+RmATcoPoVLmudtnhNxeytXP7JLxtC:OiGJ/BRVTvPo5nhTeytXP7JltC
                                          TLSH:E1654A532190ABCFF7C6FAB385049B25D02EC17A4FB24A05541ED9F70B572824B2F9B6
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...B..g.r........&....*.".....................@..........................................`... ............................

                                          File Icon

                                          Icon Hash:13e0febefebefe1f

                                          Static PE Info

                                          General

                                          Entrypoint:0x1400013f0
                                          Entrypoint Section:.text
                                          Digitally signed:true
                                          Imagebase:0x140000000
                                          Subsystem:windows cui
                                          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LARGE_ADDRESS_AWARE
                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                                          Time Stamp:0x671E9742 [Sun Oct 27 19:40:50 2024 UTC]
                                          TLS Callbacks:0x40001cf0, 0x1, 0x40001cc0, 0x1
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:8d5e528fe23b294949f51a142a33e57a

                                          Authenticode Signature

                                          Signature Valid:false
                                          Signature Issuer:CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
                                          Signature Validation Error:The digital signature of the object did not verify
                                          Error Number:-2146869232
                                          Not Before, Not After
                                          • 05/11/2020 01:00:00 03/01/2024 00:59:59
                                          Subject Chain
                                          • CN=FACE IT LIMITED, O=FACE IT LIMITED, L=London, C=GB, SERIALNUMBER=07751649, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB
                                          Version:3
                                          Thumbprint MD5:4BDA8AC7265D4CC636DB09504D4CCBD2
                                          Thumbprint SHA-1:144662779D191ADF615F31BDFE4D28A318FE7D23
                                          Thumbprint SHA-256:EBBB1FD04EC6FF5381C8199CED28832FB1AC0DAD216740BD57650CC143069421
                                          Serial:0E09CEC5B700EEC8A2F9A38AB1C0290F

                                          Entrypoint Preview

                                          Instruction
                                          dec eax
                                          sub esp, 28h
                                          dec eax
                                          mov eax, dword ptr [001440C5h]
                                          mov dword ptr [eax], 00000000h
                                          call 00007F134D18D5EFh
                                          nop
                                          nop
                                          dec eax
                                          add esp, 28h
                                          ret
                                          nop dword ptr [eax]
                                          dec eax
                                          sub esp, 28h
                                          call 00007F134D18F29Ch
                                          dec eax
                                          cmp eax, 01h
                                          sbb eax, eax
                                          dec eax
                                          add esp, 28h
                                          ret
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          dec eax
                                          lea ecx, dword ptr [00000009h]
                                          jmp 00007F134D18D849h
                                          nop dword ptr [eax+00h]
                                          ret
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          nop
                                          push ebp
                                          dec eax
                                          sub esp, 00000140h
                                          dec eax
                                          lea ebp, dword ptr [esp+00000080h]
                                          dec eax
                                          lea eax, dword ptr [ebp+000000B0h]
                                          dec eax
                                          mov ecx, eax
                                          dec eax
                                          mov eax, dword ptr [00147EDFh]
                                          call eax
                                          dec eax
                                          lea eax, dword ptr [ebp-60h]
                                          dec eax
                                          mov edx, eax
                                          mov ecx, 00000104h
                                          dec eax
                                          mov eax, dword ptr [00147EB2h]
                                          call eax
                                          dec eax
                                          lea eax, dword ptr [ebp-60h]
                                          dec eax
                                          mov edx, eax
                                          dec eax
                                          lea eax, dword ptr [00143B6Ah]
                                          dec eax
                                          mov ecx, eax
                                          call 00007F134D18F097h
                                          nop
                                          dec eax
                                          add esp, 00000140h
                                          pop ebp
                                          ret
                                          push ebp
                                          dec eax
                                          mov ebp, esp
                                          dec eax
                                          sub esp, 30h
                                          mov dword ptr [ebp-04h], 00000000h

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1490000xbe8.idata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1550000x160e2.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1460000x2b8.pdata
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x165e190x2b88.rsrc
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x14c0000x98.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x1450e00x28.rdata
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x1493180x250.idata
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x10000x21c80x22009a15d541f8a29a7013f4be7c9378b0daFalse0.5556066176470589data6.0343025856719565IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .data0x40000x1409100x140a00a8eb2956995d9e2c196aaf44b5e0f492False0.4205949987816764data6.5338836257153385IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rdata0x1450000x6300x800509ea949561cd578a69086fd5be04cdeFalse0.3603515625data3.879711696126022IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .pdata0x1460000x2b80x400a18a32296ae0ac35bbe1b2332e82a658False0.37890625data3.166345679357847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .xdata0x1470000x22c0x40092f2165392236f6408c6aa568a009ce9False0.24609375data2.567155203291899IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .bss0x1480000x1e00x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .idata0x1490000xbe80xc007201bd5ea529c9f298288948cbfea4b5False0.3450520833333333data4.380016457827972IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .CRT0x14a0000x600x2002b06c3fb9896340b270121b6fb0a085aFalse0.068359375data0.28655982431271465IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .tls0x14b0000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .reloc0x14c0000x980x20053bbedb4fe54c3092137a3a5527b22f4False0.283203125data1.834442062760243IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                          /40x14d0000x500x200b8fdf6e552e12943a19e71d923b323d1False0.07421875data0.23263253450968063IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                          /190x14e0000x10640x12000010f33700a0f6715c7a9044a8f86c80False0.3580729166666667Matlab v4 mat-file (little endian) @\001, rows 134283269, columns 0, imaginary5.085886369939772IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                          /310x1500000xaf0x2003926a4e9348a2d2f293d468143da249aFalse0.296875data2.128627013155538IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                          /450x1510000xa40x20096c5ed06d2bbfee000ef06e1c40d1fc6False0.220703125data1.4891978798794558IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                          /570x1520000x480x200b67521fbbc06b691ae225d3bdb6755caFalse0.12109375data0.7030875244532455IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                          /700x1530000xa30x200e2f3c94b96d9bf5be041b4676e20bef4False0.275390625data2.467236418005127IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                          /810x1540000x1f80x200cea13e6936ae59f922eee6b03f71b1daFalse0.330078125data4.838226073891876IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                          .rsrc0x1550000x160e20x162001cff358c657ed905a48a9d051c8bb181False0.15623896539548024data5.556068765886106IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_ICON0x1551440x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/mEnglishUnited States0.6365248226950354
                                          RT_ICON0x1555ac0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/mEnglishUnited States0.425422138836773
                                          RT_ICON0x1566540x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/mEnglishUnited States0.23045583372697212
                                          RT_ICON0x15a87c0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/mEnglishUnited States0.12402401514255294
                                          RT_GROUP_ICON0x16b0a40x3edataEnglishUnited States0.7741935483870968

                                          Imports

                                          DLLImport
                                          KERNEL32.dllCloseHandle, CreateProcessA, DeleteCriticalSection, EnterCriticalSection, GetCurrentDirectoryA, GetLastError, GetModuleFileNameA, GetSystemTime, GetThreadContext, InitializeCriticalSection, LeaveCriticalSection, ReadProcessMemory, ResumeThread, SetThreadContext, SetUnhandledExceptionFilter, Sleep, TlsGetValue, VirtualAllocEx, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WriteProcessMemory
                                          api-ms-win-crt-environment-l1-1-0.dll__p__environ, __p__wenviron
                                          api-ms-win-crt-heap-l1-1-0.dll_set_new_mode, calloc, free, malloc
                                          api-ms-win-crt-math-l1-1-0.dll__setusermatherr
                                          api-ms-win-crt-private-l1-1-0.dll__C_specific_handler, memcpy
                                          api-ms-win-crt-runtime-l1-1-0.dll__p___argc, __p___argv, __p___wargv, _beginthreadex, _cexit, _configure_narrow_argv, _configure_wide_argv, _crt_at_quick_exit, _crt_atexit, _endthreadex, _exit, _initialize_narrow_environment, _initialize_wide_environment, _initterm, _set_app_type, _set_invalid_parameter_handler, abort, exit, signal
                                          api-ms-win-crt-stdio-l1-1-0.dll__acrt_iob_func, __p__commode, __p__fmode, __stdio_common_vfprintf, __stdio_common_vfwprintf, fflush, fwrite, puts
                                          api-ms-win-crt-string-l1-1-0.dllmemset, strlen, strncmp
                                          api-ms-win-crt-time-l1-1-0.dll__daylight, __timezone, __tzname, _tzset

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          EnglishUnited States

                                          Network Behavior

                                          Suricata IDS Alerts

                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                          2024-10-28T01:34:15.307850+01002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.649710176.124.204.20615666TCP
                                          2024-10-28T01:34:15.307850+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.649710176.124.204.20615666TCP
                                          2024-10-28T01:34:15.307850+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.649710176.124.204.20615666TCP
                                          2024-10-28T01:34:15.313555+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.649710176.124.204.20615666TCP
                                          2024-10-28T01:34:15.313555+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.649710176.124.204.20615666TCP

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Oct 28, 2024 01:34:08.961843014 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:08.967894077 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:08.967989922 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:09.609169960 CET49712443192.168.2.6172.67.74.152
                                          Oct 28, 2024 01:34:09.609200954 CET44349712172.67.74.152192.168.2.6
                                          Oct 28, 2024 01:34:09.609286070 CET49712443192.168.2.6172.67.74.152
                                          Oct 28, 2024 01:34:09.617404938 CET49712443192.168.2.6172.67.74.152
                                          Oct 28, 2024 01:34:09.617415905 CET44349712172.67.74.152192.168.2.6
                                          Oct 28, 2024 01:34:10.238538027 CET44349712172.67.74.152192.168.2.6
                                          Oct 28, 2024 01:34:10.238615036 CET49712443192.168.2.6172.67.74.152
                                          Oct 28, 2024 01:34:10.427647114 CET49712443192.168.2.6172.67.74.152
                                          Oct 28, 2024 01:34:10.427705050 CET44349712172.67.74.152192.168.2.6
                                          Oct 28, 2024 01:34:10.427964926 CET44349712172.67.74.152192.168.2.6
                                          Oct 28, 2024 01:34:10.429984093 CET49712443192.168.2.6172.67.74.152
                                          Oct 28, 2024 01:34:10.442240953 CET49712443192.168.2.6172.67.74.152
                                          Oct 28, 2024 01:34:10.487329960 CET44349712172.67.74.152192.168.2.6
                                          Oct 28, 2024 01:34:10.619669914 CET44349712172.67.74.152192.168.2.6
                                          Oct 28, 2024 01:34:10.619735003 CET44349712172.67.74.152192.168.2.6
                                          Oct 28, 2024 01:34:10.619821072 CET49712443192.168.2.6172.67.74.152
                                          Oct 28, 2024 01:34:10.640732050 CET49712443192.168.2.6172.67.74.152
                                          Oct 28, 2024 01:34:10.640770912 CET44349712172.67.74.152192.168.2.6
                                          Oct 28, 2024 01:34:15.307849884 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.313328028 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.313350916 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.313395023 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.313446045 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.313534975 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.313555002 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.313617945 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.313683987 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.313693047 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.313700914 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.313718081 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.313728094 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.313754082 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.313808918 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.318927050 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.318936110 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.318977118 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.318986893 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.319017887 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.319067955 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.319251060 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.319329023 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.319487095 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.319534063 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.319544077 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.319595098 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.319696903 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.319796085 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.319824934 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.319905996 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.324489117 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.324563026 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.324596882 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.324640989 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.324700117 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.324894905 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.324970007 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.325066090 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325112104 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325119972 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325128078 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.325197935 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.325309038 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325318098 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325376034 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.325403929 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325431108 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325439930 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325453997 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325458050 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.325464010 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325480938 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325489998 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325495958 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.325505972 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325515985 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325542927 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325562000 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325570107 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.325577021 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325587988 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325597048 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325606108 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.325609922 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.325639009 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.325692892 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.329919100 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.329937935 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.329946995 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.329994917 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330022097 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330028057 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330091000 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330092907 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330147982 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330203056 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330212116 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330219030 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330228090 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330248117 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330256939 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330280066 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330327988 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330332041 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330342054 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330349922 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330400944 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330408096 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330419064 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330425978 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330442905 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330451965 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330483913 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330499887 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330513000 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330547094 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330564022 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330626011 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330653906 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330662966 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330713034 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330727100 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330735922 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330744028 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330754042 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330780029 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330804110 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330833912 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330847979 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330862999 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330867052 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.330890894 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330919981 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.330981016 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331039906 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331048012 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331051111 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331113100 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331111908 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331156969 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331166029 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331176996 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331192017 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331209898 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331228971 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331262112 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331269026 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331279039 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331283092 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331286907 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331301928 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331310987 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331337929 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331347942 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331357956 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331398964 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331403017 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331413031 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331429005 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331437111 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331465006 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331469059 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331478119 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331504107 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331505060 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331515074 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331537008 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331546068 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331554890 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331572056 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331585884 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331602097 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331609011 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331629038 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331640005 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331646919 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331671000 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331686974 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331688881 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331701040 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331711054 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331726074 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331739902 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331748962 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331768990 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331809998 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.331824064 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.331877947 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.335335016 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335385084 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335392952 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.335395098 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335412025 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335449934 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.335479975 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335488081 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335514069 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335515022 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.335522890 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335532904 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335544109 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335553885 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.335612059 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.335649014 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335659027 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335679054 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335688114 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335702896 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335711956 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335716963 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.335745096 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.335773945 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335781097 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.335782051 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335823059 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335832119 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335839987 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335859060 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.335906982 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.335911036 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335921049 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335937977 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335946083 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335952997 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335972071 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335975885 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.335979939 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.335994959 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336013079 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336021900 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336026907 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336064100 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336071014 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336072922 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336095095 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336105108 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336126089 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336154938 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336155891 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336163998 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336178064 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336199045 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336211920 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336222887 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336252928 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336258888 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336272955 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336280107 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336292028 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336302042 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336319923 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336352110 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336352110 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336361885 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336379051 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336386919 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336405039 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336416006 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336420059 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336426020 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336442947 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336451054 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336453915 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336472034 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336491108 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336502075 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336504936 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336530924 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336535931 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336539984 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336550951 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336556911 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336566925 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336575031 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336581945 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336589098 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336592913 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336620092 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336623907 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336633921 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336651087 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336673021 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336682081 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336684942 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336710930 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336719990 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336741924 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336752892 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336764097 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336776018 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336790085 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336826086 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336836100 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336838007 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336846113 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336854935 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336870909 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336872101 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336884022 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336906910 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336911917 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336916924 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336931944 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336946011 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336958885 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336966038 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.336971045 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.336996078 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337003946 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337019920 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337035894 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337037086 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337047100 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337049007 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337055922 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337088108 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337096930 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337114096 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337121964 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337130070 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337173939 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337187052 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337197065 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337204933 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337224960 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337234020 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337240934 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337256908 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337281942 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337286949 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337291956 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337306976 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337316990 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337352991 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337369919 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337395906 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337446928 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337471962 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337481022 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337487936 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337518930 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337537050 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337548971 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337558985 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337565899 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337574005 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337589979 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337599039 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337613106 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337615013 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337624073 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337636948 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337672949 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337703943 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337713003 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337719917 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337738991 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337747097 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337768078 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337774992 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337776899 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337794065 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337814093 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337824106 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337826014 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337876081 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.337934017 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337943077 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337950945 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337959051 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337968111 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337981939 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.337990999 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.338001966 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.338002920 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.338011980 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.338022947 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.338028908 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.338035107 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.338038921 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.338047981 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.338057041 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.338063955 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.338066101 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.338116884 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.338126898 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.338135958 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.338144064 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.338151932 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.338186979 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.340787888 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.340862036 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.340910912 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.340961933 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341121912 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341130018 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341146946 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341156006 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341186047 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341197014 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341207027 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341221094 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341238976 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341252089 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341268063 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341269970 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341279030 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341299057 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341324091 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341326952 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341334105 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341351032 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341360092 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341376066 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341397047 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341404915 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341406107 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341440916 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341449976 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341451883 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341495991 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341499090 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341542959 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341552019 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341552019 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341593027 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341599941 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341609955 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341624022 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341634035 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341651917 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341659069 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341660976 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341682911 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341684103 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341715097 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341717958 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341722965 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341742992 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341759920 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341774940 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341800928 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341809034 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341856956 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341908932 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341919899 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341927052 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341934919 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341943979 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341953039 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341963053 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341970921 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341973066 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.341979980 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.341990948 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342046976 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342056990 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342060089 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342062950 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342071056 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342081070 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342091084 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342099905 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342108965 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342118025 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342118979 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342139006 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342163086 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342176914 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342178106 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342187881 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342195988 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342205048 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342216969 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342226028 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342233896 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342235088 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342242956 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342252016 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342272043 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342303991 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342309952 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342313051 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342320919 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342329979 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342339039 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342354059 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342360020 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342363119 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342371941 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342379093 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342381001 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342397928 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342406988 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342416048 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342432022 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342434883 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342468023 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342477083 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342478037 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342525005 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342572927 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342581987 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342590094 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342597961 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342617989 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342627048 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342629910 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342633009 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342650890 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342659950 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342668056 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342677116 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342690945 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342694044 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342700005 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342715025 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342716932 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342725992 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342746973 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342756033 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342761993 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342784882 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342787027 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342796087 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342801094 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342845917 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342847109 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342855930 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342900991 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342901945 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342920065 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342927933 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.342947960 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.342974901 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.343046904 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343056917 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343065023 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343067884 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343077898 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343086958 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343096018 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343108892 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.343111992 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343121052 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343130112 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343132019 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.343138933 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343148947 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.343156099 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343164921 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343172073 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343180895 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343189955 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.343197107 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343206882 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343211889 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.343216896 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343234062 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.343261957 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.343262911 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343272924 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343281031 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343281984 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.343322992 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.343324900 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343337059 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343383074 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.343396902 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343413115 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343420982 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343436003 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343446016 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343461990 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.343480110 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.343480110 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.343533039 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.386648893 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.386946917 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.387101889 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.387202024 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.387336016 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.387453079 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.387605906 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.387707949 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.387842894 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.387942076 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.388062954 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.388150930 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.388284922 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.388339043 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.432754993 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.433037043 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.433233023 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.433340073 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.433470011 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.433512926 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.438765049 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.439007998 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.439088106 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.439136982 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.449767113 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.450031996 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.450108051 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.450171947 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.450244904 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.450301886 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.450380087 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.450438023 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.450504065 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.450565100 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.450649977 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.450707912 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.450768948 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.450813055 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.455503941 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.455569029 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.502608061 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.502966881 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.503237009 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.503381968 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.503554106 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.503699064 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.503849030 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.503979921 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.504122019 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.504200935 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.554594040 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.554677010 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.589015007 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.589375973 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.589617014 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.589750051 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.589890003 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.594927073 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.595160007 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.638596058 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.638834000 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.685555935 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.685980082 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.686233044 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.686353922 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.691528082 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.691750050 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.691916943 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.692006111 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.738673925 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.738760948 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.771393061 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.771610022 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.771671057 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.771922112 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.772063971 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.772205114 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.772317886 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.772502899 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.772608995 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.772785902 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.772820950 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.777321100 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.777533054 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.777721882 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.777811050 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.818548918 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.818743944 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.853789091 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.854693890 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.854747057 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.854891062 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.854945898 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.855011940 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.855082035 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.855149984 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.855206966 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.855281115 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.855346918 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.855413914 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.855469942 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.855542898 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.855603933 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.855690956 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.855726004 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.860426903 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.860435963 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.860496998 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.860507965 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.860517025 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.860546112 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.860559940 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.860572100 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.860591888 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.860611916 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.860681057 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.860728025 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.906785965 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.907108068 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.907545090 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.907712936 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.907846928 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.907995939 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.908111095 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.908282995 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.908390999 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.908536911 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.908654928 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.908812046 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.908899069 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.935317039 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.935480118 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.935679913 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.935810089 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.935908079 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.936022043 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.936170101 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.936275005 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.936407089 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.936517000 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.936650038 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.936754942 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.936918974 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.937031984 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.937166929 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.937269926 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.937411070 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.937515974 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.941248894 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.941355944 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.982604980 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:15.983309984 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.983395100 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.983477116 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.983557940 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.983619928 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.983720064 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.983789921 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.983942032 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.984050989 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.984193087 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:15.984282017 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:16.005884886 CET1566649710176.124.204.206192.168.2.6
                                          Oct 28, 2024 01:34:16.006398916 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:16.006623030 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:16.006747007 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:16.006877899 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:16.006988049 CET4971015666192.168.2.6176.124.204.206
                                          Oct 28, 2024 01:34:16.007148981 CET4971015666192.168.2.6176.124.204.206

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Oct 28, 2024 01:34:09.596888065 CET192.168.2.61.1.1.10xbd7bStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Oct 28, 2024 01:34:09.604763031 CET1.1.1.1192.168.2.60xbd7bNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                          Oct 28, 2024 01:34:09.604763031 CET1.1.1.1192.168.2.60xbd7bNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                          Oct 28, 2024 01:34:09.604763031 CET1.1.1.1192.168.2.60xbd7bNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false

                                          HTTPS Proxied Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.649712172.67.74.1524433548C:\Windows\System32\attrib.exe
                                          TimestampBytes transferredDirectionData
                                          2024-10-28 00:34:10 UTC100OUTGET / HTTP/1.1
                                          Accept: text/html; text/plain; */*
                                          Host: api.ipify.org
                                          Cache-Control: no-cache
                                          2024-10-28 00:34:10 UTC211INHTTP/1.1 200 OK
                                          Date: Mon, 28 Oct 2024 00:34:10 GMT
                                          Content-Type: text/plain
                                          Content-Length: 14
                                          Connection: close
                                          Vary: Origin
                                          cf-cache-status: DYNAMIC
                                          Server: cloudflare
                                          CF-RAY: 8d96d6afaf432ccc-DFW
                                          2024-10-28 00:34:10 UTC14INData Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30
                                          Data Ascii: 173.254.250.90


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:20:34:07
                                          Start date:27/10/2024
                                          Path:C:\Users\user\Desktop\file.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                          Imagebase:0x7ff684ca0000
                                          File size:1'477'025 bytes
                                          MD5 hash:EAB6FFE7B3ED8B11859E3C2858CB1B48
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:1
                                          Start time:20:34:07
                                          Start date:27/10/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff66e660000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:2
                                          Start time:20:34:07
                                          Start date:27/10/2024
                                          Path:C:\Windows\System32\attrib.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Windows\System32\attrib.exe"
                                          Imagebase:0x7ff698d90000
                                          File size:23'040 bytes
                                          MD5 hash:5037D8E6670EF1D89FB6AD435F12A9FD
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000002.00000002.2249385777.000001CBC4B34000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:moderate
                                          Has exited:true

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:1.1%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:15.1%
                                            Total number of Nodes:205
                                            Total number of Limit Nodes:2
                                            execution_graph 14140 7ff684ca3111 SetUnhandledExceptionFilter 14141 7ff684ca1010 14142 7ff684ca104b 14141->14142 14143 7ff684ca10b0 14142->14143 14144 7ff684ca106d _set_app_type 14142->14144 14145 7ff684ca1077 __p__fmode __p__commode 14143->14145 14144->14145 14146 7ff684ca109c 14145->14146 14147 7ff684ca2510 signal 14148 7ff684ca25af signal 14147->14148 14152 7ff684ca2451 14147->14152 14149 7ff684ca25c3 14148->14149 14150 7ff684ca259b signal 14154 7ff684ca24b6 14150->14154 14151 7ff684ca249b signal 14151->14152 14153 7ff684ca2587 signal 14151->14153 14152->14150 14152->14151 14152->14154 14153->14154 14155 7ff684ca1d90 14156 7ff684ca1daf __acrt_iob_func 14155->14156 14160 7ff684ca2d10 __stdio_common_vfprintf 14156->14160 14159 7ff684ca1e15 14160->14159 14185 7ff684ca2dd0 14186 7ff684ca2df0 14185->14186 14187 7ff684ca2e00 __p___argc 14186->14187 14188 7ff684ca2e0e 14187->14188 14189 7ff684ca2e24 _set_new_mode 14188->14189 14190 7ff684ca2e2d 14188->14190 14189->14190 14196 7ff684ca1450 14197 7ff684ca1473 14196->14197 14200 7ff684ca2cc0 __acrt_iob_func __stdio_common_vfprintf 14197->14200 14199 7ff684ca149e 14200->14199 14206 7ff684ca1cc0 14207 7ff684ca1cc9 14206->14207 14209 7ff684ca1ccd 14207->14209 14211 7ff684ca2740 14207->14211 14210 7ff684ca1ce5 14212 7ff684ca274e 14211->14212 14213 7ff684ca2800 14211->14213 14214 7ff684ca2754 14212->14214 14216 7ff684ca2762 14212->14216 14217 7ff684ca27a0 14212->14217 14213->14210 14215 7ff684ca2820 InitializeCriticalSection 14214->14215 14214->14216 14215->14216 14216->14210 14217->14216 14218 7ff684ca27d9 DeleteCriticalSection 14217->14218 14219 7ff684ca27c8 free 14217->14219 14218->14216 14219->14218 14219->14219 14225 7ff684ca2f40 14226 7ff684ca2f4d __tzname __timezone __daylight 14225->14226 14227 7ff684ca2538 signal 14228 7ff684ca254a signal 14227->14228 14229 7ff684ca2451 14227->14229 14232 7ff684ca24b6 14228->14232 14230 7ff684ca259b signal 14229->14230 14231 7ff684ca249b signal 14229->14231 14229->14232 14230->14232 14231->14229 14233 7ff684ca2587 signal 14231->14233 14233->14232 14234 7ff684ca263b 14235 7ff684ca2660 14234->14235 14236 7ff684ca2656 14234->14236 14235->14236 14237 7ff684ca2677 EnterCriticalSection LeaveCriticalSection 14235->14237 14237->14236 14161 7ff684ca3131 LeaveCriticalSection 14008 7ff684ca13f0 14011 7ff684ca1180 14008->14011 14010 7ff684ca1406 14012 7ff684ca11b0 14011->14012 14013 7ff684ca11cd 14012->14013 14014 7ff684ca11b9 Sleep 14012->14014 14018 7ff684ca11e1 14013->14018 14063 7ff684ca2e80 __acrt_iob_func 14013->14063 14014->14012 14016 7ff684ca1200 14031 7ff684ca2080 14016->14031 14017 7ff684ca134c _initterm 14017->14016 14018->14016 14018->14017 14023 7ff684ca12ef 14018->14023 14020 7ff684ca1228 SetUnhandledExceptionFilter _set_invalid_parameter_handler 14053 7ff684ca1e90 14020->14053 14022 7ff684ca1250 malloc 14022->14023 14024 7ff684ca127a 14022->14024 14025 7ff684ca1180 27 API calls 14023->14025 14030 7ff684ca1303 14023->14030 14026 7ff684ca1280 strlen malloc memcpy 14024->14026 14027 7ff684ca13e6 14025->14027 14026->14026 14028 7ff684ca12b3 14026->14028 14027->14010 14054 7ff684ca1b3c 14028->14054 14030->14010 14033 7ff684ca20b0 14031->14033 14052 7ff684ca209f 14031->14052 14032 7ff684ca2390 14037 7ff684ca2399 14032->14037 14032->14052 14033->14032 14035 7ff684ca22ae 14033->14035 14046 7ff684ca212a 14033->14046 14033->14052 14038 7ff684ca23c1 14035->14038 14042 7ff684ca22c9 14035->14042 14036 7ff684ca23d2 14039 7ff684ca1ea0 9 API calls 14036->14039 14037->14038 14096 7ff684ca1f10 14037->14096 14040 7ff684ca1ea0 9 API calls 14038->14040 14041 7ff684ca23de 14039->14041 14040->14036 14041->14020 14045 7ff684ca22da 14042->14045 14043 7ff684ca1f10 9 API calls 14043->14045 14045->14042 14045->14043 14066 7ff684ca1ea0 14045->14066 14046->14035 14046->14036 14046->14038 14046->14042 14046->14045 14047 7ff684ca2191 14046->14047 14046->14052 14047->14045 14047->14046 14048 7ff684ca1f10 9 API calls 14047->14048 14049 7ff684ca223d 14047->14049 14050 7ff684ca2240 14047->14050 14048->14047 14049->14050 14051 7ff684ca2272 VirtualProtect 14050->14051 14050->14052 14051->14050 14052->14020 14053->14022 14055 7ff684ca1b49 14054->14055 14124 7ff684ca15a0 14055->14124 14060 7ff684ca1bbe puts 14062 7ff684ca1bd2 14060->14062 14061 7ff684ca1ba8 puts 14061->14062 14062->14023 14139 7ff684ca2d10 __stdio_common_vfprintf 14063->14139 14065 7ff684ca2ea3 14065->14018 14067 7ff684ca1ecc 14066->14067 14068 7ff684ca1ee6 __acrt_iob_func 14067->14068 14074 7ff684ca1f03 14068->14074 14069 7ff684ca1fde 14069->14045 14070 7ff684ca2062 14071 7ff684ca1ea0 4 API calls 14070->14071 14079 7ff684ca2071 14071->14079 14072 7ff684ca1f9d VirtualQuery 14073 7ff684ca2047 14072->14073 14072->14074 14073->14070 14075 7ff684ca1ea0 4 API calls 14073->14075 14074->14069 14074->14070 14074->14072 14076 7ff684ca1ff0 VirtualProtect 14074->14076 14075->14070 14076->14069 14077 7ff684ca2028 GetLastError 14076->14077 14078 7ff684ca1ea0 4 API calls 14077->14078 14078->14074 14080 7ff684ca22ae 14079->14080 14081 7ff684ca212a 14079->14081 14084 7ff684ca2390 14079->14084 14095 7ff684ca209f 14079->14095 14085 7ff684ca23c1 14080->14085 14091 7ff684ca22c9 14080->14091 14081->14080 14083 7ff684ca23d2 14081->14083 14081->14085 14081->14091 14092 7ff684ca1f10 VirtualQuery VirtualProtect GetLastError VirtualProtect 14081->14092 14093 7ff684ca223d 14081->14093 14081->14095 14082 7ff684ca1f10 4 API calls 14082->14084 14086 7ff684ca1ea0 4 API calls 14083->14086 14084->14082 14084->14085 14084->14095 14087 7ff684ca1ea0 4 API calls 14085->14087 14088 7ff684ca23de 14086->14088 14087->14083 14088->14045 14089 7ff684ca1f10 VirtualQuery VirtualProtect GetLastError VirtualProtect 14089->14091 14090 7ff684ca1ea0 4 API calls 14090->14091 14091->14089 14091->14090 14092->14081 14094 7ff684ca2272 VirtualProtect 14093->14094 14093->14095 14094->14093 14095->14045 14102 7ff684ca1f29 14096->14102 14097 7ff684ca1fde 14097->14037 14098 7ff684ca2062 14099 7ff684ca1ea0 5 API calls 14098->14099 14108 7ff684ca2071 14099->14108 14100 7ff684ca1f9d VirtualQuery 14101 7ff684ca2047 14100->14101 14100->14102 14101->14098 14104 7ff684ca1ea0 5 API calls 14101->14104 14102->14097 14102->14098 14102->14100 14105 7ff684ca1ff0 VirtualProtect 14102->14105 14103 7ff684ca209f 14103->14037 14104->14098 14105->14097 14106 7ff684ca2028 GetLastError 14105->14106 14107 7ff684ca1ea0 5 API calls 14106->14107 14107->14102 14108->14103 14109 7ff684ca22ae 14108->14109 14112 7ff684ca2390 14108->14112 14120 7ff684ca212a 14108->14120 14113 7ff684ca23c1 14109->14113 14119 7ff684ca22c9 14109->14119 14110 7ff684ca1f10 5 API calls 14110->14112 14111 7ff684ca23d2 14114 7ff684ca1ea0 5 API calls 14111->14114 14112->14103 14112->14110 14112->14113 14115 7ff684ca1ea0 5 API calls 14113->14115 14116 7ff684ca23de 14114->14116 14115->14111 14116->14037 14117 7ff684ca1f10 __acrt_iob_func VirtualQuery VirtualProtect GetLastError VirtualProtect 14117->14119 14118 7ff684ca1ea0 5 API calls 14118->14119 14119->14117 14119->14118 14120->14103 14120->14109 14120->14111 14120->14113 14120->14119 14121 7ff684ca1f10 __acrt_iob_func VirtualQuery VirtualProtect GetLastError VirtualProtect 14120->14121 14122 7ff684ca223d 14120->14122 14121->14120 14122->14103 14123 7ff684ca2272 VirtualProtect 14122->14123 14123->14122 14125 7ff684ca15d1 14124->14125 14126 7ff684ca16ee CloseHandle 14125->14126 14127 7ff684ca170e puts 14125->14127 14126->14125 14128 7ff684ca1719 14127->14128 14129 7ff684ca1755 14128->14129 14130 7ff684ca1b2e 14129->14130 14131 7ff684ca17ec memset memset CreateProcessA 14129->14131 14130->14060 14130->14061 14131->14130 14132 7ff684ca1883 14131->14132 14132->14130 14133 7ff684ca18af ReadProcessMemory VirtualAllocEx 14132->14133 14134 7ff684ca1954 WriteProcessMemory 14133->14134 14135 7ff684ca193b puts 14133->14135 14136 7ff684ca1a82 14134->14136 14135->14130 14137 7ff684ca19c3 WriteProcessMemory 14136->14137 14138 7ff684ca1a9c WriteProcessMemory SetThreadContext ResumeThread 14136->14138 14137->14136 14138->14130 14139->14065 14167 7ff684ca26b0 14168 7ff684ca26d0 EnterCriticalSection 14167->14168 14169 7ff684ca26c2 14167->14169 14170 7ff684ca2713 LeaveCriticalSection 14168->14170 14171 7ff684ca26ec 14168->14171 14171->14170 14172 7ff684ca270e free 14171->14172 14172->14170 14238 7ff684ca1cf0 14239 7ff684ca1d02 14238->14239 14240 7ff684ca1d12 14239->14240 14241 7ff684ca2740 3 API calls 14239->14241 14242 7ff684ca1d65 14241->14242 14173 7ff684ca2429 14175 7ff684ca2451 14173->14175 14174 7ff684ca24b6 14175->14174 14176 7ff684ca259b signal 14175->14176 14177 7ff684ca249b signal 14175->14177 14176->14174 14177->14175 14178 7ff684ca2587 signal 14177->14178 14178->14174 14248 7ff684ca30e9 VirtualQuery 14179 7ff684ca14a8 14182 7ff684ca14c0 14179->14182 14180 7ff684ca1505 puts 14183 7ff684ca1514 fflush 14180->14183 14181 7ff684ca14f4 puts 14181->14183 14182->14180 14182->14181 14249 7ff684ca28e0 strlen 14250 7ff684ca2970 14249->14250 14253 7ff684ca28f5 14249->14253 14251 7ff684ca295e 14252 7ff684ca2949 strncmp 14252->14251 14252->14253 14253->14250 14253->14251 14253->14252 14259 7ff684ca3159 GetLastError

                                            Executed Functions

                                            Function 00007FF684CA1719 Relevance: 30.0, APIs: 11, Strings: 6, Instructions: 213injectionthreadprocessCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: Process$Memory$Write$Threadmemset$AllocContextCreateReadResumeVirtualputs
                                            • String ID: @$C:\Windo$Failed to allocate memory in target process.$m32\attr$rib.exe$ws\Syste
                                            • API String ID: 3837342824-4134978987
                                            • Opcode ID: 6b13a2d30c604ff2a75875a541f4c6d5bdaedd85531fe8d0f01bc11be9bba01e
                                            • Instruction ID: dc48a91a2ce39d25f5d15389a0533f0f3c067bcd7287e5fdbc1d77565f972e50
                                            • Opcode Fuzzy Hash: 6b13a2d30c604ff2a75875a541f4c6d5bdaedd85531fe8d0f01bc11be9bba01e
                                            • Instruction Fuzzy Hash: 13A1DCA1705BC58EDB70CF6AEC803D967A6FB88B88F404129DA4D8B768DF39D655C700
                                            Function 00007FF684CA1180 Relevance: 12.1, APIs: 8, Instructions: 146sleepstringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: malloc$ExceptionFilterSleepUnhandled_set_invalid_parameter_handlermemcpystrlen
                                            • String ID:
                                            • API String ID: 959198572-0
                                            • Opcode ID: f6f20db29f42290ec6c3de1d4a693979f80b75b35e8db5484bb86adadd7a7be7
                                            • Instruction ID: 611102986b34cdf9d5483297c031af1b10c38dda023f55c27a728059c532dbf1
                                            • Opcode Fuzzy Hash: f6f20db29f42290ec6c3de1d4a693979f80b75b35e8db5484bb86adadd7a7be7
                                            • Instruction Fuzzy Hash: DF5155B5E09602C5FB10DF55E8D4279A3A9BF44B84F84423ADA0EE77A6DE3CE841C310
                                            Function 00007FF684CA1B3C Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 37COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • puts.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684CA1B8B
                                              • Part of subcall function 00007FF684CA1719: memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684CA1801
                                              • Part of subcall function 00007FF684CA1719: memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF684CA181B
                                              • Part of subcall function 00007FF684CA1719: CreateProcessA.KERNELBASE ref: 00007FF684CA1879
                                              • Part of subcall function 00007FF684CA1719: ReadProcessMemory.KERNELBASE ref: 00007FF684CA18EA
                                              • Part of subcall function 00007FF684CA1719: VirtualAllocEx.KERNELBASE ref: 00007FF684CA1928
                                              • Part of subcall function 00007FF684CA1719: puts.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684CA1945
                                            • puts.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684CA1BB2
                                            • puts.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684CA1BC8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: puts$Processmemset$AllocCreateMemoryReadVirtual
                                            • String ID: Downloading...$Failed to run PE file from memory.$File cant start now$File downloaded..
                                            • API String ID: 2368940784-3479206737
                                            • Opcode ID: 5a57d78937d7cde8d3da05b5e27fb2b2cb7c4d1b214c975ac5f71d01647b601c
                                            • Instruction ID: 575c4d0c0008d6d7e59054009745e82153dd99cc6c9eef14fa5e06ad38b001e0
                                            • Opcode Fuzzy Hash: 5a57d78937d7cde8d3da05b5e27fb2b2cb7c4d1b214c975ac5f71d01647b601c
                                            • Instruction Fuzzy Hash: 09014C94F08653D8FB10E7A5E8D92B853AC7F46784F80017AEC1EA73A2EE2CE105C340
                                            Function 00007FF684CA15A0 Relevance: 1.4, APIs: 1, Instructions: 100COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID:
                                            • API String ID: 2962429428-0
                                            • Opcode ID: 7b56c6e6f56ce49d9415a3c1db3b2ace441a652c6befc43e3e3f49e393c0a40f
                                            • Instruction ID: a0f31f405900893abbd2669cab334426afa144e242520c6ebc70a72d47485c3f
                                            • Opcode Fuzzy Hash: 7b56c6e6f56ce49d9415a3c1db3b2ace441a652c6befc43e3e3f49e393c0a40f
                                            • Instruction Fuzzy Hash: 004107B2B41745CEEB10CBA8D9853AC33B1FB55798F148569DA1C97B98DE3CEA05C700

                                            Non-executed Functions

                                            Function 00007FF684D2DEE0 Relevance: 16.3, APIs: 5, Strings: 4, Instructions: 567COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 247 7ff684d2dee0-7ff684d2df21 248 7ff684d2df27-7ff684d2df51 call 7ff684d53cf0 247->248 249 7ff684d2e1fd-7ff684d2e242 call 7ff684d31820 call 7ff684d2e770 247->249 254 7ff684d2df60-7ff684d2df99 call 7ff684d0a220 call 7ff684d30980 call 7ff684d2e770 248->254 255 7ff684d2df53-7ff684d2df5c 248->255 261 7ff684d2e248-7ff684d2e2c3 call 7ff684cd5680 call 7ff684d0a380 call 7ff684d0da60 call 7ff684d0a900 249->261 262 7ff684d2e3df-7ff684d2e3e3 249->262 289 7ff684d2e140-7ff684d2e147 254->289 290 7ff684d2df9f-7ff684d2e024 call 7ff684cd5680 call 7ff684d0a380 call 7ff684d0da60 call 7ff684d0a900 254->290 255->254 314 7ff684d2e2c9-7ff684d2e2d1 261->314 315 7ff684d2e51e-7ff684d2e53a call 7ff684d093f0 call 7ff684d54508 261->315 265 7ff684d2e3e9-7ff684d2e446 call 7ff684ce5da0 call 7ff684ce6540 262->265 266 7ff684d2e4ac-7ff684d2e4b3 262->266 268 7ff684d2e485-7ff684d2e4ab call 7ff684d51340 265->268 292 7ff684d2e448-7ff684d2e45d 265->292 266->268 269 7ff684d2e4b5-7ff684d2e4ca 266->269 274 7ff684d2e4cc-7ff684d2e4df 269->274 275 7ff684d2e474-7ff684d2e480 call 7ff684d51360 269->275 282 7ff684d2e4e9-7ff684d2e4ee call 7ff684d34d78 274->282 283 7ff684d2e4e1 274->283 275->268 301 7ff684d2e4ef-7ff684d2e50b call 7ff684d093f0 call 7ff684d54508 282->301 283->275 295 7ff684d2e149-7ff684d2e18f call 7ff684ce5da0 289->295 296 7ff684d2e191-7ff684d2e194 289->296 290->301 342 7ff684d2e02a-7ff684d2e032 290->342 292->275 300 7ff684d2e45f-7ff684d2e472 292->300 310 7ff684d2e1dc-7ff684d2e1eb call 7ff684ce6540 295->310 298 7ff684d2e196-7ff684d2e1d7 call 7ff684ce5da0 296->298 299 7ff684d2e1ec-7ff684d2e1f8 call 7ff684d0a040 296->299 298->310 299->268 300->275 300->282 332 7ff684d2e50c-7ff684d2e511 call 7ff684d34d78 301->332 310->299 321 7ff684d2e304-7ff684d2e349 call 7ff684d53318 * 2 314->321 322 7ff684d2e2d3-7ff684d2e2e4 314->322 333 7ff684d2e53b-7ff684d2e540 call 7ff684d34d78 315->333 345 7ff684d2e37d-7ff684d2e398 321->345 346 7ff684d2e34b-7ff684d2e35d 321->346 327 7ff684d2e2e6-7ff684d2e2f9 322->327 328 7ff684d2e2ff call 7ff684d51360 322->328 327->328 327->333 328->321 350 7ff684d2e512-7ff684d2e517 call 7ff684d34d78 332->350 349 7ff684d2e541-7ff684d2e59b call 7ff684d34d78 333->349 347 7ff684d2e066-7ff684d2e0ac call 7ff684d53318 * 2 342->347 348 7ff684d2e034-7ff684d2e046 342->348 353 7ff684d2e3cc-7ff684d2e3da 345->353 354 7ff684d2e39a-7ff684d2e3ac 345->354 351 7ff684d2e378 call 7ff684d51360 346->351 352 7ff684d2e35f-7ff684d2e372 346->352 381 7ff684d2e0ae-7ff684d2e0bf 347->381 382 7ff684d2e0df-7ff684d2e0f9 347->382 355 7ff684d2e048-7ff684d2e05b 348->355 356 7ff684d2e061 call 7ff684d51360 348->356 370 7ff684d2e59d-7ff684d2e5a0 349->370 371 7ff684d2e5f2-7ff684d2e5f8 349->371 372 7ff684d2e518-7ff684d2e51d call 7ff684d34d78 350->372 351->345 352->349 352->351 353->262 361 7ff684d2e3c7 call 7ff684d51360 354->361 362 7ff684d2e3ae-7ff684d2e3c1 354->362 355->332 355->356 356->347 361->353 362->361 368 7ff684d2e4e3-7ff684d2e4e8 call 7ff684d34d78 362->368 368->282 370->371 377 7ff684d2e5a2-7ff684d2e5c9 370->377 375 7ff684d2e5fa-7ff684d2e632 call 7ff684d53640 371->375 376 7ff684d2e64e-7ff684d2e661 371->376 372->315 405 7ff684d2e637-7ff684d2e649 call 7ff684d53640 375->405 406 7ff684d2e634 375->406 384 7ff684d2e667-7ff684d2e671 376->384 385 7ff684d2e72e-7ff684d2e733 call 7ff684cd0d70 376->385 386 7ff684d2e5cb 377->386 387 7ff684d2e5ce-7ff684d2e5d3 377->387 390 7ff684d2e0da call 7ff684d51360 381->390 391 7ff684d2e0c1-7ff684d2e0d4 381->391 392 7ff684d2e12d-7ff684d2e13b 382->392 393 7ff684d2e0fb-7ff684d2e10d 382->393 396 7ff684d2e682-7ff684d2e69b 384->396 397 7ff684d2e673-7ff684d2e67e 384->397 408 7ff684d2e734-7ff684d2e756 call 7ff684cd0cb0 385->408 386->387 388 7ff684d2e5d8-7ff684d2e5ed call 7ff684d53640 387->388 389 7ff684d2e5d5 387->389 415 7ff684d2e710-7ff684d2e727 388->415 389->388 390->382 391->350 391->390 392->289 402 7ff684d2e128 call 7ff684d51360 393->402 403 7ff684d2e10f-7ff684d2e122 393->403 398 7ff684d2e69d-7ff684d2e6a4 396->398 399 7ff684d2e6c5-7ff684d2e6c8 396->399 397->396 407 7ff684d2e6aa-7ff684d2e6b5 call 7ff684d51600 398->407 398->408 410 7ff684d2e6ca-7ff684d2e6cf call 7ff684d51600 399->410 411 7ff684d2e6d2-7ff684d2e6e2 399->411 402->392 403->372 403->402 405->415 406->405 425 7ff684d2e728-7ff684d2e72d call 7ff684d34d78 407->425 426 7ff684d2e6b7-7ff684d2e6c3 407->426 427 7ff684d2e758-7ff684d2e75d call 7ff684d51360 408->427 428 7ff684d2e762-7ff684d2e76a 408->428 410->411 418 7ff684d2e6e7-7ff684d2e6fa call 7ff684d53640 411->418 419 7ff684d2e6e4 411->419 432 7ff684d2e6fc 418->432 433 7ff684d2e6ff-7ff684d2e70b call 7ff684d53640 418->433 419->418 425->385 426->411 427->428 432->433 433->415
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __std_exception_destroy$Concurrency::cancel_current_task
                                            • String ID: 2@@5@AEBUOptions@23@@Z@$d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$ed to \u0013$operator
                                            • API String ID: 3534942345-3176673085
                                            • Opcode ID: d5a4b0d5de5765deedc4dc0bb1aaad938ac45959e4a9a5ea6747629422404892
                                            • Instruction ID: abb344d2d1978c8a1e762ec970f226e2d45cf3ae56d89be2fd3345f62232ccb5
                                            • Opcode Fuzzy Hash: d5a4b0d5de5765deedc4dc0bb1aaad938ac45959e4a9a5ea6747629422404892
                                            • Instruction Fuzzy Hash: 5B32B222A18B91C5EB00CB65D4843AD6761FF997A4F505339EA9E83BDADF7CE181C300
                                            Function 00007FF684CDCF80 Relevance: 10.9, Strings: 6, Instructions: 3425COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
                                            • String ID: !$2@@5@AEBUOptions@23@@Z@$@tyti@@U?$default_delete@U?$basic_object@D@vdf@tyti@@@std@@@std@@@2@@std@@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU$IJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/$d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$tectData
                                            • API String ID: 3645842244-1855547753
                                            • Opcode ID: f347e8d440eb066e858b6cb672c321744e19cf924e68b836d93a657260a71437
                                            • Instruction ID: 8d16d5bde30e463e2a3a885a917e479a5b5b6430a5448bfbaff9cecd528c0b4a
                                            • Opcode Fuzzy Hash: f347e8d440eb066e858b6cb672c321744e19cf924e68b836d93a657260a71437
                                            • Instruction Fuzzy Hash: 29837372A15BC5C9EB208F24D8813ED7375FB89798F50522AEA9D47B99EF78D240C700
                                            Function 00007FF684CF14F0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 399COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1976 7ff684cf14f0-7ff684cf1510 1977 7ff684cf1516-7ff684cf1522 1976->1977 1978 7ff684cf15d7-7ff684cf15dc call 7ff684cd0d70 1976->1978 1979 7ff684cf1524-7ff684cf153a call 7ff684d53640 1977->1979 1980 7ff684cf153b-7ff684cf1545 1977->1980 1989 7ff684cf15dd-7ff684cf15e2 call 7ff684cd0cb0 1978->1989 1983 7ff684cf1556-7ff684cf1574 1980->1983 1984 7ff684cf1547-7ff684cf1552 1980->1984 1987 7ff684cf159a-7ff684cf159d 1983->1987 1988 7ff684cf1576-7ff684cf157d 1983->1988 1984->1983 1992 7ff684cf159f-7ff684cf15a7 call 7ff684d51600 1987->1992 1993 7ff684cf15a9 1987->1993 1988->1989 1990 7ff684cf157f-7ff684cf158a call 7ff684d51600 1988->1990 2000 7ff684cf15e3-7ff684cf1649 call 7ff684d34d78 call 7ff684d5e81c 1989->2000 1990->2000 2003 7ff684cf158c-7ff684cf1598 1990->2003 1994 7ff684cf15ab-7ff684cf15d6 call 7ff684d53640 1992->1994 1993->1994 2009 7ff684cf16b2-7ff684cf16d6 2000->2009 2010 7ff684cf164b-7ff684cf1652 2000->2010 2003->1994 2011 7ff684cf16df-7ff684cf16e4 call 7ff684cd1590 2010->2011 2012 7ff684cf1658-7ff684cf167b call 7ff684d5e844 2010->2012 2017 7ff684cf16e5-7ff684cf18da call 7ff684cd2410 2011->2017 2012->2017 2018 7ff684cf167d-7ff684cf1693 call 7ff684ce4ef0 2012->2018 2025 7ff684cf18e0 2017->2025 2023 7ff684cf1695 2018->2023 2024 7ff684cf1698-7ff684cf16b0 call 7ff684d5e844 2018->2024 2023->2024 2024->2009 2033 7ff684cf16d7-7ff684cf16de call 7ff684cd2410 2024->2033 2027 7ff684cf18e4-7ff684cf18e8 2025->2027 2029 7ff684cf18ee-7ff684cf18f1 2027->2029 2030 7ff684cf199b-7ff684cf19bc call 7ff684ce8610 2027->2030 2031 7ff684cf1a45-7ff684cf1ab4 call 7ff684ce5a50 * 4 call 7ff684d51340 2029->2031 2032 7ff684cf18f7-7ff684cf1900 2029->2032 2042 7ff684cf1a04-7ff684cf1a3e call 7ff684ce9620 2030->2042 2043 7ff684cf19be-7ff684cf19c3 2030->2043 2032->2030 2035 7ff684cf1906-7ff684cf190f 2032->2035 2033->2011 2035->2030 2039 7ff684cf1915-7ff684cf191b 2035->2039 2039->2030 2044 7ff684cf191d-7ff684cf1946 2039->2044 2047 7ff684cf19c5-7ff684cf19cc 2042->2047 2056 7ff684cf1a40 2042->2056 2043->2047 2048 7ff684cf19d1-7ff684cf19fc call 7ff684ce9620 2043->2048 2050 7ff684cf194f-7ff684cf1952 2044->2050 2051 7ff684cf1948-7ff684cf194d 2044->2051 2047->2027 2048->2025 2059 7ff684cf1a02 2048->2059 2055 7ff684cf1958-7ff684cf195d 2050->2055 2051->2055 2060 7ff684cf195f-7ff684cf1964 2055->2060 2061 7ff684cf1966-7ff684cf1969 2055->2061 2056->2025 2059->2042 2063 7ff684cf196f-7ff684cf198c 2060->2063 2061->2063 2063->2030 2065 7ff684cf198e-7ff684cf1995 call 7ff684d540e0 2063->2065 2065->2030 2065->2031
                                            APIs
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CF170B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __std_fs_convert_narrow_to_wide$Concurrency::cancel_current_task__std_fs_code_page
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_
                                            • API String ID: 1751831074-1695713617
                                            • Opcode ID: 4cdb2fd2b0b13503603caa0a3616697b58e8b9c980583dade6c54ef63d510802
                                            • Instruction ID: aab4865edb968cd91099f2aa6af85e9b9000bae651c296e95dd64071f4cb42d9
                                            • Opcode Fuzzy Hash: 4cdb2fd2b0b13503603caa0a3616697b58e8b9c980583dade6c54ef63d510802
                                            • Instruction Fuzzy Hash: C8028D23A09B85CAE710CF65E8802AD73B4FB99798F14522AEF8D57B55DF78E580C700
                                            Function 00007FF684CE9BE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 292COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2070 7ff684ce9be0-7ff684ce9c90 call 7ff684cd5680 * 2 call 7ff684cd3dd0 call 7ff684ceef00 2079 7ff684ce9c92-7ff684ce9ca3 2070->2079 2080 7ff684ce9cc3-7ff684ce9cdc 2070->2080 2081 7ff684ce9ca5-7ff684ce9cb8 2079->2081 2082 7ff684ce9cbe call 7ff684d51360 2079->2082 2083 7ff684ce9cde-7ff684ce9cef 2080->2083 2084 7ff684ce9d0f-7ff684ce9d2e 2080->2084 2081->2082 2087 7ff684ce9e48-7ff684ce9e4d call 7ff684d34d78 2081->2087 2082->2080 2089 7ff684ce9cf1-7ff684ce9d04 2083->2089 2090 7ff684ce9d0a call 7ff684d51360 2083->2090 2085 7ff684ce9d30-7ff684ce9d41 2084->2085 2086 7ff684ce9d61-7ff684ce9de5 call 7ff684d53288 2084->2086 2091 7ff684ce9d43-7ff684ce9d56 2085->2091 2092 7ff684ce9d5c call 7ff684d51360 2085->2092 2103 7ff684ce9e14-7ff684ce9e41 call 7ff684d51340 2086->2103 2104 7ff684ce9de7-7ff684ce9df8 2086->2104 2095 7ff684ce9e4e-7ff684ce9e53 call 7ff684d34d78 2087->2095 2089->2090 2089->2095 2090->2084 2091->2092 2097 7ff684ce9e54-7ff684ce9ea2 call 7ff684d34d78 call 7ff684cf50c0 2091->2097 2092->2086 2095->2097 2117 7ff684ce9ea4-7ff684ce9eb2 call 7ff684cefad0 2097->2117 2118 7ff684ce9eb8-7ff684ce9ec6 2097->2118 2106 7ff684ce9e0f call 7ff684d51360 2104->2106 2107 7ff684ce9dfa-7ff684ce9e0d 2104->2107 2106->2103 2107->2106 2110 7ff684ce9e42-7ff684ce9e47 call 7ff684d34d78 2107->2110 2110->2087 2117->2118 2127 7ff684ce9f71-7ff684ce9f90 2117->2127 2119 7ff684ce9f91-7ff684cea029 call 7ff684cd0d90 call 7ff684d51600 * 2 call 7ff684d51340 2118->2119 2120 7ff684ce9ecc-7ff684ce9f6f call 7ff684d51600 call 7ff684ce5da0 call 7ff684cebf60 2118->2120 2120->2127
                                            APIs
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CE9BF3, 00007FF684CE9FA6
                                            • operator, xrefs: 00007FF684CE9D80
                                            • must be followed by U+DC00..U+DFFF, xrefs: 00007FF684CE9D91
                                            • \u000D or \r, xrefs: 00007FF684CE9DCD
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __std_exception_copy
                                            • String ID: \u000D or \r$ must be followed by U+DC00..U+DFFF$d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$operator
                                            • API String ID: 592178966-446665495
                                            • Opcode ID: 7a3729de1739817ee9d3784d8d136fd0de6a941c688ceb7e32c29510488a2721
                                            • Instruction ID: afd09aff1276eb3cb6a84e27d127c022e5f7202ecf8244cf0e6edb434c5657c3
                                            • Opcode Fuzzy Hash: 7a3729de1739817ee9d3784d8d136fd0de6a941c688ceb7e32c29510488a2721
                                            • Instruction Fuzzy Hash: 68C1DF22E18B81C5EB008F64E4813AD7371FF99798F14933AEA9D56796EF38E195C340
                                            Function 00007FF684D1DCF0 Relevance: 8.0, Strings: 6, Instructions: 501COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 2@@5@AEBUOptions@23@@Z@$d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$r U+0006 (ACK) must be escaped to \u0006$r U+0007 (BEL) must be escaped to \u0007$space$string: control character U+000E (SO) must be escaped to \u000E
                                            • API String ID: 0-193913609
                                            • Opcode ID: 53c21970429f7daf5818a1ece0c8bae8f61cc70617ef1db9d298cdbf3b9ec0d1
                                            • Instruction ID: bfa152b03ce6dc9a943c564cd2f01656c8943d46cf0656ee7632cf62c4fcc217
                                            • Opcode Fuzzy Hash: 53c21970429f7daf5818a1ece0c8bae8f61cc70617ef1db9d298cdbf3b9ec0d1
                                            • Instruction Fuzzy Hash: C3420822619BC6C9EB20CF28D8803E977A5FB85748F44423ADA8E97B59EF78D545C700
                                            Function 00007FF684CD5680 Relevance: 7.8, APIs: 1, Strings: 3, Instructions: 818COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CD57A1
                                            • IJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 00007FF684CD5CF6
                                            • 2@@5@AEBUOptions@23@@Z@, xrefs: 00007FF684CD5915
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: Concurrency::cancel_current_task
                                            • String ID: 2@@5@AEBUOptions@23@@Z@$IJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/$d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_
                                            • API String ID: 118556049-4236242035
                                            • Opcode ID: 83fea9e2c81b18a308780777de045eb8aa146a5ce6a0dbf9c0ddb9101cb86f1d
                                            • Instruction ID: 9486f2649f070ffbf2c6aad938fb8c6779f3b673abd8292b63c82a5ab780799e
                                            • Opcode Fuzzy Hash: 83fea9e2c81b18a308780777de045eb8aa146a5ce6a0dbf9c0ddb9101cb86f1d
                                            • Instruction Fuzzy Hash: EE828022A55BC2C5EB208F24D8C43ED6374FF85798F54523AEA4D87AA9EF38D645C300
                                            Function 00007FF684D2D580 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684D2D594
                                            • operator, xrefs: 00007FF684D2D721
                                            • must be followed by U+DC00..U+DFFF, xrefs: 00007FF684D2D732
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __std_exception_copy
                                            • String ID: must be followed by U+DC00..U+DFFF$d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$operator
                                            • API String ID: 592178966-2576075652
                                            • Opcode ID: 119a2f519a5545c1ea094d679cf8a51b98fdf191924cdd5720f148be921897f6
                                            • Instruction ID: 4305a19d3276f8944097dca6f021ffb7e8aefbb3940712cf0e21732278912bd2
                                            • Opcode Fuzzy Hash: 119a2f519a5545c1ea094d679cf8a51b98fdf191924cdd5720f148be921897f6
                                            • Instruction Fuzzy Hash: DAB1D262F18B95C5EB008F68D4843AC6761FF59794F409336EA9E53B99DE7CE185C300
                                            Function 00007FF684CF15F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 248COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CF170B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __std_fs_convert_narrow_to_wide$__std_fs_code_page
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_
                                            • API String ID: 2896615418-1695713617
                                            • Opcode ID: 3db3add3d20bef612fcc3e6a23562098e1c16e4c6642733d13f207c488e2ff66
                                            • Instruction ID: d14d86825a8ed1e2c27a61a314337f305bf80dd60dca46d0fb549d14ad87df1f
                                            • Opcode Fuzzy Hash: 3db3add3d20bef612fcc3e6a23562098e1c16e4c6642733d13f207c488e2ff66
                                            • Instruction Fuzzy Hash: CCC13D23D18B858AE720CF25D8802AD77B4FB99788F11532AEF8D56A19DF78E5D0C740
                                            Function 00007FF684D5EB6C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 278COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684D5EB89
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __std_fs_open_handle
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_
                                            • API String ID: 2524151746-1695713617
                                            • Opcode ID: 73ff00a9e014d692192eb06c6066c2b665b51c5c2b49c4d59154dfc925a79ff2
                                            • Instruction ID: 53c40b15424a72b1c6f4a4899c9146297644dfc1d126567413cbf75ae99e6525
                                            • Opcode Fuzzy Hash: 73ff00a9e014d692192eb06c6066c2b665b51c5c2b49c4d59154dfc925a79ff2
                                            • Instruction Fuzzy Hash: D4B17132A1CA42C6E664AB25A88527962A0FF857B1F154739EA7FC77E4DF3CE441C700
                                            Function 00007FF684CDB6B0 Relevance: 5.1, Strings: 3, Instructions: 1358COMMON
                                            Download Yara Rule
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CDB6CF
                                            • 2@@5@AEBUOptions@23@@Z@, xrefs: 00007FF684CDB8A1
                                            • unique_ptr@U?$basic_object@D@vdf@tyti@@U?$default_delete@U?$basic_object@D@vdf@tyti@@@std@@@std@@@2@@std@@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@, xrefs: 00007FF684CDB80A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 2@@5@AEBUOptions@23@@Z@$d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$unique_ptr@U?$basic_object@D@vdf@tyti@@U?$default_delete@U?$basic_object@D@vdf@tyti@@@std@@@std@@@2@@std@@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@
                                            • API String ID: 0-827127618
                                            • Opcode ID: 3b0078f3a649b7a5e271a6012b32234cdb8d73e25fe9715d07f381bdba7f381c
                                            • Instruction ID: 520a18215728d87c1c635706c2cfaf57d9a5171806c54fc5accd1120510796c3
                                            • Opcode Fuzzy Hash: 3b0078f3a649b7a5e271a6012b32234cdb8d73e25fe9715d07f381bdba7f381c
                                            • Instruction Fuzzy Hash: 4BE27072A44BC5C9EB208F29D8843ED7374FB95798F505226DA9D97B99EF38D680C300
                                            Function 00007FF684CE9620 Relevance: 2.8, Strings: 2, Instructions: 335COMMON
                                            Download Yara Rule
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CE9637, 00007FF684CE988C
                                            • string: control character U+000B (VT) must be escaped to \u000B, xrefs: 00007FF684CE990F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$string: control character U+000B (VT) must be escaped to \u000B
                                            • API String ID: 0-2279276501
                                            • Opcode ID: 283d29e132330dc9eb20c715f0a2c757d29a04da2ae3fbe3dfd3df475b9eb13a
                                            • Instruction ID: 373412b6114337b8e617ea8b7bd53bc526aae9a90a49b8c97e15a8ccb73f16c9
                                            • Opcode Fuzzy Hash: 283d29e132330dc9eb20c715f0a2c757d29a04da2ae3fbe3dfd3df475b9eb13a
                                            • Instruction Fuzzy Hash: C7E1A432A08B81C6EB60CFA5D4816AD73B9FF88758F01423AEA5D83B99DF78D550C740
                                            Function 00007FF684CD4530 Relevance: 1.6, Strings: 1, Instructions: 336COMMON
                                            Download Yara Rule
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CD454E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_
                                            • API String ID: 0-1695713617
                                            • Opcode ID: 09c79e78e7eac65bfbecd450639a6e0a2e00504cc143ca4e4a9106a43d2f3207
                                            • Instruction ID: 93bcd8c0f2e50371dc6c44e69a7667af86fef86318b3cb1bcd8523b82dfbc561
                                            • Opcode Fuzzy Hash: 09c79e78e7eac65bfbecd450639a6e0a2e00504cc143ca4e4a9106a43d2f3207
                                            • Instruction Fuzzy Hash: 88F14032A19F8489EB608B69E88135D77B4FB88798F105329EADC57B99DF3CD190C704
                                            Function 00007FF684CD4C20 Relevance: 1.6, Strings: 1, Instructions: 328COMMON
                                            Download Yara Rule
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CD4C3E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_
                                            • API String ID: 0-1695713617
                                            • Opcode ID: 33338fc9515c92c9c8dc238a174b08de98dee56174606adb00d7226df25df173
                                            • Instruction ID: 12023d4fa02f0aa3fc15f1888a1d28c4122114811dc2b94b0018c8a77bcb87ce
                                            • Opcode Fuzzy Hash: 33338fc9515c92c9c8dc238a174b08de98dee56174606adb00d7226df25df173
                                            • Instruction Fuzzy Hash: CCF14032A19F8489EB208F69E48135DB7B4FB89798F105329EADD56B99EF3CD140C700
                                            Function 00007FF684D3D9CC Relevance: 1.6, Strings: 1, Instructions: 309COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684D3D9E8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: NameTranslate$_invalid_parameter_noinfo
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_
                                            • API String ID: 3581955945-1695713617
                                            • Opcode ID: 61b61c2f1d2d7afbc05897f1eb8e2cddf689bcd5cbc459122aa72d708066068b
                                            • Instruction ID: 071b59ade4c43d6fd1129bfc93cdfa14d3e9804a0ad1f10767648fae5e6bb123
                                            • Opcode Fuzzy Hash: 61b61c2f1d2d7afbc05897f1eb8e2cddf689bcd5cbc459122aa72d708066068b
                                            • Instruction Fuzzy Hash: 35C1A376A08782C5EB609B6195903BA67A1FF94BC8F404239DE8FC7695EF3CE545CB00
                                            Function 00007FF684CA1450 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __acrt_iob_func__stdio_common_vfprintf
                                            • String ID: Dummy directory: %s
                                            • API String ID: 2168557111-1626223530
                                            • Opcode ID: 101f958bf7e2c98b165bad5fb4c644748edf04a9083ea72838c00e36c604a177
                                            • Instruction ID: c33173f0c6657aafece233017a96b33ec867c0c3740e763805d388269c52e373
                                            • Opcode Fuzzy Hash: 101f958bf7e2c98b165bad5fb4c644748edf04a9083ea72838c00e36c604a177
                                            • Instruction Fuzzy Hash: D2E06D65B01B45D8EF11DB62E8C43E96325BF48784F84013ACE0D4B774EE2CD205C340
                                            Function 00007FF684CD5250 Relevance: .2, Instructions: 229COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9aa62f7b6da8ad224eccdf6bfa4d18a7aba0ab3b01c02393cda3d7741aaad385
                                            • Instruction ID: aae6d5d7c63ece12c1f89aeac24bfd71815a76aabe0f4accc30147b0cd8bdf5b
                                            • Opcode Fuzzy Hash: 9aa62f7b6da8ad224eccdf6bfa4d18a7aba0ab3b01c02393cda3d7741aaad385
                                            • Instruction Fuzzy Hash: ADC15B32E06B85C9E701CF75D9C02A873B5FB59788F405229EE8DA6B55EF38E161C344
                                            Function 00007FF684D61380 Relevance: .2, Instructions: 207COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3215553584-0
                                            • Opcode ID: 8078a09573794ed6d7b5f4e0e67b6230490be0b03b580934ecd0f86303558dd3
                                            • Instruction ID: 73213d57bfb3b6432b1bb5161af7b3c71337e386ddb413e78105bed4a5e66d90
                                            • Opcode Fuzzy Hash: 8078a09573794ed6d7b5f4e0e67b6230490be0b03b580934ecd0f86303558dd3
                                            • Instruction Fuzzy Hash: 06816972A15A5286EB60CFA5D4853AD33A0FF84B98F04963AEF5F87695DF38D441C380
                                            Function 00007FF684D1CFD0 Relevance: .2, Instructions: 156COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 81b111e53581ed79373f170bff6f9a5d2c35bbbae99f8e587d860dc1a084ff43
                                            • Instruction ID: 05de4771621e33a0fa03275c785cfe5f4d5f047f3098d5fe539b333730cbd80d
                                            • Opcode Fuzzy Hash: 81b111e53581ed79373f170bff6f9a5d2c35bbbae99f8e587d860dc1a084ff43
                                            • Instruction Fuzzy Hash: B25106A3B0568443DB248B49FC42796F7A5FB987C5F00A12AEE8D57B58EB3CD581C700
                                            Function 00007FF684DE9388 Relevance: .1, Instructions: 73COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2e251b61a9e1cf7c92adaf2f054ca9dfb1ac3ff87b5859ba73cf30c8fd609c06
                                            • Instruction ID: 4f3cae3b2d3c91d6584fc4cb89592b7d275e9605670aea397b6c08379ac4e97b
                                            • Opcode Fuzzy Hash: 2e251b61a9e1cf7c92adaf2f054ca9dfb1ac3ff87b5859ba73cf30c8fd609c06
                                            • Instruction Fuzzy Hash: 71214A4B90F7C54AE7634AB44CF605C6FA1AE9291874E91EFC786C73D3D84D6849C322
                                            Function 00007FF684CA3111 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fdff31e18160255442d420fae1832a5a52ccebcf7d3d4df4aa26b73b5e00e239
                                            • Instruction ID: 613f0c3ead42f658f6f0bd6878269bfb381140e73e08bee3dd6b8e7a509c2eda
                                            • Opcode Fuzzy Hash: fdff31e18160255442d420fae1832a5a52ccebcf7d3d4df4aa26b73b5e00e239
                                            • Instruction Fuzzy Hash: 73A0021684ED01E0DB100B80E981AF0A578EB4B61DB442274C129A14B1CF6C90408105
                                            Function 00007FF684D19A00 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 440COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 95 7ff684d19a00-7ff684d19a27 96 7ff684d19a2d-7ff684d19a49 95->96 97 7ff684d19baf-7ff684d19bb4 call 7ff684cd0d70 95->97 99 7ff684d19a4b-7ff684d19a5a 96->99 100 7ff684d19a6a-7ff684d19a8d 96->100 105 7ff684d19bb5-7ff684d19bba call 7ff684cd0cb0 97->105 99->100 101 7ff684d19a5c-7ff684d19a66 99->101 103 7ff684d19abb-7ff684d19abe 100->103 104 7ff684d19a8f-7ff684d19a96 100->104 101->100 107 7ff684d19aca 103->107 108 7ff684d19ac0-7ff684d19ac8 call 7ff684d51600 103->108 104->105 106 7ff684d19a9c-7ff684d19aa7 call 7ff684d51600 104->106 118 7ff684d19bbb-7ff684d19bfb call 7ff684d34d78 105->118 106->118 119 7ff684d19aad-7ff684d19ab9 106->119 112 7ff684d19acc-7ff684d19af9 107->112 108->112 116 7ff684d19afb-7ff684d19b3c call 7ff684d53640 call 7ff684d53cf0 call 7ff684d53640 112->116 117 7ff684d19b60-7ff684d19b86 call 7ff684d53640 call 7ff684d53cf0 call 7ff684d53640 112->117 138 7ff684d19b56-7ff684d19b5e call 7ff684d51360 116->138 139 7ff684d19b3e-7ff684d19b51 116->139 137 7ff684d19b8b-7ff684d19bae 117->137 129 7ff684d19df6-7ff684d19e12 118->129 130 7ff684d19c01-7ff684d19c04 118->130 119->112 130->129 133 7ff684d19c0a-7ff684d19c2f call 7ff684d51600 130->133 143 7ff684d19c31-7ff684d19c38 133->143 144 7ff684d19c40 133->144 138->137 139->118 141 7ff684d19b53 139->141 141->138 145 7ff684d19c47-7ff684d19c89 call 7ff684d5f27c 143->145 147 7ff684d19c3a-7ff684d19c3e 143->147 144->145 150 7ff684d19e19-7ff684d19e25 call 7ff684d5f70c 145->150 151 7ff684d19c8f-7ff684d19cfb call 7ff684d5fa4c call 7ff684d39114 call 7ff684d60308 * 2 call 7ff684d3b850 145->151 147->145 156 7ff684d19e26-7ff684d19e2b call 7ff684d52420 150->156 151->156 174 7ff684d19d01-7ff684d19d18 call 7ff684d3b850 151->174 162 7ff684d19e2c-7ff684d19e6a call 7ff684d52420 156->162 168 7ff684d19fae-7ff684d19fca 162->168 169 7ff684d19e70-7ff684d19e73 162->169 169->168 171 7ff684d19e79-7ff684d19e90 call 7ff684d51600 169->171 178 7ff684d19ea1 171->178 179 7ff684d19e92-7ff684d19e99 171->179 174->162 180 7ff684d19d1e-7ff684d19d45 call 7ff684d3b850 174->180 181 7ff684d19ea8-7ff684d19ee9 call 7ff684d5f27c 178->181 179->181 182 7ff684d19e9b-7ff684d19e9f 179->182 189 7ff684d19d4b-7ff684d19d87 call 7ff684d5fab8 180->189 190 7ff684d19e13-7ff684d19e18 call 7ff684d52420 180->190 187 7ff684d19fcb-7ff684d19fec call 7ff684d5f70c 181->187 188 7ff684d19eef-7ff684d19f40 call 7ff684d5fa4c call 7ff684d5fab8 181->188 182->181 202 7ff684d1a00a-7ff684d1a00f 187->202 203 7ff684d19fee-7ff684d1a009 call 7ff684d34160 * 3 187->203 209 7ff684d19f47-7ff684d19f52 188->209 210 7ff684d19f42 call 7ff684d34160 188->210 200 7ff684d19d89 call 7ff684d34160 189->200 201 7ff684d19d8e-7ff684d19d99 189->201 190->150 200->201 206 7ff684d19d9b call 7ff684d34160 201->206 207 7ff684d19da0-7ff684d19dab 201->207 203->202 206->207 212 7ff684d19dad call 7ff684d34160 207->212 213 7ff684d19db2-7ff684d19dbd 207->213 219 7ff684d19f59-7ff684d19f64 209->219 220 7ff684d19f54 call 7ff684d34160 209->220 210->209 212->213 215 7ff684d19dbf call 7ff684d34160 213->215 216 7ff684d19dc4-7ff684d19dcf 213->216 215->216 224 7ff684d19dd6-7ff684d19de1 216->224 225 7ff684d19dd1 call 7ff684d34160 216->225 227 7ff684d19f66 call 7ff684d34160 219->227 228 7ff684d19f6b-7ff684d19f76 219->228 220->219 231 7ff684d19de8-7ff684d19df1 call 7ff684d5f2f4 224->231 232 7ff684d19de3 call 7ff684d34160 224->232 225->224 227->228 234 7ff684d19f78 call 7ff684d34160 228->234 235 7ff684d19f7d-7ff684d19f88 228->235 231->129 232->231 234->235 237 7ff684d19f8a call 7ff684d34160 235->237 238 7ff684d19f8f-7ff684d19f9a 235->238 237->238 243 7ff684d19f9c call 7ff684d34160 238->243 244 7ff684d19fa1-7ff684d19fa9 call 7ff684d5f2f4 238->244 243->244 244->168
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: Concurrency::cancel_current_taskstd::_$Locinfo::_Locinfo_ctorLockitLockit::_$std::bad_alloc::bad_alloc
                                            • String ID: eachable$function not supported$gpu$lower
                                            • API String ID: 80508629-2289728929
                                            • Opcode ID: 9d8cee948c0abf1d34e6f977a0bf0e60582f5a80f8f0ee3451d197e5f2fd0f3a
                                            • Instruction ID: 8f12164ad8527a831d60739cbf2e53af1b65d5ce5b3006a2d27bb1c1d083cd03
                                            • Opcode Fuzzy Hash: 9d8cee948c0abf1d34e6f977a0bf0e60582f5a80f8f0ee3451d197e5f2fd0f3a
                                            • Instruction Fuzzy Hash: 8E026C32B09B41CAEB14DF61E4902AD63A5FF94B58F044639DE8E97A9ADF3CE411C344
                                            Function 00007FF684CA1EA0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 138COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 436 7ff684ca1ea0-7ff684ca1f23 call 7ff684ca2fc0 call 7ff684ca2ff0 __acrt_iob_func call 7ff684ca2ca0 call 7ff684ca3078 446 7ff684ca2040-7ff684ca2042 436->446 447 7ff684ca1f29-7ff684ca1f37 436->447 448 7ff684ca1f68-7ff684ca1f76 call 7ff684ca2980 446->448 449 7ff684ca1f40-7ff684ca1f46 447->449 455 7ff684ca2062-7ff684ca209d call 7ff684ca1ea0 448->455 456 7ff684ca1f7c-7ff684ca1fc4 call 7ff684ca2ac0 VirtualQuery 448->456 450 7ff684ca1f48-7ff684ca1f55 449->450 451 7ff684ca1f5b-7ff684ca1f66 449->451 450->451 453 7ff684ca1fe5-7ff684ca1fec 450->453 451->448 451->449 464 7ff684ca209f-7ff684ca20af 455->464 465 7ff684ca20b0-7ff684ca2107 call 7ff684ca2a00 call 7ff684ca2c60 455->465 462 7ff684ca2047-7ff684ca2058 456->462 463 7ff684ca1fca-7ff684ca1fd4 456->463 462->455 466 7ff684ca205d call 7ff684ca1ea0 462->466 467 7ff684ca1fde 463->467 468 7ff684ca1fd6-7ff684ca1fdc 463->468 465->464 477 7ff684ca2109-7ff684ca210f 465->477 466->455 467->453 468->467 470 7ff684ca1ff0-7ff684ca2026 VirtualProtect 468->470 470->467 472 7ff684ca2028-7ff684ca203c GetLastError call 7ff684ca1ea0 470->472 472->446 478 7ff684ca2115-7ff684ca2119 477->478 479 7ff684ca2298-7ff684ca229a 477->479 480 7ff684ca2390-7ff684ca2393 478->480 482 7ff684ca211f 478->482 479->480 481 7ff684ca22a0-7ff684ca22a8 479->481 480->464 483 7ff684ca2399 480->483 484 7ff684ca22ae 481->484 485 7ff684ca2122-7ff684ca2124 481->485 482->485 486 7ff684ca23a0-7ff684ca23bf call 7ff684ca1f10 483->486 489 7ff684ca22c0-7ff684ca22c3 484->489 485->480 487 7ff684ca212a-7ff684ca2130 485->487 497 7ff684ca23c1 486->497 490 7ff684ca23d2-7ff684ca23f2 call 7ff684ca1ea0 487->490 491 7ff684ca2136-7ff684ca213d 487->491 493 7ff684ca23c6-7ff684ca23cd call 7ff684ca1ea0 489->493 494 7ff684ca22c9-7ff684ca22d8 489->494 507 7ff684ca23f4-7ff684ca2418 490->507 508 7ff684ca2419-7ff684ca241d 490->508 491->464 496 7ff684ca2143-7ff684ca2154 491->496 493->490 499 7ff684ca2340-7ff684ca2348 call 7ff684ca1f10 494->499 500 7ff684ca22da-7ff684ca22dd 494->500 502 7ff684ca21b3-7ff684ca21cc 496->502 497->493 509 7ff684ca2350-7ff684ca2358 499->509 500->499 506 7ff684ca22df-7ff684ca22f3 call 7ff684ca1ea0 500->506 503 7ff684ca21d2 502->503 504 7ff684ca22f8-7ff684ca2303 502->504 503->489 511 7ff684ca21d8-7ff684ca21db 503->511 504->509 510 7ff684ca2305-7ff684ca231a 504->510 506->504 507->508 516 7ff684ca231c-7ff684ca231f 509->516 519 7ff684ca235a 509->519 515 7ff684ca232b-7ff684ca2333 call 7ff684ca1f10 510->515 510->516 517 7ff684ca2160-7ff684ca216d 511->517 518 7ff684ca21dd-7ff684ca21e0 511->518 515->499 516->506 521 7ff684ca2321-7ff684ca2329 516->521 524 7ff684ca2173-7ff684ca2182 517->524 525 7ff684ca2378-7ff684ca2380 517->525 518->493 523 7ff684ca21e6-7ff684ca21f3 518->523 519->515 521->506 521->515 529 7ff684ca2360-7ff684ca2368 523->529 530 7ff684ca21f9-7ff684ca2208 523->530 526 7ff684ca2184-7ff684ca218b 524->526 531 7ff684ca219b-7ff684ca21ad call 7ff684ca1f10 524->531 525->526 527 7ff684ca2386 525->527 526->506 532 7ff684ca2191-7ff684ca2195 526->532 527->531 535 7ff684ca220a-7ff684ca2211 529->535 536 7ff684ca236e 529->536 534 7ff684ca2224-7ff684ca2237 call 7ff684ca1f10 530->534 530->535 531->502 540 7ff684ca2240-7ff684ca2248 531->540 532->506 532->531 534->502 543 7ff684ca223d 534->543 535->506 538 7ff684ca2217-7ff684ca221e 535->538 536->534 538->506 538->534 540->464 542 7ff684ca224e-7ff684ca225b 540->542 544 7ff684ca2260-7ff684ca2270 542->544 543->540 545 7ff684ca227f-7ff684ca228c 544->545 546 7ff684ca2272-7ff684ca227d VirtualProtect 544->546 545->544 547 7ff684ca228e 545->547 546->545 547->464
                                            APIs
                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00000000,00000000,00007FF684CA2071,?,?,?,?,?,?,00007FF684DE5628,00000000,?), ref: 00007FF684CA1EF0
                                            • VirtualQuery.KERNEL32 ref: 00007FF684CA1FBB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: QueryVirtual__acrt_iob_func
                                            • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                                            • API String ID: 4109086920-1534286854
                                            • Opcode ID: f09a80c1134d828c01efaecc68c9b68e5172b62628963cd11d42d28b0edd77e8
                                            • Instruction ID: d6108730c8a8c6d6b13e54f372c0c6c9c1001483d87f25c351d41333933cc3c4
                                            • Opcode Fuzzy Hash: f09a80c1134d828c01efaecc68c9b68e5172b62628963cd11d42d28b0edd77e8
                                            • Instruction Fuzzy Hash: 4451B4B2A08A56C5EB10CB51ECC06A9A7B5FF94B94F848239EE4D97795DF3CE441C300
                                            Function 00007FF684D38414 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID: 0$f$p$p
                                            • API String ID: 3215553584-1202675169
                                            • Opcode ID: b17e1fa68d7c209e0f03e2520916445488a16dc0a91c82ce2b4168a76fe5ab7c
                                            • Instruction ID: 02be65f691b7147f68d601a78db28b0cf93de2dbf824f7de432a48166e727c7a
                                            • Opcode Fuzzy Hash: b17e1fa68d7c209e0f03e2520916445488a16dc0a91c82ce2b4168a76fe5ab7c
                                            • Instruction Fuzzy Hash: 75126E72A0C243C6FB245A15A4847B976E2FF90B94F848639F69B876C4EF3CE580C714
                                            Function 00007FF684D41434 Relevance: 12.6, Strings: 10, Instructions: 57COMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 716 7ff684d41434-7ff684d41585 call 7ff684d40a9c * 10
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: CHN$ENU$ESD$ESE$ESG$ESI$ESM$ESR$ESY$USA
                                            • API String ID: 0-1681952876
                                            • Opcode ID: 59f4195e7b3ccf5729206a2966c8c635a87b82da9d0cdb6ec903e65abd0a3e52
                                            • Instruction ID: c03d15d9c8c44c00f935cb38ff9a364435ca0fd5f8291e89aaf64f99fbcc5c0d
                                            • Opcode Fuzzy Hash: 59f4195e7b3ccf5729206a2966c8c635a87b82da9d0cdb6ec903e65abd0a3e52
                                            • Instruction Fuzzy Hash: BF311BA0A1CA4BE1FA15DB94E8D16F42371BF44348FC0563FE50FA61A5DE7CA64AC381
                                            Function 00007FF684CD2FB0 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 278COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1819 7ff684cd2fb0-7ff684cd301f call 7ff684d5e81c 1822 7ff684cd3024-7ff684cd3049 call 7ff684ce7550 1819->1822 1823 7ff684cd3021 1819->1823 1826 7ff684cd304e-7ff684cd308e call 7ff684ce7550 1822->1826 1827 7ff684cd304b 1822->1827 1823->1822 1830 7ff684cd30a3-7ff684cd30e6 call 7ff684ce6350 * 3 1826->1830 1831 7ff684cd3090-7ff684cd309f call 7ff684cea530 1826->1831 1827->1826 1840 7ff684cd3114-7ff684cd311f 1830->1840 1841 7ff684cd30e8-7ff684cd310f call 7ff684ce6350 * 2 1830->1841 1831->1830 1843 7ff684cd3121-7ff684cd3130 1840->1843 1844 7ff684cd313d-7ff684cd3152 call 7ff684cead40 1840->1844 1841->1840 1846 7ff684cd3132 1843->1846 1847 7ff684cd3135-7ff684cd313b 1843->1847 1850 7ff684cd3153-7ff684cd315b 1844->1850 1846->1847 1847->1850 1852 7ff684cd318e-7ff684cd31a6 1850->1852 1853 7ff684cd315d-7ff684cd316e 1850->1853 1854 7ff684cd31d5-7ff684cd320f call 7ff684d51340 1852->1854 1855 7ff684cd31a8-7ff684cd31b9 1852->1855 1856 7ff684cd3170-7ff684cd3183 1853->1856 1857 7ff684cd3189 call 7ff684d51360 1853->1857 1860 7ff684cd31d0 call 7ff684d51360 1855->1860 1861 7ff684cd31bb-7ff684cd31ce 1855->1861 1856->1857 1858 7ff684cd3216-7ff684cd323f call 7ff684d34d78 1856->1858 1857->1852 1869 7ff684cd326e-7ff684cd32b0 call 7ff684cd2d10 * 2 call 7ff684d53318 1858->1869 1870 7ff684cd3241-7ff684cd324f 1858->1870 1860->1854 1861->1860 1863 7ff684cd3210-7ff684cd3215 call 7ff684d34d78 1861->1863 1863->1858 1894 7ff684cd32b2-7ff684cd32ba call 7ff684d51360 1869->1894 1895 7ff684cd32bf-7ff684cd32cc 1869->1895 1872 7ff684cd3251-7ff684cd3264 1870->1872 1873 7ff684cd3269 call 7ff684d51360 1870->1873 1875 7ff684cd32cd-7ff684cd32f9 call 7ff684d34d78 1872->1875 1876 7ff684cd3266 1872->1876 1873->1869 1883 7ff684cd32fb-7ff684cd3309 1875->1883 1884 7ff684cd3328-7ff684cd336c call 7ff684cd2d10 * 2 call 7ff684d53318 1875->1884 1876->1873 1886 7ff684cd3323 call 7ff684d51360 1883->1886 1887 7ff684cd330b-7ff684cd331e 1883->1887 1886->1884 1890 7ff684cd3320 1887->1890 1891 7ff684cd336d-7ff684cd3372 call 7ff684d34d78 1887->1891 1890->1886 1894->1895
                                            APIs
                                            Strings
                                            • xdigit, xrefs: 00007FF684CD30B8
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CD2FCE
                                            • operator, xrefs: 00007FF684CD3299, 00007FF684CD3353
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __std_exception_destroy__std_fs_code_page
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$operator$xdigit
                                            • API String ID: 4014462690-2575493076
                                            • Opcode ID: c084d0128df64970062c2312707118524547be05ed639d0701a8f320b51a76b8
                                            • Instruction ID: 59f011eed05cf07e032d6d42edcea492351283d108c64fbfaf59a8ed0424033e
                                            • Opcode Fuzzy Hash: c084d0128df64970062c2312707118524547be05ed639d0701a8f320b51a76b8
                                            • Instruction Fuzzy Hash: DDA1A862B08A81D5FB00DF25E4943AD2375FF48B88F50853ADA5D87BAADF79D486C340
                                            Function 00007FF684CD1E30 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 217COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1903 7ff684cd1e30-7ff684cd1e5a 1904 7ff684cd1fc0-7ff684cd1fdc 1903->1904 1905 7ff684cd1e60-7ff684cd1e63 1903->1905 1905->1904 1906 7ff684cd1e69-7ff684cd1e80 call 7ff684d51600 1905->1906 1909 7ff684cd1e82-7ff684cd1e89 1906->1909 1910 7ff684cd1e91 1906->1910 1911 7ff684cd1e8b-7ff684cd1e8f 1909->1911 1912 7ff684cd1e98-7ff684cd1ed9 call 7ff684d5f27c 1909->1912 1910->1912 1911->1912 1915 7ff684cd1edf-7ff684cd1f52 call 7ff684d5fa4c call 7ff684d5fecc call 7ff684d5fab8 1912->1915 1916 7ff684cd1fdd-7ff684d5ffa1 call 7ff684d5f70c 1912->1916 1933 7ff684cd1f54 call 7ff684d34160 1915->1933 1934 7ff684cd1f59-7ff684cd1f64 1915->1934 1924 7ff684d5ffa3-7ff684d5ffb3 call 7ff684d49260 call 7ff684d49200 1916->1924 1925 7ff684d5ffb5-7ff684d5ffb9 1916->1925 1927 7ff684d5ffbb-7ff684d5ffbe 1924->1927 1925->1927 1930 7ff684d5ffd2-7ff684d5ffd8 1927->1930 1931 7ff684d5ffc0-7ff684d5ffc6 1927->1931 1937 7ff684d5ffda-7ff684d5ffdd 1930->1937 1938 7ff684d6002f-7ff684d60039 1930->1938 1935 7ff684d5ffcb-7ff684d5ffcd 1931->1935 1936 7ff684d5ffc8 1931->1936 1933->1934 1944 7ff684cd1f6b-7ff684cd1f76 1934->1944 1945 7ff684cd1f66 call 7ff684d34160 1934->1945 1943 7ff684d600b0-7ff684d600bc 1935->1943 1936->1935 1946 7ff684d5ffec-7ff684d5fffa 1937->1946 1947 7ff684d5ffdf-7ff684d5ffe8 call 7ff684d3be30 1937->1947 1940 7ff684d6003b-7ff684d60053 call 7ff684d3f3ec 1938->1940 1941 7ff684d5fffc-7ff684d60012 1938->1941 1954 7ff684d60015-7ff684d60017 1940->1954 1941->1954 1952 7ff684cd1f7d-7ff684cd1f88 1944->1952 1953 7ff684cd1f78 call 7ff684d34160 1944->1953 1945->1944 1946->1935 1946->1941 1947->1935 1963 7ff684d5ffea 1947->1963 1958 7ff684cd1f8f-7ff684cd1f9a 1952->1958 1959 7ff684cd1f8a call 7ff684d34160 1952->1959 1953->1952 1960 7ff684d60019-7ff684d6002d 1954->1960 1961 7ff684d60055-7ff684d6005f 1954->1961 1965 7ff684cd1fa1-7ff684cd1fac 1958->1965 1966 7ff684cd1f9c call 7ff684d34160 1958->1966 1959->1958 1962 7ff684d60064-7ff684d60096 call 7ff684d603b8 1960->1962 1961->1962 1962->1935 1974 7ff684d6009c-7ff684d600a4 1962->1974 1963->1940 1968 7ff684cd1fb3-7ff684cd1fbb call 7ff684d5f2f4 1965->1968 1969 7ff684cd1fae call 7ff684d34160 1965->1969 1966->1965 1968->1904 1969->1968 1974->1943 1975 7ff684d600a6-7ff684d600ae 1974->1975 1975->1943
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
                                            • String ID: eachable$function not supported$lower
                                            • API String ID: 1612978173-2004401088
                                            • Opcode ID: 40c7454b4a1272e6f12cf915ad7bc6efeb3b83da4fd0ae39ec654a8b1f0dc425
                                            • Instruction ID: bd8107ba9714dc28b49547ba9fbb9dd4c32b3d78f6d33d9b564b50b348b90a4b
                                            • Opcode Fuzzy Hash: 40c7454b4a1272e6f12cf915ad7bc6efeb3b83da4fd0ae39ec654a8b1f0dc425
                                            • Instruction Fuzzy Hash: 83917C32B09B41CAEB15DB60D4903BD36A5FF94788F04423EEA4E97A9ADF38E555C340
                                            Function 00007FF684D4B4AC Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 222COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684D4B727
                                            • ian-swiss, xrefs: 00007FF684D4B548
                                            • itain, xrefs: 00007FF684D4B512
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: NameTranslate
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$ian-swiss$itain
                                            • API String ID: 2039356047-1976367729
                                            • Opcode ID: aea9805d8be47ef358fece8431e17e8582b9befa990eef2d98ad3ed5edee7f72
                                            • Instruction ID: ab0fce00181e0e23f1b67463f7f7be81f8e585f84768a4528e85e3eb82580d03
                                            • Opcode Fuzzy Hash: aea9805d8be47ef358fece8431e17e8582b9befa990eef2d98ad3ed5edee7f72
                                            • Instruction Fuzzy Hash: B6914732A08782C6EB74AF6194812B963A4FF64BC4F444239DE5E8B786EF3CE551C700
                                            Function 00007FF684CEA790 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 174COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CEA7A4
                                            • iostream stream error, xrefs: 00007FF684CEA800
                                            • operator, xrefs: 00007FF684CEA931
                                            • must be followed by U+DC00..U+DFFF, xrefs: 00007FF684CEA942
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __std_exception_copy
                                            • String ID: must be followed by U+DC00..U+DFFF$d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$iostream stream error$operator
                                            • API String ID: 592178966-856831111
                                            • Opcode ID: 173c248ad31fc580bfca202b648d0bd64c90a4d464a55cfaf713f72dd4015b9f
                                            • Instruction ID: d9c17f52b40e60b731ba4646a9c92cd7110469cb4fcaa3e7583ffacc0a36560d
                                            • Opcode Fuzzy Hash: 173c248ad31fc580bfca202b648d0bd64c90a4d464a55cfaf713f72dd4015b9f
                                            • Instruction Fuzzy Hash: 48718F62F18B81C9FB008F78D4813AC2361FF55798F419336EA5D56ADAEF789185C300
                                            Function 00007FF684D4BEE0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 171COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • ed-states, xrefs: 00007FF684D4BF50
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684D4BEF2
                                            • great britain, xrefs: 00007FF684D4BFA9
                                            • ian-swiss, xrefs: 00007FF684D4BFB8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: CodePageProcess
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$ed-states$great britain$ian-swiss
                                            • API String ID: 2600045632-574136104
                                            • Opcode ID: 28463d91f7400e7509a22e1b42e99e6c2af4af39ef8f4877dc94fa25e213d4a5
                                            • Instruction ID: 4e1bf2f8f47842de514dfd1b389cde5481ac8bf9255007a2a4bc9e627f4443f7
                                            • Opcode Fuzzy Hash: 28463d91f7400e7509a22e1b42e99e6c2af4af39ef8f4877dc94fa25e213d4a5
                                            • Instruction Fuzzy Hash: ED715A32B08712CAFB219B65D8906B923B0BF58B84F45423ACE1E97695EF3DE446C750
                                            Function 00007FF684CE7300 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CE7312
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_
                                            • API String ID: 1168246061-1695713617
                                            • Opcode ID: 62054f4dadd8996ea77fc01b27df17d647a8fb42a4f7ee0450ac107cf0e9d070
                                            • Instruction ID: b291e5eee1677737325768085e8547f8bc53ecf2274921a1611c3cdfd006b9e9
                                            • Opcode Fuzzy Hash: 62054f4dadd8996ea77fc01b27df17d647a8fb42a4f7ee0450ac107cf0e9d070
                                            • Instruction Fuzzy Hash: 0F519F22A18B81C2EB149B25E4C136977A4FF94B94F19473ADA9D877A9DF3CE181C700
                                            Function 00007FF684CA14A8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: puts$fflush
                                            • String ID: Balance done.$Balance here.
                                            • API String ID: 2647259923-1376018514
                                            • Opcode ID: 3af7f36b98e8c874185ba7101167ecb57fb444cb4fc568d4fe4cac4507a22402
                                            • Instruction ID: 9ee640f9dcfd260727a5a3aeff8d30884417cacea772c2eb84a07732cd9795e7
                                            • Opcode Fuzzy Hash: 3af7f36b98e8c874185ba7101167ecb57fb444cb4fc568d4fe4cac4507a22402
                                            • Instruction Fuzzy Hash: BE014872F18202DEFB10DBA5C8853B822B8BF00358F10017ADE1EEA3D5DE2CA680C600
                                            Function 00007FF684D5F5B4 Relevance: 7.6, Strings: 6, Instructions: 63COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: domain$file exists$filename too long$in use$ogress$pty
                                            • API String ID: 0-2721743378
                                            • Opcode ID: 28a39fcff2112d3bf8a01e0ded423e318209f21e4f433f8615dfea5023a8cd0d
                                            • Instruction ID: f4e0dcd824347a2a6156d9b1bdbf6a726a0dfb9352c10c772a8cb6d0e4b6e00b
                                            • Opcode Fuzzy Hash: 28a39fcff2112d3bf8a01e0ded423e318209f21e4f433f8615dfea5023a8cd0d
                                            • Instruction Fuzzy Hash: FA211AB2E49647E4ED999F2C96F85B42A94FF95300B9B037EC51FC6678DD1EE604C200
                                            Function 00007FF684CEEFD0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 339COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: Concurrency::cancel_current_task
                                            • String ID: 2@@5@AEBUOptions@23@@Z@
                                            • API String ID: 118556049-3621887160
                                            • Opcode ID: 50fa9f1bcb0824c46e1ebfb624846b5897aeedd9f4e87c363e3dae4c30f53f0c
                                            • Instruction ID: eb7c24f17bc28282fb835dcbe641f143bf42969b5261825381963fadae49194d
                                            • Opcode Fuzzy Hash: 50fa9f1bcb0824c46e1ebfb624846b5897aeedd9f4e87c363e3dae4c30f53f0c
                                            • Instruction Fuzzy Hash: FEB1D122B09AC691E914DB16E8811BA6368FF44BE4F544A3ADFAD87BD5DF3CE041C300
                                            Function 00007FF684CA2080 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 227memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualProtect.KERNEL32(00007FF684DE80B0,00007FF684DE80B8,00000001,?,?,?,?,00007FFDB240ADA0,00007FF684CA1228,?,?,?,00007FF684CA1406), ref: 00007FF684CA227D
                                            Strings
                                            • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF684CA22E4
                                            • Unknown pseudo relocation protocol version %d., xrefs: 00007FF684CA23D2
                                            • Unknown pseudo relocation bit size %d., xrefs: 00007FF684CA23C6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                                            • API String ID: 544645111-1286557213
                                            • Opcode ID: b48a8d85edbdaec96c8b1b9b15a561edb0c35f366a9d529c8dc3dc3da2bef896
                                            • Instruction ID: 527bc7160be6f90e9ea928516208002972fb04037cf3f8bd5edabc09f2aa6fe4
                                            • Opcode Fuzzy Hash: b48a8d85edbdaec96c8b1b9b15a561edb0c35f366a9d529c8dc3dc3da2bef896
                                            • Instruction Fuzzy Hash: 2691A4B6E09562C5EA10DB60D8C4A7962B8BF51768F44873ADA2DA77D8DF3CE841C301
                                            Function 00007FF684CD3DD0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMON
                                            Download Yara Rule
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CD3DE3
                                            • operator, xrefs: 00007FF684CD4052
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$operator
                                            • API String ID: 0-179660579
                                            • Opcode ID: bca8d15c6afb419b36759e8a63ce7f33a896df6a5da27ea7b731f6e5bfe9e7a6
                                            • Instruction ID: b73c837b760651377bfabeb14231b25ab792d7f90ac5033e5dd3e6830a25f31c
                                            • Opcode Fuzzy Hash: bca8d15c6afb419b36759e8a63ce7f33a896df6a5da27ea7b731f6e5bfe9e7a6
                                            • Instruction Fuzzy Hash: 4C71DB62F14B8185FB00CB69D4813AC2775FF95B94F54423AEE5E57A9ACF78D082C340
                                            Function 00007FF684CFEA90 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __std_exception_destroy
                                            • String ID: operator$ust be escaped to \u0012
                                            • API String ID: 2453523683-439290408
                                            • Opcode ID: cbd1433ec780505788d469b49c7c5536c4d6b0a270802974f308ee9315a85848
                                            • Instruction ID: d7708a7ac65e8cfd13fd6c9a41880ff7a26a474ffc63e85e718c0d6814184c46
                                            • Opcode Fuzzy Hash: cbd1433ec780505788d469b49c7c5536c4d6b0a270802974f308ee9315a85848
                                            • Instruction Fuzzy Hash: F1519E62A18741C1EB149F19E08026E6721FF85BD0F50423AEBAE43BD6DF7CE081C740
                                            Function 00007FF684D481C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • ?AV?$vector@V?$unique_ptr@U?$basic_object@D@vdf@tyti@@U?$default_delete@U?$basic_object@D@vdf@tyti@@@std@@@std@@V?$allocator@V?$unique_ptr@U?$basic_object@D@vdf@tyti@@U?$default_delete@U?$basic_object@D@vdf@tyti@@@std@@@std@@@2@@std@@V?$_String_const_iterator@, xrefs: 00007FF684D481EB
                                            • ator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@5@AEBUOptions@23@@Z@, xrefs: 00007FF684D482D3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __free_lconv_mon__free_lconv_num
                                            • String ID: ?AV?$vector@V?$unique_ptr@U?$basic_object@D@vdf@tyti@@U?$default_delete@U?$basic_object@D@vdf@tyti@@@std@@@std@@V?$allocator@V?$unique_ptr@U?$basic_object@D@vdf@tyti@@U?$default_delete@U?$basic_object@D@vdf@tyti@@@std@@@std@@@2@@std@@V?$_String_const_iterator@$ator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@5@AEBUOptions@23@@Z@
                                            • API String ID: 2148069796-66340973
                                            • Opcode ID: 69e38d382c4f3b29a707a32239b9d597503d838726518d827f5f30b403d10bd7
                                            • Instruction ID: c2c386c7a9a87e308aa1d85bd6df3acfbd3d4010c68ed660b923376d1e8b5fa4
                                            • Opcode Fuzzy Hash: 69e38d382c4f3b29a707a32239b9d597503d838726518d827f5f30b403d10bd7
                                            • Instruction Fuzzy Hash: 5D41CB36A1AA42C5EE759F65C4D43BC2350BF85FC4F088639EA4F97695DE6CE481C310
                                            Function 00007FF684CA2429 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: signal
                                            • String ID: CCG
                                            • API String ID: 1946981877-1584390748
                                            • Opcode ID: ab4e1c633ad4449b1a3e44c2f9961996aaf6eb8def0ead5230d4cc82aa084f27
                                            • Instruction ID: 0f28b3ac914af0a5106cff233d33603990beec7e95c641d29df569905996ba74
                                            • Opcode Fuzzy Hash: ab4e1c633ad4449b1a3e44c2f9961996aaf6eb8def0ead5230d4cc82aa084f27
                                            • Instruction Fuzzy Hash: 8121B0D1E0D922C2FA69D2A8D0E477811A9BF89354F19493FDA1DD63D1DF1CE8C1C211
                                            Function 00007FF684CE57C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __std_exception_copy
                                            • String ID: must be followed by U+DC00..U+DFFF$operator
                                            • API String ID: 592178966-514014180
                                            • Opcode ID: 53ddb2118ee7bae31a66eedc50c7117b7d2163d0fe743ad4496814a738b24505
                                            • Instruction ID: b62eac053b6e07ac4bcf857070e8df3274ae8a72bdae8070a8d7afd022b907cb
                                            • Opcode Fuzzy Hash: 53ddb2118ee7bae31a66eedc50c7117b7d2163d0fe743ad4496814a738b24505
                                            • Instruction Fuzzy Hash: 24011372A04B44E6D7119F25E880099B364FB58794B98D236DB8D82B25EE38E5E5C300
                                            Function 00007FF684D1F530 Relevance: 6.6, Strings: 5, Instructions: 350COMMON
                                            Download Yara Rule
                                            Strings
                                            • r U+0006 (ACK) must be escaped to \u0006, xrefs: 00007FF684D1F98F
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684D1F542
                                            • string: control character U+000E (SO) must be escaped to \u000E, xrefs: 00007FF684D1F94D
                                            • 2@@5@AEBUOptions@23@@Z@, xrefs: 00007FF684D1F650
                                            • @@2@@std@@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$ba, xrefs: 00007FF684D1FBE0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __std_fs_convert_narrow_to_wide$__std_fs_code_page
                                            • String ID: 2@@5@AEBUOptions@23@@Z@$@@2@@std@@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$ba$d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$r U+0006 (ACK) must be escaped to \u0006$string: control character U+000E (SO) must be escaped to \u000E
                                            • API String ID: 2896615418-3726601797
                                            • Opcode ID: 5db88798ebcdff8890de2a7d89abf8b1082c11c5724509c71614d068e72ced82
                                            • Instruction ID: 7732fdab6e3d21c6c55954c82d5e478ef5c2f0afca2e87d2ef387b1c6b104714
                                            • Opcode Fuzzy Hash: 5db88798ebcdff8890de2a7d89abf8b1082c11c5724509c71614d068e72ced82
                                            • Instruction Fuzzy Hash: E2026472A19AC6C1EA21DB14E4D43EEA364FFC4744F40423ADA8E87AA9DF7CD545CB00
                                            Function 00007FF684D3E3D4 Relevance: 6.5, Strings: 5, Instructions: 208COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Strings
                                            • C, xrefs: 00007FF684D3E4E6
                                            • @U?$basic_object@D@vdf@tyti@@@std@@@std@@@2@@std@@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$, xrefs: 00007FF684D3E5DA
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684D3E3F3
                                            • U, xrefs: 00007FF684D3E431
                                            • ator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@5@AEBUOptions@23@@Z@, xrefs: 00007FF684D3E6B8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @U?$basic_object@D@vdf@tyti@@@std@@@std@@@2@@std@@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$$C$U$ator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@5@AEBUOptions@23@@Z@$d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_
                                            • API String ID: 0-2514502126
                                            • Opcode ID: 3d77e73bf58285045ad2f15e7036e3e453e6a56216d138070606037ee5f9d77e
                                            • Instruction ID: 6f6fadcd7c6de19f6cde5c05158a3727f7c5aa76e07715187495408efe0b2681
                                            • Opcode Fuzzy Hash: 3d77e73bf58285045ad2f15e7036e3e453e6a56216d138070606037ee5f9d77e
                                            • Instruction Fuzzy Hash: 7D91B032A19695D6EB65CB25E4847AD73A4FF88794F104339EA4E83B94EF3CE451CB00
                                            Function 00007FF684D17510 Relevance: 6.3, Strings: 5, Instructions: 80COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ash$st be escaped to \u000D or \r$string: control character U+0000 (NUL) must be escaped to \u0000$string: control character U+0006 (ACK) must be escaped to \u0006$string: surrogate U+DC00..U+DFFF must follow U+D800..U+DBFF
                                            • API String ID: 0-1371089726
                                            • Opcode ID: 97c9c9fb4913ab7e4e9b2d164bff744e7f0033a1d4d32db8e403dec60fffa933
                                            • Instruction ID: 02db463a43a4619fa00dfbbe9f687c10b838ecb239b33a14ce1d6c9a253f6603
                                            • Opcode Fuzzy Hash: 97c9c9fb4913ab7e4e9b2d164bff744e7f0033a1d4d32db8e403dec60fffa933
                                            • Instruction Fuzzy Hash: 3941E732605F85CADB10CF19E5C0169BBB4FB88B49B55C62ACB8E83720DF7AE156C740
                                            Function 00007FF684CFDBF0 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 325COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CFDDBE
                                            • 2@@5@AEBUOptions@23@@Z@, xrefs: 00007FF684CFDC02
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: Concurrency::cancel_current_task
                                            • String ID: 2@@5@AEBUOptions@23@@Z@$d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_
                                            • API String ID: 118556049-2549595569
                                            • Opcode ID: 25b7050dd8e14b3b31ed8be001b74f2e61024810812873b7e49af35c9c963afb
                                            • Instruction ID: 615cf4de01c6f18e95e1e989d8eba58bf24ca4544cf0a0c7c23afcf9deeb53fa
                                            • Opcode Fuzzy Hash: 25b7050dd8e14b3b31ed8be001b74f2e61024810812873b7e49af35c9c963afb
                                            • Instruction Fuzzy Hash: C2C1AF32A09B81C2EB108F15E480369B7B5FB85B94F19813AEB8E47B95DFBCD481C700
                                            Function 00007FF684D47998 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 224COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684D47AC1, 00007FF684D47B65
                                            • h-english, xrefs: 00007FF684D47A39
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$h-english
                                            • API String ID: 3215553584-3928706287
                                            • Opcode ID: 159020f3acb80e923889ac9b28097274fad83d1d42c20df0c096c6933b052621
                                            • Instruction ID: 154625bdd30c191694f40c9d5860db6cea19f04afa0351f044c19ee08fb714f3
                                            • Opcode Fuzzy Hash: 159020f3acb80e923889ac9b28097274fad83d1d42c20df0c096c6933b052621
                                            • Instruction Fuzzy Hash: E5917732A09686C2FA759B25A4C127A66A0FF407C4F544A3DDA5F9B7E1EE3CE941C300
                                            Function 00007FF684CDA2F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181COMMON
                                            Download Yara Rule
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CDA432
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_
                                            • API String ID: 0-1695713617
                                            • Opcode ID: b342862ec76fd47dee61953702874e9f6299265352f1bc29f9ff8994afac1827
                                            • Instruction ID: 2b95cb028f5b2f5e27aabe44c2256786d65300f186c4b8b7cfa51c25d554408f
                                            • Opcode Fuzzy Hash: b342862ec76fd47dee61953702874e9f6299265352f1bc29f9ff8994afac1827
                                            • Instruction Fuzzy Hash: 9C618522A49B42CAEA249F11E48037962A9FF487E4F581739DEAD47BD5DF3DE491C300
                                            Function 00007FF684CEC5B0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: Concurrency::cancel_current_task
                                            • String ID: eachable$function not supported
                                            • API String ID: 118556049-3534612884
                                            • Opcode ID: dc370f955ca59d4b33d95e21242b770027761bfbe08dbd7c31a929121c04067b
                                            • Instruction ID: 636c98bccf2294dede66fd8971787913dd9224ebb1881bf6d48105ce580acf07
                                            • Opcode Fuzzy Hash: dc370f955ca59d4b33d95e21242b770027761bfbe08dbd7c31a929121c04067b
                                            • Instruction Fuzzy Hash: 7C41C132B05B45D1EA149B12E9C52AA62A8FF48BE4F18473ADE6D877D5EF3CD491C300
                                            Function 00007FF684CD3380 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __std_exception_copy
                                            • String ID: eral$operator
                                            • API String ID: 592178966-3821090533
                                            • Opcode ID: ae0a8b09ca9451badf197f1976b0f57fa78388ca91d24fe9a769a44bd1b19fcc
                                            • Instruction ID: 1cf866b5ff36332ed0f441b11c426b08a1f934dc91a79bc7da827f39df434857
                                            • Opcode Fuzzy Hash: ae0a8b09ca9451badf197f1976b0f57fa78388ca91d24fe9a769a44bd1b19fcc
                                            • Instruction Fuzzy Hash: A4315E22909B86E1DB119F14E5801E97374FF94744F809236E78D4366AEF38E6A9C740
                                            Function 00007FF684D51340 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684D51A64
                                            • std@@@std@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V, xrefs: 00007FF684D51A79
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: capture_previous_context
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$std@@@std@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V
                                            • API String ID: 913372019-629703798
                                            • Opcode ID: d2be7348ff9ce230cc743c672f79cae30b69e46daf806bb313cd1bdba00f6238
                                            • Instruction ID: 7d1432f3ef500cd584da7350ee88748c67560e8c98fb6f7c0a3c1c267f440c8e
                                            • Opcode Fuzzy Hash: d2be7348ff9ce230cc743c672f79cae30b69e46daf806bb313cd1bdba00f6238
                                            • Instruction Fuzzy Hash: BF21DB34A09B02C2FB409B18E8913B867A4FF95708F90123AD98EC37A5EF3DA444CB00
                                            Function 00007FF684CA1D90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __acrt_iob_func
                                            • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                            • API String ID: 711238415-3474627141
                                            • Opcode ID: f528937272dd32a8eaa8efad4902fb29401ad3a1864d1b0760f556769c8dda61
                                            • Instruction ID: 9c88a83a042433b53369a13dfe000336dd66d423a5df6ec5da536f6deb2e3b35
                                            • Opcode Fuzzy Hash: f528937272dd32a8eaa8efad4902fb29401ad3a1864d1b0760f556769c8dda61
                                            • Instruction Fuzzy Hash: AF0108A2C08E84C1D202CF1CD8811FAB374FF5978AF245326EB8C66220DF29D543C700
                                            Function 00007FF684CD0DB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CD0DB6
                                            • operator, xrefs: 00007FF684CD0DDA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __std_exception_copy
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$operator
                                            • API String ID: 592178966-179660579
                                            • Opcode ID: f8db7b87c0aa70b5c2c2406d22323eda49e74d07bb3df65c4619f77c50b753c1
                                            • Instruction ID: 4e5ebc6a374645e1c8732dfc2d9313077b440bb25fab40797f21a4883dfc39e1
                                            • Opcode Fuzzy Hash: f8db7b87c0aa70b5c2c2406d22323eda49e74d07bb3df65c4619f77c50b753c1
                                            • Instruction Fuzzy Hash: 8DF0A4B2A28B85C1EB008F15F4901A97764FF99784F54523AEA8E83761EF3CE1E1C700
                                            Function 00007FF684CD0E30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CD0E36
                                            • operator, xrefs: 00007FF684CD0E50
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __std_exception_copy
                                            • String ID: d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$operator
                                            • API String ID: 592178966-179660579
                                            • Opcode ID: 1f1333c052e102018ce6c721f4d98f2d7bedc39e4f31c71514575dd0eeb4ceca
                                            • Instruction ID: 9517efde0db26ddfc3c9fb3b5360126a59f509d00ff00321ba3e662a46ac1ba1
                                            • Opcode Fuzzy Hash: 1f1333c052e102018ce6c721f4d98f2d7bedc39e4f31c71514575dd0eeb4ceca
                                            • Instruction Fuzzy Hash: A3F096B2A19B80C1EB419F20F8901A97764FF9D784F545336EA8E82725EF3CD195C700
                                            Function 00007FF684CA1E30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684CA1DE8
                                              • Part of subcall function 00007FF684CA2D10: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,00007FF684CA2EA3,?,?,00007FF684DE80B0,00007FF684CA1341), ref: 00007FF684CA2D38
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __acrt_iob_func__stdio_common_vfprintf
                                            • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                            • API String ID: 2168557111-2713391170
                                            • Opcode ID: ee3f3bb47bd6a24556798c34e3bc92ffd6b12cba5a125b18ea1b5722df76c2ba
                                            • Instruction ID: 404f454995469b1e0d428a48fba93fc1e12c923c150baad69ec18638630a21e5
                                            • Opcode Fuzzy Hash: ee3f3bb47bd6a24556798c34e3bc92ffd6b12cba5a125b18ea1b5722df76c2ba
                                            • Instruction Fuzzy Hash: 25F06252818E94C1D202DF18E8800EBB374FF4D789F24572AEE8D3A565DF28D643C700
                                            Function 00007FF684CA1E50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684CA1DE8
                                              • Part of subcall function 00007FF684CA2D10: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,00007FF684CA2EA3,?,?,00007FF684DE80B0,00007FF684CA1341), ref: 00007FF684CA2D38
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __acrt_iob_func__stdio_common_vfprintf
                                            • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                            • API String ID: 2168557111-4064033741
                                            • Opcode ID: f79fd0e596f964fb12d506a581b5651c7ef29de0136867c86ca042b8d340619f
                                            • Instruction ID: c2ef6f86fc65177207dc6efb3b04bd70e78a0ece167c46b94b5f7c7da5d76bdb
                                            • Opcode Fuzzy Hash: f79fd0e596f964fb12d506a581b5651c7ef29de0136867c86ca042b8d340619f
                                            • Instruction Fuzzy Hash: B8F06252818E94C1D202DF18E8800EBB374FF4D789F68572AEE8D3A565DF28D643C700
                                            Function 00007FF684CA1E40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684CA1DE8
                                              • Part of subcall function 00007FF684CA2D10: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,00007FF684CA2EA3,?,?,00007FF684DE80B0,00007FF684CA1341), ref: 00007FF684CA2D38
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __acrt_iob_func__stdio_common_vfprintf
                                            • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                            • API String ID: 2168557111-4283191376
                                            • Opcode ID: 1dd5da9c229a70ada05a7e72007c3019867bc0f42a8cd2a6a57b758e29778a7c
                                            • Instruction ID: 7db4e64c6ce78e6c4d1e9a4155817aff22720376460d20014e847c1c93fcc729
                                            • Opcode Fuzzy Hash: 1dd5da9c229a70ada05a7e72007c3019867bc0f42a8cd2a6a57b758e29778a7c
                                            • Instruction Fuzzy Hash: E7F04F52818E94C1D212DF18E8800ABB374FF5D789F24572AEA893A565DF28D643C700
                                            Function 00007FF684CA1E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684CA1DE8
                                              • Part of subcall function 00007FF684CA2D10: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,00007FF684CA2EA3,?,?,00007FF684DE80B0,00007FF684CA1341), ref: 00007FF684CA2D38
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __acrt_iob_func__stdio_common_vfprintf
                                            • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                            • API String ID: 2168557111-4273532761
                                            • Opcode ID: c07508efb556dd7d9436ad69a9c8cf14d73a933b674d1fa630a59242d617e301
                                            • Instruction ID: 02fba8e9660c043da9bfb18096f6e6ac7a525a88319494913af4eb2749f1e94e
                                            • Opcode Fuzzy Hash: c07508efb556dd7d9436ad69a9c8cf14d73a933b674d1fa630a59242d617e301
                                            • Instruction Fuzzy Hash: 60F06252818E94C1D202DF18E8800EBB374FF4D789F24572AEE8D3A565DF29D643C700
                                            Function 00007FF684CA1E60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684CA1DE8
                                              • Part of subcall function 00007FF684CA2D10: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,00007FF684CA2EA3,?,?,00007FF684DE80B0,00007FF684CA1341), ref: 00007FF684CA2D38
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __acrt_iob_func__stdio_common_vfprintf
                                            • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                            • API String ID: 2168557111-2187435201
                                            • Opcode ID: 6f4887e0862d6d8c7608ed520de72aa1c1cab4868c195c56012fd40921bf5bb0
                                            • Instruction ID: d722bfcf50ccc3ccea469e428d602501bb2bb9351f5e877030263b538533342e
                                            • Opcode Fuzzy Hash: 6f4887e0862d6d8c7608ed520de72aa1c1cab4868c195c56012fd40921bf5bb0
                                            • Instruction Fuzzy Hash: 36F04F52818E94C1D202DF18E8800ABB374FF4D789F24572AEE893A565DF28D643C700
                                            Function 00007FF684CA1DC8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                            Download Yara Rule
                                            APIs
                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF684CA1DE8
                                              • Part of subcall function 00007FF684CA2D10: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,00007FF684CA2EA3,?,?,00007FF684DE80B0,00007FF684CA1341), ref: 00007FF684CA2D38
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151529147.00007FF684CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA0000, based on PE: true
                                            • Associated: 00000000.00000002.2151508679.00007FF684CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152594307.00007FF684DF3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID: __acrt_iob_func__stdio_common_vfprintf
                                            • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                            • API String ID: 2168557111-2468659920
                                            • Opcode ID: d698bc09131adaa0ad28450f15c71979d22552db26d579fbe3eb7f0cf40d9bdc
                                            • Instruction ID: 91be0574e4f99f7fe6332e3bfb3f40e0e2839064c2cc1d73edb3f1300fd9eff4
                                            • Opcode Fuzzy Hash: d698bc09131adaa0ad28450f15c71979d22552db26d579fbe3eb7f0cf40d9bdc
                                            • Instruction Fuzzy Hash: DBF01D52918E9482D202DF18E8801ABB374FF5E789F25572AEE893A665DF29D643C700
                                            Function 00007FF684CE5FF0 Relevance: 5.2, Strings: 4, Instructions: 220COMMON
                                            Download Yara Rule
                                            Strings
                                            • d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_, xrefs: 00007FF684CE600C
                                            • string: control character U+0000 (NUL) must be escaped to \u0000, xrefs: 00007FF684CE62BA
                                            • tectData, xrefs: 00007FF684CE6245, 00007FF684CE6286
                                            • 2@@5@AEBUOptions@23@@Z@, xrefs: 00007FF684CE5FFA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2151643563.00007FF684CA4000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF684CA4000, based on PE: true
                                            • Associated: 00000000.00000002.2152552232.00007FF684DE5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2152575108.00007FF684DE9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7ff684ca0000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 2@@5@AEBUOptions@23@@Z@$d@@@2@@std@@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@5@V65@AEAV?$unordered_set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$hash@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@U?$equal_to@V?$basic_$string: control character U+0000 (NUL) must be escaped to \u0000$tectData
                                            • API String ID: 0-156699724
                                            • Opcode ID: cb4aced989983624153f6b5b94dd7c37db31cce8b12816e7082eb09c52f35428
                                            • Instruction ID: 3ee8b8797b34cbb3098a59feb08296df91f0476fc2b30230454d74f61648032c
                                            • Opcode Fuzzy Hash: cb4aced989983624153f6b5b94dd7c37db31cce8b12816e7082eb09c52f35428
                                            • Instruction Fuzzy Hash: 5F91C022B18B81C2E711DB25E4812AD73B4FF95788F88953AEE8D83746DF38E595C340

                                            Execution Graph

                                            Execution Coverage:5.8%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:7.1%
                                            Total number of Nodes:1819
                                            Total number of Limit Nodes:71
                                            execution_graph 69704 14008b64e 69709 14008bfc0 69704->69709 69708 14008b68b 69710 14008bfde 69709->69710 69711 14008c011 69710->69711 69742 14006cce0 41 API calls 4 library calls 69710->69742 69725 14008c8e0 69711->69725 69714 14008b656 69718 1400adf40 69714->69718 69715 14008c04a 69715->69714 69717 14008c8e0 41 API calls 69715->69717 69743 140047940 41 API calls 4 library calls 69715->69743 69717->69715 69719 1400adf49 69718->69719 69720 1400adf54 69719->69720 69721 1400ae5c4 IsProcessorFeaturePresent 69719->69721 69720->69708 69722 1400ae5dc 69721->69722 69795 1400ae7b8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 69722->69795 69724 1400ae5ef 69724->69708 69726 14008c903 69725->69726 69729 14008c8fd 69725->69729 69728 14008c91a 69726->69728 69744 140053360 69726->69744 69727 14008c987 69727->69715 69728->69729 69731 14008c9b4 69728->69731 69729->69727 69763 14006cce0 41 API calls 4 library calls 69729->69763 69764 14002ed90 41 API calls 69731->69764 69733 14008c9f6 69765 1400b1108 69733->69765 69735 14008ca07 69739 14008ca35 69735->69739 69770 140047940 41 API calls 4 library calls 69735->69770 69737 14008cae0 69737->69715 69738 14008c8e0 41 API calls 69738->69739 69739->69737 69739->69738 69771 140047940 41 API calls 4 library calls 69739->69771 69742->69711 69743->69715 69745 14005339d 69744->69745 69747 140053411 69745->69747 69748 140053433 69745->69748 69753 1400533ad _Receive_impl 69745->69753 69746 1400adf40 _Strxfrm 4 API calls 69749 1400535df 69746->69749 69772 1400903b4 69747->69772 69751 1400903b4 38 API calls 69748->69751 69749->69728 69756 140053461 ctype 69751->69756 69752 140053581 69752->69753 69755 140053667 69752->69755 69753->69746 69757 140053694 69755->69757 69762 140053360 41 API calls 69755->69762 69756->69752 69759 1400903b4 38 API calls 69756->69759 69761 140053617 69756->69761 69789 140047940 41 API calls 4 library calls 69756->69789 69757->69728 69758 1400536ab 69758->69728 69759->69756 69761->69752 69790 140090e94 38 API calls 3 library calls 69761->69790 69762->69758 69763->69727 69764->69733 69766 1400b1144 RtlPcToFileHeader 69765->69766 69767 1400b1127 69765->69767 69768 1400b115c 69766->69768 69769 1400b116b RaiseException 69766->69769 69767->69766 69768->69769 69769->69735 69770->69739 69771->69739 69773 1400903ee 69772->69773 69774 1400903d0 69772->69774 69791 14009069c EnterCriticalSection 69773->69791 69793 140095e1c 8 API calls _set_errno_from_matherr 69774->69793 69777 1400903f3 69779 1400904a8 69777->69779 69782 1400995bc _fread_nolock 38 API calls 69777->69782 69778 1400903d5 69794 140091958 38 API calls _invalid_parameter_noinfo 69778->69794 69781 140090370 38 API calls 69779->69781 69788 1400903e0 _local_unwind 69781->69788 69784 14009040f 69782->69784 69783 14009047d 69785 140095e1c _set_errno_from_matherr 8 API calls 69783->69785 69784->69779 69784->69783 69786 140090482 69785->69786 69787 140091958 _invalid_parameter_noinfo 38 API calls 69786->69787 69787->69788 69788->69753 69789->69756 69790->69761 69792 1400d7208 69791->69792 69793->69778 69794->69788 69795->69724 69796 14007bab0 69797 14007bb2b 69796->69797 69854 14002f840 69797->69854 69799 14007bb50 _Receive_impl 69802 14007c053 69799->69802 69857 1400308d0 69799->69857 69801 14007c111 69925 140030100 41 API calls Concurrency::cancel_current_task 69801->69925 69922 14002ed90 41 API calls 69802->69922 69803 14007bbb9 memcpy_s 69819 14007bf02 69803->69819 69863 140089550 69803->69863 69806 1400adf40 _Strxfrm 4 API calls 69809 14007bfe5 69806->69809 69811 14007c085 69814 1400b1108 Concurrency::cancel_current_task 2 API calls 69811->69814 69812 14007bc47 69876 140089900 69812->69876 69813 14007bea9 69921 1400539a0 40 API calls 69813->69921 69817 14007c096 69814->69817 69923 14002ed90 41 API calls 69817->69923 69818 14007bc79 69821 14007bc96 69818->69821 69822 14007bd19 69818->69822 69819->69801 69819->69802 69837 14007bd03 _Receive_impl 69819->69837 69821->69802 69825 14007bcc8 69821->69825 69883 140088060 69822->69883 69824 14007c0bf 69827 1400b1108 Concurrency::cancel_current_task 2 API calls 69824->69827 69828 140087ea0 43 API calls 69825->69828 69826 14007bd2d 69830 14007bdc7 69826->69830 69831 14007bd44 69826->69831 69832 14007c0d3 69827->69832 69829 14007bcd5 69828->69829 69904 140052b80 40 API calls 69829->69904 69834 140088060 41 API calls 69830->69834 69831->69817 69835 14007bd76 69831->69835 69924 14002ed90 41 API calls 69832->69924 69838 14007bddb 69834->69838 69894 140087ea0 69835->69894 69837->69806 69841 140088060 41 API calls 69838->69841 69840 14007c0fd 69843 1400b1108 Concurrency::cancel_current_task 2 API calls 69840->69843 69844 14007bdea 69841->69844 69842 14007bd83 69905 140052b80 40 API calls 69842->69905 69843->69801 69906 1400663c0 41 API calls Concurrency::cancel_current_task 69844->69906 69847 14007bdfa 69847->69832 69848 14007be2d 69847->69848 69849 140087ea0 43 API calls 69848->69849 69850 14007be3a 69849->69850 69907 140041f40 69850->69907 69852 14007be4a 69920 140052b80 40 API calls 69852->69920 69926 140037170 69854->69926 69856 14002f862 69856->69799 69858 140030901 69857->69858 69961 1400bb76c 69858->69961 69861 1400adf40 _Strxfrm 4 API calls 69862 1400309a2 69861->69862 69862->69803 69864 140089576 69863->69864 70030 140043a20 69864->70030 69870 14007bc37 69870->69812 69870->69813 69871 14008963a 69871->69870 70057 14002ed90 41 API calls 69871->70057 69873 1400896d8 69874 1400b1108 Concurrency::cancel_current_task 2 API calls 69873->69874 69875 1400896e9 69874->69875 70268 1400429a0 69876->70268 69878 140089936 70278 14008cca0 69878->70278 69882 1400899a5 69882->69818 69887 140088067 69883->69887 69884 1400880fe 70572 1400467e0 69884->70572 69886 1400880ba 69886->69826 69887->69884 69887->69886 70571 14008a180 41 API calls 3 library calls 69887->70571 69889 1400b1108 Concurrency::cancel_current_task 2 API calls 69890 14008813c 69889->69890 69892 1400880ed 69893 1400b1108 Concurrency::cancel_current_task 2 API calls 69892->69893 69893->69884 69897 140087eb2 69894->69897 70581 140054200 40 API calls 69894->70581 69896 140087ee0 69896->69842 69897->69896 70582 14002ed90 41 API calls 69897->70582 69899 140087f26 69900 1400b1108 Concurrency::cancel_current_task 2 API calls 69899->69900 69901 140087f37 69900->69901 69902 140087f67 69901->69902 70583 140090d60 9 API calls 3 library calls 69901->70583 69902->69842 69904->69837 69905->69837 69906->69847 69909 140041f6e 69907->69909 69908 140041f92 69908->69852 69909->69908 69912 140041fe4 69909->69912 69913 14004200b 69909->69913 69919 140041ff5 69909->69919 69911 14004204b 70585 14002d8b0 41 API calls 2 library calls 69911->70585 69912->69911 69917 1400ae200 std::_Facet_Register 41 API calls 69912->69917 69914 140041ffd ctype 69913->69914 69916 1400ae200 std::_Facet_Register 41 API calls 69913->69916 69914->69852 69916->69914 69917->69919 69918 140042051 69919->69914 70584 14002d970 41 API calls 69919->70584 69920->69837 69921->69819 69922->69811 69923->69824 69924->69840 69931 14003719e 69926->69931 69927 140037293 69949 14002d970 41 API calls 69927->69949 69928 1400371c2 69928->69856 69930 1400371ea 69933 140037239 69930->69933 69939 1400ae200 69930->69939 69931->69927 69931->69928 69931->69930 69931->69933 69935 14003724f 69931->69935 69937 140037241 ctype 69933->69937 69948 14002d8b0 41 API calls 2 library calls 69933->69948 69935->69937 69938 1400ae200 std::_Facet_Register 41 API calls 69935->69938 69937->69856 69938->69937 69942 1400ae20b 69939->69942 69940 1400ae224 69940->69933 69942->69940 69943 1400ae22a 69942->69943 69950 1400a90b4 69942->69950 69944 1400ae235 69943->69944 69953 1400af020 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 69943->69953 69954 14002d8b0 41 API calls 2 library calls 69944->69954 69947 1400ae23b 69948->69927 69955 1400a90f0 69950->69955 69952 1400a90c2 69952->69942 69953->69944 69954->69947 69960 14009c064 EnterCriticalSection 69955->69960 69957 1400a90fd 69958 14009c0b8 _isindst LeaveCriticalSection 69957->69958 69959 1400a911b 69958->69959 69959->69952 69962 1400bb7ae 69961->69962 69963 1400bb7b7 __std_fs_convert_wide_to_narrow 69962->69963 69964 1400bb8c9 69962->69964 69966 1400bb80f GetFileAttributesExW 69962->69966 69965 1400adf40 _Strxfrm 4 API calls 69963->69965 69992 1400bbb40 CreateFileW __std_fs_convert_wide_to_narrow 69964->69992 69967 14003091d 69965->69967 69969 1400bb823 __std_fs_convert_wide_to_narrow 69966->69969 69976 1400bb851 __std_fs_directory_iterator_open 69966->69976 69967->69861 69969->69963 69974 1400bb832 FindFirstFileW 69969->69974 69970 1400bb8ec 69971 1400bb9bf 69970->69971 69972 1400bb921 GetFileInformationByHandleEx 69970->69972 69983 1400bb8f2 _invalid_parameter_noinfo 69970->69983 69973 1400bb9da GetFileInformationByHandleEx 69971->69973 69971->69983 69975 1400bb961 69972->69975 69980 1400bb93b _invalid_parameter_noinfo __std_fs_convert_wide_to_narrow 69972->69980 69981 1400bb9f0 _invalid_parameter_noinfo __std_fs_convert_wide_to_narrow 69973->69981 69973->69983 69974->69963 69974->69976 69975->69971 69977 1400bb982 GetFileInformationByHandleEx 69975->69977 69976->69963 69976->69964 69977->69971 69985 1400bb99e _invalid_parameter_noinfo __std_fs_convert_wide_to_narrow 69977->69985 69978 1400bba81 69993 1400ab1c0 69978->69993 69984 1400bba92 69980->69984 69988 1400bb90b 69980->69988 69981->69988 69989 1400bba8c 69981->69989 69982 1400bba86 69986 1400ab1c0 __std_fs_directory_iterator_open 38 API calls 69982->69986 69983->69963 69983->69978 69983->69988 69987 1400ab1c0 __std_fs_directory_iterator_open 38 API calls 69984->69987 69985->69982 69985->69988 69986->69989 69990 1400bba98 69987->69990 69988->69963 69991 1400ab1c0 __std_fs_directory_iterator_open 38 API calls 69989->69991 69991->69984 69992->69970 69998 140099b94 69993->69998 69995 1400ab1c9 70020 140099564 38 API calls std::locale::_Setgloballocale 69995->70020 69999 140099ba9 __std_fs_convert_wide_to_narrow 69998->69999 70000 140099bd5 FlsSetValue 69999->70000 70001 140099bb8 FlsGetValue 69999->70001 70003 140099be7 70000->70003 70005 140099bc5 _invalid_parameter_noinfo 70000->70005 70002 140099bcf 70001->70002 70001->70005 70002->70000 70021 14009d574 8 API calls 3 library calls 70003->70021 70011 140099c4e 70005->70011 70028 140099564 38 API calls std::locale::_Setgloballocale 70005->70028 70006 140099bf6 70007 140099c14 FlsSetValue 70006->70007 70008 140099c04 FlsSetValue 70006->70008 70009 140099c20 FlsSetValue 70007->70009 70010 140099c32 70007->70010 70012 140099c0d 70008->70012 70009->70012 70027 140099944 8 API calls _set_errno_from_matherr 70010->70027 70011->69995 70022 14009cf0c 70012->70022 70016 140099c3a 70019 14009cf0c __free_lconv_num 8 API calls 70016->70019 70019->70005 70021->70006 70023 14009cf11 HeapFree 70022->70023 70024 140099c12 70022->70024 70023->70024 70025 14009cf2c __std_fs_convert_wide_to_narrow __free_lconv_num 70023->70025 70024->70005 70029 140095e1c 8 API calls _set_errno_from_matherr 70025->70029 70027->70016 70029->70024 70031 140043a80 70030->70031 70032 1400ae200 std::_Facet_Register 41 API calls 70030->70032 70058 1400bc4dc 70031->70058 70032->70031 70034 140043a90 70067 140043f00 70034->70067 70037 140043b20 70038 140043b2d 70037->70038 70082 1400bc7a8 EnterCriticalSection std::_Lockit::_Lockit 70037->70082 70045 1400545c0 70038->70045 70040 140043b48 70083 14002ed90 41 API calls 70040->70083 70042 140043b88 70043 1400b1108 Concurrency::cancel_current_task 2 API calls 70042->70043 70044 140043b99 70043->70044 70095 140043630 70045->70095 70048 140077b80 70049 140077ba5 70048->70049 70050 140077c34 70048->70050 70100 1400bca18 70049->70100 70050->69871 70054 140077bcb 70109 140055ae0 64 API calls 4 library calls 70054->70109 70056 140077bf1 70056->69871 70057->69873 70084 1400bbe7c 70058->70084 70060 1400bc4fe 70064 1400bc542 ctype 70060->70064 70088 1400bc6d4 41 API calls std::_Facet_Register 70060->70088 70062 1400bc516 70089 1400bc704 39 API calls std::locale::_Setgloballocale 70062->70089 70064->70034 70065 1400bc521 70065->70064 70090 140090d60 9 API calls 3 library calls 70065->70090 70068 1400bbe7c std::_Lockit::_Lockit EnterCriticalSection 70067->70068 70069 140043f30 70068->70069 70070 1400bbe7c std::_Lockit::_Lockit EnterCriticalSection 70069->70070 70072 140043f55 70069->70072 70070->70072 70071 140043fcd 70073 1400adf40 _Strxfrm 4 API calls 70071->70073 70072->70071 70092 14002ea30 65 API calls 7 library calls 70072->70092 70074 140043ac5 70073->70074 70074->70037 70074->70040 70076 140043fdf 70077 140043fe5 70076->70077 70078 140044046 70076->70078 70093 1400bc49c 41 API calls std::_Facet_Register 70077->70093 70094 14002e570 41 API calls 2 library calls 70078->70094 70081 14004404b 70082->70038 70083->70042 70085 1400bbe8b 70084->70085 70087 1400bbe90 70084->70087 70091 14009c0d4 EnterCriticalSection std::_Lockit::_Lockit 70085->70091 70087->70060 70088->70062 70089->70065 70090->70064 70092->70076 70093->70071 70094->70081 70096 1400ae200 std::_Facet_Register 41 API calls 70095->70096 70097 140043651 70096->70097 70098 1400bc4dc 43 API calls 70097->70098 70099 140043661 70098->70099 70099->70048 70102 1400bca5a 70100->70102 70103 140077bb5 70102->70103 70110 1400be3f8 70102->70110 70103->70050 70108 140054100 38 API calls _Strxfrm 70103->70108 70104 1400bca8d 70104->70103 70127 140091534 38 API calls _invalid_parameter_noinfo 70104->70127 70106 1400bcaa7 70106->70103 70128 1400902d0 39 API calls _invalid_parameter_noinfo 70106->70128 70108->70054 70109->70056 70111 1400be324 70110->70111 70112 1400be34a 70111->70112 70114 1400be37d 70111->70114 70141 140095e1c 8 API calls _set_errno_from_matherr 70112->70141 70116 1400be390 70114->70116 70117 1400be383 70114->70117 70115 1400be34f 70142 140091958 38 API calls _invalid_parameter_noinfo 70115->70142 70129 14009d1ec 70116->70129 70143 140095e1c 8 API calls _set_errno_from_matherr 70117->70143 70122 1400be3a4 70144 140095e1c 8 API calls _set_errno_from_matherr 70122->70144 70123 1400be3b1 70136 1400c2104 70123->70136 70126 1400be35a 70126->70104 70127->70106 70128->70103 70145 14009c064 EnterCriticalSection 70129->70145 70131 14009d203 70132 14009d260 10 API calls 70131->70132 70133 14009d20e 70132->70133 70134 14009c0b8 _isindst LeaveCriticalSection 70133->70134 70135 14009d239 70134->70135 70135->70122 70135->70123 70146 1400c1d64 70136->70146 70139 1400c215e 70139->70126 70141->70115 70142->70126 70143->70126 70144->70126 70150 1400c1d9f __crtLCMapStringW 70146->70150 70148 1400c203d 70165 140091958 38 API calls _invalid_parameter_noinfo 70148->70165 70156 1400c1f66 70150->70156 70161 1400ab70c 39 API calls 5 library calls 70150->70161 70151 1400c1f6f 70151->70139 70158 1400c3a98 70151->70158 70153 1400c1fd1 70153->70156 70162 1400ab70c 39 API calls 5 library calls 70153->70162 70155 1400c1ff0 70155->70156 70163 1400ab70c 39 API calls 5 library calls 70155->70163 70156->70151 70164 140095e1c 8 API calls _set_errno_from_matherr 70156->70164 70166 1400c2f4c 70158->70166 70160 1400c3ac5 70160->70139 70161->70153 70162->70155 70163->70156 70164->70148 70165->70151 70167 1400c2f81 70166->70167 70168 1400c2f63 70166->70168 70167->70168 70170 1400c2f9d 70167->70170 70217 140095e1c 8 API calls _set_errno_from_matherr 70168->70217 70175 1400c36a8 70170->70175 70171 1400c2f68 70218 140091958 38 API calls _invalid_parameter_noinfo 70171->70218 70174 1400c2f74 70174->70160 70219 1400c3288 70175->70219 70177 1400c36ef 70178 1400c371d 70177->70178 70179 1400c3735 70177->70179 70247 140095dfc 8 API calls _set_errno_from_matherr 70178->70247 70235 1400a4ac8 70179->70235 70194 1400c372e 70194->70174 70196 1400c3722 70248 140095e1c 8 API calls _set_errno_from_matherr 70196->70248 70217->70171 70218->70174 70220 1400c32b4 70219->70220 70225 1400c32ce 70219->70225 70220->70225 70260 140095e1c 8 API calls _set_errno_from_matherr 70220->70260 70222 1400c32c3 70261 140091958 38 API calls _invalid_parameter_noinfo 70222->70261 70224 1400c33a2 70234 1400c33fa 70224->70234 70266 1400bdd4c 38 API calls 2 library calls 70224->70266 70226 1400c334e 70225->70226 70262 140095e1c 8 API calls _set_errno_from_matherr 70225->70262 70226->70224 70264 140095e1c 8 API calls _set_errno_from_matherr 70226->70264 70230 1400c3397 70265 140091958 38 API calls _invalid_parameter_noinfo 70230->70265 70231 1400c3343 70263 140091958 38 API calls _invalid_parameter_noinfo 70231->70263 70234->70177 70267 14009c064 EnterCriticalSection 70235->70267 70247->70196 70248->70194 70260->70222 70261->70225 70262->70231 70263->70226 70264->70230 70265->70224 70266->70234 70269 140042af6 70268->70269 70270 1400429d3 70268->70270 70269->70270 70271 140042b03 70269->70271 70272 1400adf40 _Strxfrm 4 API calls 70270->70272 70341 140047390 41 API calls 3 library calls 70271->70341 70273 140042a02 70272->70273 70273->69878 70275 140042b24 70276 1400b1108 Concurrency::cancel_current_task 2 API calls 70275->70276 70277 140042b35 70276->70277 70279 14008ccf4 70278->70279 70342 140095d14 70279->70342 70283 14008cdff 70365 1400798c0 70283->70365 70286 1400adf40 _Strxfrm 4 API calls 70287 140089999 70286->70287 70288 14008aae0 70287->70288 70289 14008adfd 70288->70289 70292 14008ab27 memcpy_s 70288->70292 70378 14008e420 70289->70378 70436 140066e20 41 API calls 70292->70436 70293 14008b370 41 API calls 70300 14008ae3c 70293->70300 70295 14008ab77 70437 14008d580 43 API calls 2 library calls 70295->70437 70297 14008af40 _Receive_impl 70299 1400429a0 41 API calls 70297->70299 70310 14008b004 70297->70310 70311 14008b0e3 70297->70311 70334 14008b13a 70297->70334 70298 14008ab87 70302 14008b370 41 API calls 70298->70302 70299->70310 70300->70297 70303 140066f80 43 API calls 70300->70303 70301 1400adf40 _Strxfrm 4 API calls 70304 14008b094 70301->70304 70314 14008ab93 70302->70314 70305 14008ae85 70303->70305 70304->69882 70306 14006a660 43 API calls 70305->70306 70307 14008aeab 70306->70307 70312 140067500 43 API calls 70307->70312 70308 14008ad49 70313 1400429a0 41 API calls 70308->70313 70309 14008ad91 70316 14008ad64 _Receive_impl 70309->70316 70317 1400429a0 41 API calls 70309->70317 70310->70311 70310->70316 70517 140065ff0 39 API calls 70311->70517 70326 14008aeba _Receive_impl 70312->70326 70313->70316 70339 14008ad28 _Receive_impl 70314->70339 70438 140066f80 70314->70438 70316->70301 70317->70316 70319 14008b0fb 70322 1400b1108 Concurrency::cancel_current_task 2 API calls 70319->70322 70320 14008abdf 70446 14006a660 70320->70446 70338 14008b10b 70322->70338 70324 14008b12a 70328 1400b1108 Concurrency::cancel_current_task 2 API calls 70324->70328 70325 14008ac05 70506 140067500 70325->70506 70327 1400aff18 __std_exception_destroy 9 API calls 70326->70327 70326->70334 70326->70338 70330 14008af32 70327->70330 70328->70334 70332 1400aff18 __std_exception_destroy 9 API calls 70330->70332 70332->70297 70333 14008ac2a _Receive_impl 70333->70338 70513 1400aff18 70333->70513 70337 1400aff18 __std_exception_destroy 9 API calls 70340 14008aca3 _Receive_impl 70337->70340 70518 140065ff0 39 API calls 70338->70518 70339->70308 70339->70309 70340->70338 70340->70339 70341->70275 70343 140099b94 _Getctype 38 API calls 70342->70343 70344 140095d1d 70343->70344 70372 14009be1c 70344->70372 70347 14008b370 70348 14008b393 70347->70348 70352 14008b3e0 70347->70352 70350 14008c8e0 41 API calls 70348->70350 70349 14008c8e0 41 API calls 70349->70352 70351 14008b398 70350->70351 70351->70352 70353 14008c8e0 41 API calls 70351->70353 70352->70349 70364 14008b433 70352->70364 70354 14008b3a7 70353->70354 70355 14008b3bd 70354->70355 70356 14008c8e0 41 API calls 70354->70356 70357 1400adf40 _Strxfrm 4 API calls 70355->70357 70358 14008b3b6 70356->70358 70359 14008b3da 70357->70359 70358->70352 70358->70355 70359->70283 70360 14008b538 70361 1400adf40 _Strxfrm 4 API calls 70360->70361 70362 14008b68b 70361->70362 70362->70283 70363 14008c8e0 41 API calls 70363->70364 70364->70360 70364->70363 70366 1400798f7 70365->70366 70367 1400798ce 70365->70367 70366->70286 70367->70366 70377 14002ed90 41 API calls 70367->70377 70369 14007992e 70370 1400b1108 Concurrency::cancel_current_task 2 API calls 70369->70370 70371 14007993f 70370->70371 70373 14009be31 70372->70373 70374 14008cdda 70372->70374 70373->70374 70376 1400a5070 38 API calls 3 library calls 70373->70376 70374->70347 70376->70374 70377->70369 70379 14008e49e 70378->70379 70380 140066f80 43 API calls 70379->70380 70381 14008f06f 70380->70381 70382 14006a660 43 API calls 70381->70382 70383 14008f095 70382->70383 70384 140067500 43 API calls 70383->70384 70385 14008f0a5 70384->70385 70386 14008f0b0 70385->70386 70387 14008f118 70385->70387 70519 140030ca0 70386->70519 70524 140065ff0 39 API calls 70387->70524 70389 14008f124 70390 1400b1108 Concurrency::cancel_current_task 2 API calls 70389->70390 70392 14008f134 70390->70392 70525 140065ff0 39 API calls 70392->70525 70394 14008f141 70395 1400b1108 Concurrency::cancel_current_task 2 API calls 70394->70395 70396 14008f151 70395->70396 70526 140065ff0 39 API calls 70396->70526 70398 14008f0c4 70402 1400adf40 _Strxfrm 4 API calls 70398->70402 70399 14008f15e 70400 1400b1108 Concurrency::cancel_current_task 2 API calls 70399->70400 70401 14008f16e 70400->70401 70527 14006c3d0 39 API calls 70401->70527 70404 14008ae30 70402->70404 70404->70293 70405 14008f17b 70406 1400b1108 Concurrency::cancel_current_task 2 API calls 70405->70406 70407 14008f18b 70406->70407 70528 140065ff0 39 API calls 70407->70528 70409 14008f198 70410 1400b1108 Concurrency::cancel_current_task 2 API calls 70409->70410 70411 14008f1a8 70410->70411 70529 140065ff0 39 API calls 70411->70529 70413 14008f1b5 70414 1400b1108 Concurrency::cancel_current_task 2 API calls 70413->70414 70415 14008f1c5 70414->70415 70530 140065ff0 39 API calls 70415->70530 70417 14008f1d2 70418 1400b1108 Concurrency::cancel_current_task 2 API calls 70417->70418 70419 14008f1e2 70418->70419 70531 140065ff0 39 API calls 70419->70531 70421 14008f1ef 70422 1400b1108 Concurrency::cancel_current_task 2 API calls 70421->70422 70423 14008f1ff 70422->70423 70532 140065ff0 39 API calls 70423->70532 70425 14008f20c 70426 1400b1108 Concurrency::cancel_current_task 2 API calls 70425->70426 70427 14008f21c 70426->70427 70533 140065ff0 39 API calls 70427->70533 70429 14008f229 70430 1400b1108 Concurrency::cancel_current_task 2 API calls 70429->70430 70431 14008f239 70430->70431 70534 140065ff0 39 API calls 70431->70534 70433 14008f246 70434 1400b1108 Concurrency::cancel_current_task 2 API calls 70433->70434 70435 14008f256 70434->70435 70436->70295 70437->70298 70441 140066fcc 70438->70441 70439 14006705d _Receive_impl 70440 140067500 43 API calls 70439->70440 70445 1400671e3 _Receive_impl 70439->70445 70443 140067129 70440->70443 70441->70439 70535 140047940 41 API calls 4 library calls 70441->70535 70443->70445 70536 140047940 41 API calls 4 library calls 70443->70536 70445->70320 70447 14006a6bf 70446->70447 70537 14005b690 13 API calls 2 library calls 70447->70537 70449 14006a6d6 70538 1400309d0 70449->70538 70451 14006a70e _Receive_impl 70457 14006a94f 70451->70457 70550 1400afe88 70451->70550 70454 14006a913 _Receive_impl 70455 1400adf40 _Strxfrm 4 API calls 70454->70455 70456 14006a938 70455->70456 70456->70325 70458 140066f80 43 API calls 70457->70458 70459 14006b5bf 70458->70459 70460 14006a660 43 API calls 70459->70460 70461 14006b5e5 70460->70461 70462 140067500 43 API calls 70461->70462 70463 14006b5f5 70462->70463 70464 14006b668 70463->70464 70465 14006b600 70463->70465 70556 140065ff0 39 API calls 70464->70556 70468 140030ca0 9 API calls 70465->70468 70467 14006b674 70469 1400b1108 Concurrency::cancel_current_task 2 API calls 70467->70469 70477 14006b614 70468->70477 70470 14006b684 70469->70470 70557 140065ff0 39 API calls 70470->70557 70472 14006b691 70473 1400b1108 Concurrency::cancel_current_task 2 API calls 70472->70473 70474 14006b6a1 70473->70474 70558 140065ff0 39 API calls 70474->70558 70476 14006b6ae 70478 1400b1108 Concurrency::cancel_current_task 2 API calls 70476->70478 70481 1400adf40 _Strxfrm 4 API calls 70477->70481 70479 14006b6be 70478->70479 70559 14006c3d0 39 API calls 70479->70559 70483 14006b649 70481->70483 70482 14006b6cb 70484 1400b1108 Concurrency::cancel_current_task 2 API calls 70482->70484 70483->70325 70485 14006b6db 70484->70485 70560 140065ff0 39 API calls 70485->70560 70487 14006b6e8 70488 1400b1108 Concurrency::cancel_current_task 2 API calls 70487->70488 70489 14006b6f8 70488->70489 70561 140065ff0 39 API calls 70489->70561 70491 14006b705 70492 1400b1108 Concurrency::cancel_current_task 2 API calls 70491->70492 70493 14006b715 70492->70493 70562 140065ff0 39 API calls 70493->70562 70495 14006b722 70496 1400b1108 Concurrency::cancel_current_task 2 API calls 70495->70496 70497 14006b732 70496->70497 70563 140065ff0 39 API calls 70497->70563 70499 14006b73f 70500 1400b1108 Concurrency::cancel_current_task 2 API calls 70499->70500 70501 14006b74f 70500->70501 70564 140065ff0 39 API calls 70501->70564 70503 14006b75c 70504 140065ff0 39 API calls 70503->70504 70505 1400b1108 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 70503->70505 70504->70503 70505->70503 70507 1400675f7 70506->70507 70512 140067556 70506->70512 70508 1400adf40 _Strxfrm 4 API calls 70507->70508 70509 140067607 70508->70509 70509->70311 70509->70333 70512->70507 70568 14005b150 40 API calls 70512->70568 70569 140047940 41 API calls 4 library calls 70512->70569 70514 14008ac95 70513->70514 70515 1400aff27 70513->70515 70514->70337 70570 140090d60 9 API calls 3 library calls 70515->70570 70517->70319 70518->70324 70520 1400aff18 __std_exception_destroy 9 API calls 70519->70520 70521 140030cce 70520->70521 70522 1400aff18 __std_exception_destroy 9 API calls 70521->70522 70523 140030cdb 70522->70523 70523->70398 70524->70389 70525->70394 70526->70399 70527->70405 70528->70409 70529->70413 70530->70417 70531->70421 70532->70425 70533->70429 70534->70433 70535->70439 70536->70445 70537->70449 70539 140030a0b 70538->70539 70541 140030b40 70539->70541 70565 140047940 41 API calls 4 library calls 70539->70565 70542 140030be3 _Receive_impl 70541->70542 70544 140030c1c 70541->70544 70543 1400adf40 _Strxfrm 4 API calls 70542->70543 70545 140030c08 70543->70545 70546 1400aff18 __std_exception_destroy 9 API calls 70544->70546 70545->70451 70547 140030c65 70546->70547 70548 1400aff18 __std_exception_destroy 9 API calls 70547->70548 70549 140030c72 _Receive_impl 70548->70549 70549->70451 70551 1400afea9 70550->70551 70555 14006a8bf 70550->70555 70552 1400afede 70551->70552 70551->70555 70566 140098c80 38 API calls 2 library calls 70551->70566 70567 140090d60 9 API calls 3 library calls 70552->70567 70555->70454 70555->70457 70556->70467 70557->70472 70558->70476 70559->70482 70560->70487 70561->70491 70562->70495 70563->70499 70564->70503 70565->70541 70566->70552 70567->70555 70568->70512 70569->70512 70570->70514 70571->69892 70573 140046837 70572->70573 70574 1400309d0 41 API calls 70573->70574 70576 140046873 _Receive_impl 70574->70576 70575 1400afe88 __std_exception_copy 39 API calls 70577 1400469c2 _Receive_impl 70575->70577 70576->70575 70578 140046a42 70576->70578 70577->70578 70579 1400adf40 _Strxfrm 4 API calls 70577->70579 70580 140046a34 70579->70580 70580->69889 70581->69897 70582->69899 70583->69901 70585->69918 70586 140063210 70587 1400308d0 44 API calls 70586->70587 70588 140063270 70587->70588 70589 1400308d0 44 API calls 70588->70589 70590 140063b00 70589->70590 70601 140063f1c _Receive_impl 70590->70601 70647 14002f540 70590->70647 70592 1400adf40 _Strxfrm 4 API calls 70594 140063f47 70592->70594 70600 140063c13 70600->70601 70602 140063f63 70600->70602 70601->70592 70603 1400467e0 41 API calls 70602->70603 70604 140063fa1 70603->70604 70605 1400b1108 Concurrency::cancel_current_task 2 API calls 70604->70605 70606 140063fb4 70605->70606 70673 140030090 70606->70673 70608 140063fc4 70609 140030090 41 API calls 70608->70609 70610 140063fd6 70609->70610 70611 140030090 41 API calls 70610->70611 70612 140063fe6 70611->70612 70613 140030090 41 API calls 70612->70613 70614 14006400e 70613->70614 70615 14002ef40 RtlPcToFileHeader RaiseException 70614->70615 70616 140064020 70615->70616 70617 140030090 41 API calls 70616->70617 70618 140064036 70617->70618 70619 14002ef40 RtlPcToFileHeader RaiseException 70618->70619 70620 140064048 70619->70620 70621 14002f540 41 API calls 70620->70621 70622 14006409a 70621->70622 70623 14002f3d0 41 API calls 70622->70623 70624 1400640ab 70623->70624 70625 14002f840 41 API calls 70624->70625 70626 1400645a5 70625->70626 70627 140037170 41 API calls 70626->70627 70628 1400647ae 70627->70628 70629 14007a8f0 104 API calls 70628->70629 70630 1400647e0 70629->70630 70631 140042210 66 API calls 70630->70631 70632 140064aad 70631->70632 70633 140046470 41 API calls 70632->70633 70634 140064ae9 70633->70634 70635 140030830 47 API calls 70634->70635 70643 1400654d9 70634->70643 70636 140064b05 70635->70636 70637 1400655f6 70636->70637 70636->70643 70638 14002ef40 RtlPcToFileHeader RaiseException 70637->70638 70639 1400655fb 70638->70639 70640 140030100 41 API calls 70639->70640 70641 140065618 70640->70641 70642 140030090 41 API calls 70641->70642 70645 14006562f 70642->70645 70644 1400adf40 _Strxfrm IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 70643->70644 70646 1400655c7 70644->70646 70648 14002f560 70647->70648 70679 140036ef0 70648->70679 70650 14002f5ea 70651 14002f3d0 70650->70651 70652 14002f400 70651->70652 70694 1400bb41c 70652->70694 70654 14002f497 70662 140066030 70654->70662 70655 14002f40c __std_fs_convert_wide_to_narrow 70655->70654 70656 14002f4e4 70655->70656 70697 140041d90 70655->70697 70704 14002f010 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 70656->70704 70660 14002f470 __std_fs_convert_wide_to_narrow 70660->70654 70703 14002f010 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 70660->70703 70663 140066056 70662->70663 70724 140067620 70663->70724 70665 140063b59 70666 14007b1f0 70665->70666 70730 14007a8f0 70666->70730 70670 14007b24a 70671 1400adf40 _Strxfrm 4 API calls 70670->70671 70672 14007b2cd 70671->70672 70672->70600 70674 1400300a9 70673->70674 71042 14002fa40 41 API calls _Receive_impl 70674->71042 70676 1400300e0 70677 1400b1108 Concurrency::cancel_current_task 2 API calls 70676->70677 70678 1400300f1 70677->70678 70680 140037011 70679->70680 70684 140036f16 70679->70684 70693 14002d970 41 API calls 70680->70693 70681 140036f29 ctype 70681->70650 70683 140036f63 70685 14003700c 70683->70685 70688 140036faa 70683->70688 70684->70681 70684->70683 70684->70685 70687 140036fc5 70684->70687 70692 14002d8b0 41 API calls 2 library calls 70685->70692 70690 1400ae200 std::_Facet_Register 41 API calls 70687->70690 70691 140036fb2 ctype 70687->70691 70689 1400ae200 std::_Facet_Register 41 API calls 70688->70689 70689->70691 70690->70691 70691->70650 70692->70680 70705 1400a5e00 70694->70705 70696 1400bb425 __std_fs_code_page 70696->70655 70698 140041da5 70697->70698 70699 140041dbb 70697->70699 70698->70660 70702 140041dd5 memcpy_s 70699->70702 70710 140047ab0 70699->70710 70701 140041e21 70701->70660 70702->70660 70706 140099b94 _Getctype 38 API calls 70705->70706 70707 1400a5e09 70706->70707 70708 14009be1c _Getctype 38 API calls 70707->70708 70709 1400a5e22 70708->70709 70709->70696 70711 140047c42 70710->70711 70712 140047ade 70710->70712 70722 14002d970 41 API calls 70711->70722 70715 140047b48 70712->70715 70716 140047b74 70712->70716 70714 140047c47 70723 14002d8b0 41 API calls 2 library calls 70714->70723 70715->70714 70717 140047b55 70715->70717 70718 1400ae200 std::_Facet_Register 41 API calls 70716->70718 70721 140047b5d memcpy_s ctype _Receive_impl 70716->70721 70720 1400ae200 std::_Facet_Register 41 API calls 70717->70720 70718->70721 70720->70721 70721->70701 70723->70721 70725 1400676e5 70724->70725 70728 140067650 ctype 70724->70728 70729 14006b7f0 41 API calls 4 library calls 70725->70729 70727 1400676fa 70727->70665 70728->70665 70729->70727 70731 1400308d0 44 API calls 70730->70731 70732 14007a941 70731->70732 70733 14007b02e 70732->70733 70737 14007a97d memcpy_s 70732->70737 70734 14007b06c 70733->70734 70786 14007afde 70733->70786 70829 140030100 41 API calls Concurrency::cancel_current_task 70734->70829 70736 1400adf40 _Strxfrm 4 API calls 70738 14007b050 70736->70738 70739 140089550 78 API calls 70737->70739 70737->70786 70738->70670 70787 1400443f0 70738->70787 70740 14007a9a8 70739->70740 70741 14007a9e4 70740->70741 70742 14007ae29 70740->70742 70822 140085720 24 API calls 2 library calls 70741->70822 70792 140056b90 70742->70792 70748 14007b082 70830 14002ed90 41 API calls 70748->70830 70749 14007a9f6 70823 140085920 50 API calls 7 library calls 70749->70823 70750 14007ae57 70758 140056b90 64 API calls 70750->70758 70753 14007aa07 70755 14007ab0a GetFileSize 70753->70755 70756 14007aa1a 70753->70756 70754 14007b0ae 70757 1400b1108 Concurrency::cancel_current_task 2 API calls 70754->70757 70761 14007ab4b 70755->70761 70765 14007ab26 memcpy_s 70755->70765 70756->70748 70759 14007aa61 _Receive_impl 70756->70759 70769 14007b0bf 70757->70769 70760 14007ae90 70758->70760 70824 1400539a0 40 API calls 70759->70824 70811 1400896f0 70760->70811 70761->70765 70766 140047ab0 41 API calls 70761->70766 70764 14007abb0 SetFilePointer 70767 14007abf7 _fread_nolock 70764->70767 70765->70764 70766->70764 70779 14007ad2b 70767->70779 70781 14007abff 70767->70781 70831 14002ed90 41 API calls 70769->70831 70770 14007af18 70827 140054200 40 API calls 70770->70827 70772 14007af21 70772->70769 70774 14007af53 70772->70774 70828 1400539a0 40 API calls 70774->70828 70776 14007ad80 _Receive_impl 70826 1400539a0 40 API calls 70776->70826 70777 14007ac82 _Receive_impl 70825 1400539a0 40 API calls 70777->70825 70778 14007b104 70783 1400b1108 Concurrency::cancel_current_task 2 API calls 70778->70783 70779->70748 70779->70776 70781->70748 70781->70777 70785 14007b115 70783->70785 70784 14007aab9 70784->70786 70786->70736 70788 140041d90 41 API calls 70787->70788 70789 14004445a 70788->70789 70790 140041d90 41 API calls 70789->70790 70791 14004456d 70790->70791 70791->70670 70793 140056bed 70792->70793 70795 140056cd2 70792->70795 70832 140057410 70793->70832 70880 14002ed90 41 API calls 70795->70880 70796 140056c12 70801 140056c49 70796->70801 70870 140052f80 70796->70870 70798 140056c9f 70807 140056ab0 70798->70807 70799 140056d14 70800 1400b1108 Concurrency::cancel_current_task 2 API calls 70799->70800 70800->70801 70801->70798 70881 14002ed90 41 API calls 70801->70881 70803 140056d6d 70804 1400b1108 Concurrency::cancel_current_task 2 API calls 70803->70804 70805 140056d81 70804->70805 70809 140056ae0 70807->70809 70808 140057410 64 API calls 70810 140056aef 70808->70810 70809->70808 70810->70750 70812 140089748 70811->70812 70813 140089766 70811->70813 70812->70813 70821 140053360 41 API calls 70812->70821 70815 140089826 70813->70815 71024 14008f370 70813->71024 70817 140089831 _Receive_impl 70815->70817 71035 1400436e0 41 API calls Concurrency::cancel_current_task 70815->71035 70818 1400adf40 _Strxfrm 4 API calls 70817->70818 70820 1400898f5 70817->70820 70819 14007aef3 70818->70819 70819->70748 70819->70770 70821->70813 70822->70749 70823->70753 70824->70784 70825->70784 70826->70784 70827->70772 70828->70786 70830->70754 70831->70778 70833 140057450 70832->70833 70837 14005742d 70832->70837 70835 14005745e 70833->70835 70882 140048e80 70833->70882 70834 14005744a 70834->70796 70835->70796 70837->70834 70906 14002ed90 41 API calls 70837->70906 70839 1400574b3 70840 1400b1108 Concurrency::cancel_current_task 2 API calls 70839->70840 70845 1400574c4 _Receive_impl 70840->70845 70841 140057625 70841->70796 70843 14005780d 70909 140056580 64 API calls 7 library calls 70843->70909 70845->70841 70907 140056580 64 API calls 7 library calls 70845->70907 70847 1400577da 70847->70843 70849 1400578b6 70847->70849 70908 14004d420 41 API calls _Strxfrm 70847->70908 70848 14005782c 70910 14004d420 41 API calls _Strxfrm 70848->70910 70851 1400578e1 70849->70851 70913 140056400 41 API calls 2 library calls 70849->70913 70860 14005790a _Receive_impl 70851->70860 70914 140055f90 64 API calls 2 library calls 70851->70914 70854 140057845 70855 140057883 70854->70855 70854->70860 70862 1400578b0 70854->70862 70911 140056400 41 API calls 2 library calls 70854->70911 70855->70862 70912 140055f90 64 API calls 2 library calls 70855->70912 70856 140057a0a 70859 140057a42 70856->70859 70916 140056400 41 API calls 2 library calls 70856->70916 70859->70860 70917 140055f90 64 API calls 2 library calls 70859->70917 70861 1400adf40 _Strxfrm 4 API calls 70860->70861 70865 140057b43 70860->70865 70864 140057b28 70861->70864 70862->70856 70862->70860 70867 14004d420 41 API calls 70862->70867 70868 140056400 41 API calls 70862->70868 70915 140055f90 64 API calls 2 library calls 70862->70915 70864->70796 70867->70862 70868->70862 70871 140052fb3 70870->70871 70879 14005300b 70871->70879 70923 140054010 70871->70923 70873 1400adf40 _Strxfrm 4 API calls 70875 140053079 70873->70875 70874 140052fd6 70876 140052ff6 70874->70876 70874->70879 70933 14009149c 70874->70933 70875->70801 70876->70879 70941 140090ab4 70876->70941 70879->70873 70880->70799 70881->70803 70883 140048ebe 70882->70883 70884 140048f3e 70882->70884 70918 140048980 41 API calls 70883->70918 70886 1400adf40 _Strxfrm 4 API calls 70884->70886 70888 140048f6b 70886->70888 70887 140048ecb 70889 140048f2b 70887->70889 70891 140048f80 70887->70891 70888->70835 70889->70884 70919 140049960 41 API calls 2 library calls 70889->70919 70920 14002ed90 41 API calls 70891->70920 70893 140048fc2 70894 1400b1108 Concurrency::cancel_current_task 2 API calls 70893->70894 70895 140048fd3 70894->70895 70896 140048e80 41 API calls 70895->70896 70897 14004902b 70895->70897 70896->70897 70898 140049130 70897->70898 70899 1400490f2 70897->70899 70922 14002ed90 41 API calls 70898->70922 70901 140049103 70899->70901 70921 140049960 41 API calls 2 library calls 70899->70921 70901->70835 70903 140049172 70904 1400b1108 Concurrency::cancel_current_task 2 API calls 70903->70904 70905 140049183 70904->70905 70905->70835 70906->70839 70907->70847 70908->70847 70909->70848 70910->70854 70911->70855 70912->70862 70913->70851 70914->70860 70915->70862 70916->70859 70917->70860 70918->70887 70919->70884 70920->70893 70921->70901 70922->70903 70924 1400540e2 70923->70924 70925 140054033 70923->70925 70926 1400adf40 _Strxfrm 4 API calls 70924->70926 70925->70924 70930 14005403d 70925->70930 70927 1400540f1 70926->70927 70927->70874 70928 1400adf40 _Strxfrm 4 API calls 70929 14005409e 70928->70929 70929->70874 70931 140054081 70930->70931 70950 140090a10 39 API calls _invalid_parameter_noinfo 70930->70950 70931->70928 70934 1400914cc 70933->70934 70951 14009124c 70934->70951 70936 1400914e5 70937 14009150a 70936->70937 70960 14008f918 38 API calls 3 library calls 70936->70960 70939 14009151f 70937->70939 70961 14008f918 38 API calls 3 library calls 70937->70961 70939->70876 70942 140090add 70941->70942 70943 140090ac8 70941->70943 70942->70943 70945 140090ae2 70942->70945 70997 140095e1c 8 API calls _set_errno_from_matherr 70943->70997 70989 14009e8e4 70945->70989 70946 140090acd 70998 140091958 38 API calls _invalid_parameter_noinfo 70946->70998 70949 140090ad8 70949->70879 70950->70931 70952 1400912b6 70951->70952 70953 140091276 70951->70953 70952->70953 70955 1400912bb 70952->70955 70968 140091888 38 API calls _invalid_parameter_noinfo 70953->70968 70956 14009069c _fread_nolock EnterCriticalSection 70955->70956 70957 1400912c0 70956->70957 70962 1400913c4 70957->70962 70959 14009129d 70959->70936 70960->70937 70961->70939 70963 140091403 70962->70963 70967 1400913ee 70962->70967 70969 1400912e0 70963->70969 70965 14009140d 70965->70967 70973 14008ffe0 70965->70973 70967->70959 70968->70959 70970 140091360 70969->70970 70971 1400912fa 70969->70971 70970->70965 70971->70970 70979 14009f680 38 API calls 2 library calls 70971->70979 70974 140090005 70973->70974 70978 140090036 70973->70978 70974->70978 70980 1400995bc 70974->70980 70978->70967 70979->70970 70981 140090026 70980->70981 70982 1400995c5 70980->70982 70986 14009cad4 38 API calls 2 library calls 70981->70986 70987 140095e1c 8 API calls _set_errno_from_matherr 70982->70987 70984 1400995ca 70988 140091958 38 API calls _invalid_parameter_noinfo 70984->70988 70986->70978 70987->70984 70988->70981 70990 14009e914 70989->70990 70999 14009e3f8 70990->70999 70992 14009e92d 70994 14009e953 70992->70994 71007 14008f918 38 API calls 3 library calls 70992->71007 70995 14009e968 70994->70995 71008 14008f918 38 API calls 3 library calls 70994->71008 70995->70949 70997->70946 70998->70949 71000 14009e442 70999->71000 71001 14009e413 70999->71001 71003 14009069c _fread_nolock EnterCriticalSection 71000->71003 71020 140091888 38 API calls _invalid_parameter_noinfo 71001->71020 71005 14009e447 71003->71005 71004 14009e433 71004->70992 71009 14009e464 71005->71009 71007->70994 71008->70995 71010 14009e47f 71009->71010 71011 14009e4a8 71009->71011 71021 140091888 38 API calls _invalid_parameter_noinfo 71010->71021 71012 1400995bc _fread_nolock 38 API calls 71011->71012 71014 14009e4ad 71012->71014 71015 14009e528 71014->71015 71016 14009e538 71014->71016 71017 14009e49f 71014->71017 71022 14009e708 38 API calls 2 library calls 71015->71022 71016->71017 71023 14009e5b0 38 API calls _fread_nolock 71016->71023 71017->71004 71020->71004 71021->71017 71022->71017 71023->71017 71036 14008f2a0 71024->71036 71026 14008f57d 71026->70815 71028 14008f5b6 71041 14002d8b0 41 API calls 2 library calls 71028->71041 71030 14008f2a0 41 API calls 71033 14008f3ae ctype _Receive_impl 71030->71033 71031 14008f5bc 71032 1400ae200 41 API calls std::_Facet_Register 71032->71033 71033->71026 71033->71028 71033->71030 71033->71032 71034 14008f5ab 71033->71034 71040 14002d970 41 API calls 71034->71040 71037 14008f2d3 71036->71037 71038 14008f2b6 71036->71038 71037->71033 71038->71037 71039 140053360 41 API calls 71038->71039 71039->71037 71041->71031 71042->70676 71043 14008e9a6 71044 14008b370 41 API calls 71043->71044 71045 14008e9ae 71044->71045 71046 140088ae7 71047 140088af1 71046->71047 71052 140088f60 71047->71052 71049 140088b00 71050 1400adf40 _Strxfrm 4 API calls 71049->71050 71051 140088e0b 71050->71051 71055 140088f9f 71052->71055 71058 1400891a3 71052->71058 71053 14008921f 71068 14005b1b0 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind _Strxfrm 71053->71068 71055->71053 71061 14008919e 71055->71061 71067 14005b150 40 API calls 71055->71067 71057 140089240 71059 140089269 71057->71059 71060 1400467e0 41 API calls 71057->71060 71058->71049 71062 1400b1108 Concurrency::cancel_current_task 2 API calls 71059->71062 71060->71059 71061->71058 71063 1400467e0 41 API calls 71061->71063 71062->71061 71064 1400892b4 71063->71064 71065 1400b1108 Concurrency::cancel_current_task 2 API calls 71064->71065 71066 1400892c5 71065->71066 71066->71049 71067->71055 71068->71057 71069 140043251 71070 1400435ad 71069->71070 71071 140043264 71069->71071 71089 140040ad0 41 API calls _Receive_impl 71070->71089 71083 140043ca0 71071->71083 71074 1400435b8 71085 140043cd4 71083->71085 71088 140043d31 71083->71088 71090 140047f50 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind _Strxfrm 71085->71090 71087 140043d57 71091 14002d8b0 41 API calls 2 library calls 71088->71091 71089->71074 71090->71088 71091->71087 71092 140098e40 71093 140098e71 71092->71093 71094 140098e56 71092->71094 71093->71094 71095 140098e8a 71093->71095 71123 140095e1c 8 API calls _set_errno_from_matherr 71094->71123 71097 140098e90 71095->71097 71101 140098ead 71095->71101 71125 140095e1c 8 API calls _set_errno_from_matherr 71097->71125 71098 140098e5b 71124 140091958 38 API calls _invalid_parameter_noinfo 71098->71124 71116 1400a2890 71101->71116 71106 140099125 71111 140098f6a 71115 140098e67 71111->71115 71145 1400a28d0 38 API calls _isindst 71111->71145 71112 140098f0a 71112->71115 71144 1400a28d0 38 API calls _isindst 71112->71144 71117 140098eb2 71116->71117 71118 1400a289e 71116->71118 71126 1400a19ac 71117->71126 71146 14009c064 EnterCriticalSection 71118->71146 71120 1400a28a6 71121 1400a2700 wcsftime 44 API calls 71120->71121 71122 1400a28b6 71120->71122 71121->71122 71123->71098 71124->71115 71125->71115 71127 140098ec7 71126->71127 71128 1400a19b5 71126->71128 71127->71106 71132 1400a19dc 71127->71132 71147 140095e1c 8 API calls _set_errno_from_matherr 71128->71147 71130 1400a19ba 71148 140091958 38 API calls _invalid_parameter_noinfo 71130->71148 71133 140098ed8 71132->71133 71134 1400a19e5 71132->71134 71133->71106 71138 1400a1a0c 71133->71138 71149 140095e1c 8 API calls _set_errno_from_matherr 71134->71149 71136 1400a19ea 71150 140091958 38 API calls _invalid_parameter_noinfo 71136->71150 71139 140098ee9 71138->71139 71140 1400a1a15 71138->71140 71139->71106 71139->71111 71139->71112 71151 140095e1c 8 API calls _set_errno_from_matherr 71140->71151 71142 1400a1a1a 71152 140091958 38 API calls _invalid_parameter_noinfo 71142->71152 71144->71115 71145->71115 71147->71130 71148->71127 71149->71136 71150->71133 71151->71142 71152->71139 71153 1400a42dd 71154 1400ab1c0 __std_fs_directory_iterator_open 38 API calls 71153->71154 71155 1400a42e2 71154->71155 71156 1400a4309 GetModuleHandleW 71155->71156 71157 1400a4353 71155->71157 71156->71157 71163 1400a4316 71156->71163 71165 1400a41e0 71157->71165 71160 1400a4396 71163->71157 71178 1400a4410 GetModuleHandleExW 71163->71178 71180 14009c064 EnterCriticalSection 71165->71180 71167 1400a41fc 71168 1400a4218 8 API calls 71167->71168 71169 1400a4205 71168->71169 71170 14009c0b8 _isindst LeaveCriticalSection 71169->71170 71171 1400a420d 71170->71171 71171->71160 71172 1400a43ac 71171->71172 71173 1400a43b9 71172->71173 71174 1400a43bd GetCurrentProcess TerminateProcess 71173->71174 71175 1400a43ce 71173->71175 71174->71175 71176 1400a4410 GetModuleHandleExW 71175->71176 71177 1400a43d5 ExitProcess 71176->71177 71179 1400a4444 __crtLCMapStringW 71178->71179 71179->71157 71181 140078020 71253 14007b120 GetCurrentProcess OpenProcessToken 71181->71253 71184 140078085 71258 1400878b0 GetCurrentProcess OpenProcessToken 71184->71258 71185 14007805b 71429 14007b510 42 API calls 2 library calls 71185->71429 71189 140078065 71430 140086460 93 API calls _Strxfrm 71189->71430 71190 1400878b0 8 API calls 71193 14007809d 71190->71193 71192 14007806e 71195 140078079 ExitProcess 71192->71195 71264 140083a60 71193->71264 71195->71184 71198 140078131 _Receive_impl 71199 14007816f OpenMutexA 71198->71199 71210 140078469 71198->71210 71200 1400781ae ExitProcess 71199->71200 71201 1400781ba CreateMutexA 71199->71201 71200->71201 71413 1400726b0 71201->71413 71203 1400781f3 71204 14007b650 54 API calls 71203->71204 71205 1400781f8 71204->71205 71206 140078208 71205->71206 71207 1400781fc ExitProcess 71205->71207 71208 14003d930 42 API calls 71206->71208 71207->71206 71209 140078213 71208->71209 71211 14003e9c0 69 API calls 71209->71211 71212 140078223 71211->71212 71213 14003f060 69 API calls 71212->71213 71214 140078228 71213->71214 71215 14003fe70 69 API calls 71214->71215 71216 14007822d 71215->71216 71217 14003cde0 43 API calls 71216->71217 71218 140078232 71217->71218 71219 140062c50 47 API calls 71218->71219 71220 140078237 71219->71220 71221 140065930 47 API calls 71220->71221 71222 14007823c 71221->71222 71223 140033180 108 API calls 71222->71223 71224 140078241 71223->71224 71225 14003b1e0 109 API calls 71224->71225 71226 140078247 71225->71226 71227 140078e30 77 API calls 71226->71227 71228 14007825c 71227->71228 71229 14003c300 107 API calls 71228->71229 71230 140078261 71229->71230 71231 140037d70 104 API calls 71230->71231 71232 140078266 71231->71232 71233 140082d90 42 API calls 71232->71233 71234 140078278 71233->71234 71236 140037350 107 API calls 71234->71236 71237 1400782a6 _Receive_impl 71234->71237 71235 14007a7a0 43 API calls 71238 14007833a 71235->71238 71236->71234 71237->71210 71237->71235 71239 140037350 107 API calls 71238->71239 71240 140078350 _Receive_impl 71239->71240 71240->71210 71241 140080480 50 API calls 71240->71241 71242 1400783b2 71241->71242 71243 140077630 93 API calls 71242->71243 71244 1400783bf 71243->71244 71245 1400783d6 _invalid_parameter_noinfo 71244->71245 71246 1400783c4 ReleaseMutex 71244->71246 71247 1400783e5 _Receive_impl 71245->71247 71248 1400783df 71245->71248 71246->71245 71247->71210 71250 1400adf40 _Strxfrm IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 71247->71250 71249 140078490 43 API calls 71248->71249 71251 1400783e4 71249->71251 71252 14007844f 71250->71252 71251->71247 71254 14007b1ae 71253->71254 71255 14007b176 GetTokenInformation 71253->71255 71256 1400adf40 _Strxfrm 4 API calls 71254->71256 71255->71254 71257 140078057 71256->71257 71257->71184 71257->71185 71259 140087915 LookupPrivilegeValueW 71258->71259 71260 140087933 71258->71260 71259->71260 71261 14008793b AdjustTokenPrivileges 71259->71261 71262 1400adf40 _Strxfrm 4 API calls 71260->71262 71261->71260 71263 140078091 71262->71263 71263->71190 71431 140082610 GetCurrentHwProfileW 71264->71431 71268 140083b69 71269 140083bb3 71268->71269 71579 14008fbe8 40 API calls 71268->71579 71453 140089400 71269->71453 71272 140083bc3 71277 140083c3e ctype _Receive_impl 71272->71277 71278 140083c14 71272->71278 71580 140098980 39 API calls _Getctype 71272->71580 71274 140083d15 _Receive_impl 71276 1400adf40 _Strxfrm 4 API calls 71274->71276 71279 1400780a7 71276->71279 71277->71274 71280 140083d5b 71277->71280 71278->71277 71581 140098980 39 API calls _Getctype 71278->71581 71409 140078c00 71279->71409 71465 140081f50 71280->71465 71291 140083a60 142 API calls 71292 140083e00 71291->71292 71507 1400819d0 71292->71507 71294 140083e0d 71511 140054650 71294->71511 71296 140083e3a 71519 140040f20 71296->71519 71298 140083e93 71299 140040f20 41 API calls 71298->71299 71300 140083ee3 71299->71300 71301 140054650 41 API calls 71300->71301 71302 140083f45 71301->71302 71303 140040f20 41 API calls 71302->71303 71304 140083fa3 71303->71304 71305 140040f20 41 API calls 71304->71305 71306 140083ff3 71305->71306 71307 140054650 41 API calls 71306->71307 71308 14008405b 71307->71308 71309 140040f20 41 API calls 71308->71309 71310 1400840b9 71309->71310 71311 140040f20 41 API calls 71310->71311 71312 140084109 71311->71312 71313 140054650 41 API calls 71312->71313 71314 14008415e 71313->71314 71315 140040f20 41 API calls 71314->71315 71316 1400841a5 71315->71316 71317 140040f20 41 API calls 71316->71317 71318 1400841e1 71317->71318 71319 14008420b GlobalMemoryStatusEx 71318->71319 71320 14008423b 71319->71320 71321 140040f20 41 API calls 71320->71321 71322 1400842e6 71321->71322 71323 140040f20 41 API calls 71322->71323 71324 140084336 71323->71324 71325 140054650 41 API calls 71324->71325 71326 14008438c 71325->71326 71327 140040f20 41 API calls 71326->71327 71328 1400843e8 71327->71328 71329 140040f20 41 API calls 71328->71329 71330 14008443a 71329->71330 71331 140054650 41 API calls 71330->71331 71332 14008448c 71331->71332 71333 140040f20 41 API calls 71332->71333 71334 1400844eb 71333->71334 71335 140040f20 41 API calls 71334->71335 71336 1400845ba 71335->71336 71533 140081580 12 API calls 71336->71533 71339 1400443f0 41 API calls 71340 14008461a 71339->71340 71557 1400446c0 71340->71557 71342 140084635 71343 140040f20 41 API calls 71342->71343 71344 14008468e 71343->71344 71345 140040f20 41 API calls 71344->71345 71346 14008474a _Receive_impl 71345->71346 71355 1400856bd 71346->71355 71563 1400813b0 GetDesktopWindow GetWindowRect 71346->71563 71349 1400446c0 41 API calls 71350 140084855 71349->71350 71351 140040f20 41 API calls 71350->71351 71352 1400848ae 71351->71352 71353 140040f20 41 API calls 71352->71353 71354 1400849da _Receive_impl 71353->71354 71354->71355 71570 1400983e0 GetSystemTimeAsFileTime 71354->71570 71357 140084a72 71572 140099548 71357->71572 71359 140084aa4 71360 1400446c0 41 API calls 71359->71360 71361 140084b01 71360->71361 71362 140040f20 41 API calls 71361->71362 71363 140084b5a 71362->71363 71364 140040f20 41 API calls 71363->71364 71365 140084baa memcpy_s _Receive_impl 71364->71365 71365->71355 71366 140084c52 GetModuleFileNameA 71365->71366 71367 140084c80 71366->71367 71368 1400443f0 41 API calls 71367->71368 71369 140084cc1 71368->71369 71370 1400446c0 41 API calls 71369->71370 71371 140084cdd 71370->71371 71372 140040f20 41 API calls 71371->71372 71373 140084d36 71372->71373 71374 140040f20 41 API calls 71373->71374 71375 140084dfa _Receive_impl 71374->71375 71375->71355 71575 140083040 71375->71575 71410 140078c22 71409->71410 71410->71410 71411 140067620 41 API calls 71410->71411 71412 140078c36 71411->71412 71412->71198 71414 1400726e1 71413->71414 71813 140073580 41 API calls _Receive_impl 71414->71813 71416 140072dcc 71814 1400436e0 41 API calls Concurrency::cancel_current_task 71416->71814 71429->71189 71430->71192 71432 140082658 71431->71432 71434 1400826b8 71431->71434 71582 140073890 71432->71582 71435 1400adf40 _Strxfrm 4 API calls 71434->71435 71437 140082730 71435->71437 71439 140081ca0 71437->71439 71438 140082667 71438->71434 71591 14008fbe8 40 API calls 71438->71591 71593 14007b2e0 71439->71593 71441 140081ce8 GetVolumeInformationW 71443 140081d47 memcpy_s _Receive_impl 71441->71443 71444 140081e6c 71443->71444 71452 140081d96 71443->71452 71604 140074110 66 API calls 71443->71604 71445 1400adf40 _Strxfrm 4 API calls 71446 140081e53 71445->71446 71446->71268 71448 140081dd2 71605 140074250 65 API calls 2 library calls 71448->71605 71450 140081df9 71606 1400402f0 71450->71606 71452->71445 71456 140089449 71453->71456 71464 1400894c9 71453->71464 71455 140089548 71623 14002d8b0 41 API calls 2 library calls 71455->71623 71459 1400894ce ctype 71456->71459 71460 1400894dc 71456->71460 71461 1400894b4 71456->71461 71458 14008954e 71459->71272 71460->71459 71463 1400ae200 std::_Facet_Register 41 API calls 71460->71463 71461->71455 71462 1400ae200 std::_Facet_Register 41 API calls 71461->71462 71462->71464 71463->71459 71464->71459 71622 14002d970 41 API calls 71464->71622 71466 140081fa9 memcpy_s 71465->71466 71467 1400ae200 std::_Facet_Register 41 API calls 71466->71467 71468 14008200e 71467->71468 71624 140049a30 71468->71624 71470 14008204e _Receive_impl 71471 140082051 EnumDisplayDevicesW 71470->71471 71472 140073890 41 API calls 71470->71472 71477 14008222e 71470->71477 71634 140089c90 41 API calls 2 library calls 71470->71634 71471->71470 71473 1400820ec 71471->71473 71472->71470 71475 1400adf40 _Strxfrm 4 API calls 71473->71475 71476 14008220d 71475->71476 71478 140081e80 RegGetValueA 71476->71478 71479 140081efb 71478->71479 71480 1400adf40 _Strxfrm 4 API calls 71479->71480 71481 140081f3d 71480->71481 71482 140082240 71481->71482 71483 1400822c4 _Receive_impl 71482->71483 71488 1400825f8 71483->71488 71636 1400bcfa0 GetNativeSystemInfo 71483->71636 71485 1400823a8 71486 140067620 41 API calls 71485->71486 71487 14008243d _Receive_impl 71486->71487 71487->71488 71489 1400adf40 _Strxfrm 4 API calls 71487->71489 71490 1400825e0 71489->71490 71491 140081b60 71490->71491 71637 1400aef30 71491->71637 71494 140081baf 71495 140073890 41 API calls 71494->71495 71496 140081bbc 71495->71496 71497 1400adf40 _Strxfrm 4 API calls 71496->71497 71498 140081bee 71497->71498 71499 140081c00 71498->71499 71500 1400aef30 _Strxfrm 71499->71500 71501 140081c10 GetComputerNameW 71500->71501 71502 140081c5c 71501->71502 71503 140081c4f 71501->71503 71505 1400adf40 _Strxfrm 4 API calls 71502->71505 71504 140073890 41 API calls 71503->71504 71504->71502 71506 140081c8e 71505->71506 71506->71291 71508 140081ad0 71507->71508 71639 140080cc0 71508->71639 71510 140081af4 _Receive_impl 71510->71294 71512 140054683 71511->71512 71513 1400ae200 std::_Facet_Register 41 API calls 71512->71513 71514 140054698 71513->71514 71515 140041f40 41 API calls 71514->71515 71516 1400546b5 71515->71516 71517 1400adf40 _Strxfrm 4 API calls 71516->71517 71518 1400546ce 71517->71518 71518->71296 71520 140040f57 71519->71520 71521 140040f5f 71519->71521 71682 140046ba0 41 API calls 2 library calls 71520->71682 71526 140040ff4 71521->71526 71672 140046a60 71521->71672 71524 140040f7d 71525 140040fb0 _Receive_impl 71524->71525 71524->71526 71527 1400adf40 _Strxfrm 4 API calls 71525->71527 71528 1400467e0 41 API calls 71526->71528 71529 140040fdf 71527->71529 71530 140041029 71528->71530 71529->71298 71531 1400b1108 Concurrency::cancel_current_task 2 API calls 71530->71531 71532 14004103a 71531->71532 71534 1400816d0 SelectObject DeleteDC ReleaseDC DeleteObject 71533->71534 71535 140081738 71533->71535 71536 140081730 71534->71536 71684 14007a250 71535->71684 71540 1400adf40 _Strxfrm 4 API calls 71536->71540 71538 1400817e5 EnterCriticalSection LeaveCriticalSection 71692 14007a3e0 GetObjectW 71538->71692 71542 1400819a5 71540->71542 71542->71339 71545 140081878 71546 1400818c5 IStream_Read 71545->71546 71549 14008186a memcpy_s 71545->71549 71747 14008d290 41 API calls 5 library calls 71545->71747 71547 1400818da memcpy_s 71546->71547 71719 1400403d0 71547->71719 71549->71546 71553 14008191d SelectObject DeleteDC ReleaseDC DeleteObject 71554 1400402f0 41 API calls 71553->71554 71555 14008195a 71554->71555 71738 14007a330 71555->71738 71558 140044704 71557->71558 71559 1400ae200 std::_Facet_Register 41 API calls 71558->71559 71560 140044719 71559->71560 71561 1400adf40 _Strxfrm 4 API calls 71560->71561 71562 14004476d 71561->71562 71562->71342 71564 14008140a 71563->71564 71757 14008b150 71564->71757 71566 140081442 _Receive_impl 71567 1400adf40 _Strxfrm 4 API calls 71566->71567 71569 14008156c 71566->71569 71568 14008155b 71567->71568 71568->71349 71571 140098418 71570->71571 71571->71357 71771 1400993dc 71572->71771 71576 140083280 memcpy_s 71575->71576 71577 14008337f GetTimeZoneInformation 71576->71577 71578 1400797a0 71577->71578 71579->71268 71580->71272 71581->71278 71583 1400738de 71582->71583 71589 1400738bf _Receive_impl 71582->71589 71586 140036ef0 41 API calls 71583->71586 71584 1400adf40 _Strxfrm 4 API calls 71585 14007397e 71584->71585 71585->71438 71587 140073907 71586->71587 71592 1400739a0 41 API calls 2 library calls 71587->71592 71589->71584 71590 14007398c 71589->71590 71591->71438 71592->71589 71610 140041af0 71593->71610 71596 14007b33f 71599 14007b3eb 71596->71599 71616 1400bb730 GetCurrentDirectoryW 71596->71616 71618 140047780 41 API calls 4 library calls 71596->71618 71601 140036ef0 41 API calls 71599->71601 71603 14007b45f 71599->71603 71600 14007b50c 71601->71603 71602 14007b4c8 _Receive_impl 71602->71441 71603->71602 71619 14002ff80 41 API calls 2 library calls 71603->71619 71604->71448 71605->71450 71607 140040338 71606->71607 71608 1400403a9 71607->71608 71621 1400436e0 41 API calls Concurrency::cancel_current_task 71607->71621 71608->71452 71611 140041b05 71610->71611 71613 140041b20 71610->71613 71611->71596 71612 140041b32 71612->71596 71613->71612 71620 140047780 41 API calls 4 library calls 71613->71620 71615 140041b73 71615->71596 71617 1400bb742 __std_fs_convert_wide_to_narrow 71616->71617 71617->71596 71618->71596 71619->71600 71620->71615 71623->71458 71625 140049a5c 71624->71625 71627 140049a97 _Receive_impl 71624->71627 71626 140049b62 71625->71626 71628 140049a85 71625->71628 71629 140049aae 71625->71629 71635 14002d8b0 41 API calls 2 library calls 71626->71635 71627->71470 71628->71626 71631 140049a92 71628->71631 71629->71627 71633 1400ae200 std::_Facet_Register 41 API calls 71629->71633 71632 1400ae200 std::_Facet_Register 41 API calls 71631->71632 71632->71627 71633->71627 71634->71470 71635->71627 71636->71485 71638 140081b70 GetUserNameW 71637->71638 71638->71494 71638->71496 71640 140080ee0 InternetOpenA 71639->71640 71641 140080d22 71639->71641 71642 140080f27 InternetOpenUrlA 71640->71642 71649 140080f04 71640->71649 71669 1400ae0f0 EnterCriticalSection LeaveCriticalSection 71641->71669 71646 140080f9a HttpQueryInfoW 71642->71646 71642->71649 71645 1400adf40 _Strxfrm 4 API calls 71647 1400812c0 71645->71647 71648 140080ff7 HttpQueryInfoW 71646->71648 71646->71649 71647->71510 71651 14008104d 71648->71651 71652 140081074 InternetQueryDataAvailable 71648->71652 71649->71645 71670 140095c60 38 API calls 2 library calls 71651->71670 71654 14008125e InternetCloseHandle 71652->71654 71666 14008108f 71652->71666 71654->71649 71655 14008105c 71655->71652 71658 14008112c InternetReadFile 71659 140081218 71658->71659 71668 1400810e1 memcpy_s ctype _Receive_impl 71658->71668 71659->71654 71662 14008124d _Receive_impl 71659->71662 71665 1400812db 71659->71665 71660 1400ae200 std::_Facet_Register 41 API calls 71660->71668 71662->71654 71663 1400ae200 std::_Facet_Register 41 API calls 71663->71666 71664 1400812e6 71671 14002d8b0 41 API calls 2 library calls 71665->71671 71666->71654 71666->71658 71666->71663 71666->71665 71666->71668 71667 1400811f4 InternetQueryDataAvailable 71667->71654 71667->71668 71668->71658 71668->71659 71668->71660 71668->71665 71668->71666 71668->71667 71670->71655 71671->71664 71673 140046a86 71672->71673 71674 140046b91 71673->71674 71675 140046acc 71673->71675 71681 140046b3d 71673->71681 71683 14002d990 41 API calls 71674->71683 71677 1400ae200 std::_Facet_Register 41 API calls 71675->71677 71679 140046ae8 71677->71679 71680 1400429a0 41 API calls 71679->71680 71680->71681 71681->71524 71682->71521 71685 14007a270 71684->71685 71691 14007a2cf 71684->71691 71748 1400ae0f0 EnterCriticalSection LeaveCriticalSection 71685->71748 71691->71538 71693 14007a424 71692->71693 71694 1400adf40 _Strxfrm 4 API calls 71693->71694 71695 14007a4be 71694->71695 71696 14007a4d0 71695->71696 71697 14007a250 13 API calls 71696->71697 71698 14007a504 71697->71698 71699 14007a50d EnterCriticalSection 71698->71699 71700 14007a54c 71698->71700 71701 14007a570 LeaveCriticalSection GdipGetImageEncodersSize 71699->71701 71702 14007a51e GdiplusStartup 71699->71702 71704 1400adf40 _Strxfrm 4 API calls 71700->71704 71701->71700 71705 14007a58c 71701->71705 71702->71701 71703 14007a542 LeaveCriticalSection 71702->71703 71703->71700 71706 14007a55d IStream_Size IStream_Reset 71704->71706 71708 14007a5a8 _Strxfrm 71705->71708 71749 140079fe0 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind _Strxfrm 71705->71749 71706->71545 71706->71549 71709 14007a60d GdipGetImageEncoders 71708->71709 71710 14007a603 71708->71710 71709->71710 71711 14007a624 71709->71711 71710->71700 71750 140090d60 9 API calls 3 library calls 71710->71750 71711->71710 71713 14007a6a7 GdipCreateBitmapFromScan0 GdipSaveImageToStream 71711->71713 71714 14007a712 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 71711->71714 71715 14007a702 GdipDisposeImage 71713->71715 71716 14007a710 71713->71716 71714->71715 71717 14007a76a GdipDisposeImage 71714->71717 71715->71710 71716->71717 71717->71710 71720 140043a20 66 API calls 71719->71720 71721 140040473 71720->71721 71751 140042ea0 71721->71751 71724 140077810 71725 14007784f 71724->71725 71726 140048e80 41 API calls 71725->71726 71727 140077864 71725->71727 71726->71727 71729 140077903 71727->71729 71730 140077945 71727->71730 71728 140077914 71728->71553 71729->71728 71754 140049960 41 API calls 2 library calls 71729->71754 71755 14002ed90 41 API calls 71730->71755 71733 140077987 71734 1400b1108 Concurrency::cancel_current_task 2 API calls 71733->71734 71735 140077998 71734->71735 71756 140077580 40 API calls 71735->71756 71737 1400779bb _Receive_impl 71737->71553 71739 14007a354 DeleteObject 71738->71739 71740 14007a379 71738->71740 71739->71740 71741 14007a250 13 API calls 71740->71741 71742 14007a37e EnterCriticalSection 71741->71742 71743 14007a3b6 LeaveCriticalSection 71742->71743 71744 14007a391 EnterCriticalSection 71742->71744 71743->71536 71745 14007a3a3 GdiplusShutdown 71744->71745 71746 14007a3a9 LeaveCriticalSection 71744->71746 71745->71746 71746->71743 71747->71549 71749->71708 71750->71710 71752 140043630 43 API calls 71751->71752 71753 1400404ea 71752->71753 71753->71724 71754->71728 71755->71733 71756->71737 71758 14008b19d 71757->71758 71760 14008b29d 71758->71760 71761 14008b2c5 71758->71761 71766 14008b2b2 71758->71766 71768 14008b1a2 ctype 71758->71768 71762 14008b333 71760->71762 71763 1400ae200 std::_Facet_Register 41 API calls 71760->71763 71764 1400ae200 std::_Facet_Register 41 API calls 71761->71764 71761->71768 71770 14002d8b0 41 API calls 2 library calls 71762->71770 71763->71766 71764->71768 71766->71768 71769 14002d970 41 API calls 71766->71769 71767 14008b339 _Receive_impl 71767->71566 71768->71566 71770->71767 71791 14008fa18 71771->71791 71773 14009943d 71799 140095e1c 8 API calls _set_errno_from_matherr 71773->71799 71776 140099442 71800 140091958 38 API calls _invalid_parameter_noinfo 71776->71800 71777 140099455 71801 140099144 9 API calls 4 library calls 71777->71801 71779 14009944d 71779->71359 71781 140099480 71782 140099484 71781->71782 71802 14009f8ac 71781->71802 71782->71779 71786 14009cf0c __free_lconv_num 8 API calls 71782->71786 71785 1400994ea 71789 14009cf0c __free_lconv_num 8 API calls 71785->71789 71786->71779 71788 1400994ba 71788->71785 71810 1400992c0 8 API calls 3 library calls 71788->71810 71789->71782 71792 14008fa3c 71791->71792 71793 14008fa37 71791->71793 71792->71793 71794 140099b94 _Getctype 38 API calls 71792->71794 71793->71773 71793->71777 71795 14008fa57 71794->71795 71796 14009be1c _Getctype 38 API calls 71795->71796 71797 14008fa7a 71796->71797 71811 14009be88 38 API calls wcsftime 71797->71811 71799->71776 71800->71779 71801->71781 71803 14009f8f7 71802->71803 71808 14009f8bb wcsftime 71802->71808 71812 140095e1c 8 API calls _set_errno_from_matherr 71803->71812 71805 14009f8de HeapAlloc 71806 140099492 71805->71806 71805->71808 71806->71785 71809 1400a4054 47 API calls 3 library calls 71806->71809 71807 1400a90b4 std::_Facet_Register 2 API calls 71807->71808 71808->71803 71808->71805 71808->71807 71809->71788 71810->71785 71811->71793 71812->71806 71813->71416 71815 140088851 71816 14008887c 71815->71816 71829 140088867 71815->71829 71817 140088a4c 71816->71817 71819 140088885 71816->71819 71818 140088ab9 71817->71818 71823 140088520 4 API calls 71817->71823 71821 140088520 4 API calls 71818->71821 71820 1400888e6 memcpy_s 71819->71820 71825 140047ab0 41 API calls 71819->71825 71826 1400889de 71820->71826 71830 140088520 71820->71830 71821->71829 71822 1400adf40 _Strxfrm 4 API calls 71824 140088e0b 71822->71824 71823->71817 71825->71820 71827 140088520 4 API calls 71826->71827 71827->71829 71829->71822 71831 14008854d 71830->71831 71832 1400adf40 _Strxfrm 4 API calls 71831->71832 71833 140088e0b 71832->71833 71833->71820 71834 1400531c0 71835 1400531d7 71834->71835 71836 1400531e2 ctype 71834->71836 71837 1400531f3 ctype 71836->71837 71838 14005331d 71836->71838 71841 140091184 71836->71841 71838->71837 71840 140091184 _fread_nolock 41 API calls 71838->71840 71840->71837 71844 1400911a4 71841->71844 71843 14009119c 71843->71836 71845 1400911ce 71844->71845 71846 1400911fd 71844->71846 71845->71846 71847 14009121a 71845->71847 71849 1400911dd memcpy_s 71845->71849 71846->71843 71848 14009069c _fread_nolock EnterCriticalSection 71847->71848 71850 140091222 71848->71850 71870 140095e1c 8 API calls _set_errno_from_matherr 71849->71870 71855 140090f24 71850->71855 71853 1400911f2 71871 140091958 38 API calls _invalid_parameter_noinfo 71853->71871 71858 140090f4b memcpy_s 71855->71858 71862 140090f65 71855->71862 71856 140090f55 71892 140095e1c 8 API calls _set_errno_from_matherr 71856->71892 71858->71856 71858->71862 71868 140090fc2 memcpy_s ctype 71858->71868 71859 140090f5a 71893 140091958 38 API calls _invalid_parameter_noinfo 71859->71893 71862->71846 71863 140091143 memcpy_s 71956 140095e1c 8 API calls _set_errno_from_matherr 71863->71956 71864 1400995bc _fread_nolock 38 API calls 71864->71868 71868->71862 71868->71863 71868->71864 71872 14009d408 71868->71872 71894 140095e1c 8 API calls _set_errno_from_matherr 71868->71894 71895 140091958 38 API calls _invalid_parameter_noinfo 71868->71895 71896 14009efbc 71868->71896 71870->71853 71871->71846 71873 14009d425 71872->71873 71876 14009d43a 71872->71876 71984 140095e1c 8 API calls _set_errno_from_matherr 71873->71984 71875 14009d42a 71985 140091958 38 API calls _invalid_parameter_noinfo 71875->71985 71878 14009d47d 71876->71878 71886 14009d435 71876->71886 71986 14009e988 8 API calls 2 library calls 71876->71986 71880 1400995bc _fread_nolock 38 API calls 71878->71880 71881 14009d48f 71880->71881 71957 14009eea0 71881->71957 71883 14009d49c 71884 1400995bc _fread_nolock 38 API calls 71883->71884 71883->71886 71885 14009d4bd 71884->71885 71885->71886 71887 1400995bc _fread_nolock 38 API calls 71885->71887 71886->71868 71888 14009d4c9 71887->71888 71888->71886 71889 1400995bc _fread_nolock 38 API calls 71888->71889 71890 14009d4d6 71889->71890 71891 1400995bc _fread_nolock 38 API calls 71890->71891 71891->71886 71892->71859 71893->71862 71894->71868 71895->71868 71897 14009efdf 71896->71897 71898 14009eff7 71896->71898 72004 140095dfc 8 API calls _set_errno_from_matherr 71897->72004 71900 14009f3db 71898->71900 71905 14009f046 71898->71905 72019 140095dfc 8 API calls _set_errno_from_matherr 71900->72019 71902 14009efe4 72005 140095e1c 8 API calls _set_errno_from_matherr 71902->72005 71903 14009f3e0 72020 140095e1c 8 API calls _set_errno_from_matherr 71903->72020 71907 14009efec 71905->71907 71908 14009f04f 71905->71908 71913 14009f07d 71905->71913 71907->71868 72006 140095dfc 8 API calls _set_errno_from_matherr 71908->72006 71909 14009f05c 72021 140091958 38 API calls _invalid_parameter_noinfo 71909->72021 71911 14009f054 72007 140095e1c 8 API calls _set_errno_from_matherr 71911->72007 71915 14009f0a3 71913->71915 71916 14009f0e0 71913->71916 71917 14009f0b2 71913->71917 71915->71917 71941 14009f0ce 71915->71941 71918 14009f8ac wcsftime 9 API calls 71916->71918 72008 140095dfc 8 API calls _set_errno_from_matherr 71917->72008 71920 14009f0f3 71918->71920 71922 14009cf0c __free_lconv_num 8 API calls 71920->71922 71921 14009f0b7 72009 140095e1c 8 API calls _set_errno_from_matherr 71921->72009 71925 14009f0fd 71922->71925 71928 14009cf0c __free_lconv_num 8 API calls 71925->71928 71927 14009f0be 72010 140091958 38 API calls _invalid_parameter_noinfo 71927->72010 71931 14009f104 71928->71931 71929 14009f283 _fread_nolock 71939 14009f277 71929->71939 71943 14009f3a1 __std_fs_convert_wide_to_narrow 71929->71943 71934 14009f10c 71931->71934 71935 14009f127 71931->71935 71932 14009f215 GetConsoleMode 71932->71929 71933 14009f229 71932->71933 71933->71929 71936 14009f233 ReadConsoleW 71933->71936 72011 140095e1c 8 API calls _set_errno_from_matherr 71934->72011 72013 14009f680 38 API calls 2 library calls 71935->72013 71936->71939 71949 14009f258 __std_fs_convert_wide_to_narrow 71936->71949 71945 14009f2ea 71939->71945 71946 14009f30f 71939->71946 71955 14009f0c9 71939->71955 71940 14009cf0c __free_lconv_num 8 API calls 71940->71907 71996 1400a8e00 71941->71996 71942 14009f111 72012 140095dfc 8 API calls _set_errno_from_matherr 71942->72012 71948 14009f3ac 71943->71948 71943->71949 72015 14009ebcc 38 API calls 4 library calls 71945->72015 71946->71955 72016 14009e9f4 38 API calls _fread_nolock 71946->72016 72017 140095e1c 8 API calls _set_errno_from_matherr 71948->72017 71949->71955 72014 140095d90 8 API calls 2 library calls 71949->72014 71953 14009f3b1 72018 140095dfc 8 API calls _set_errno_from_matherr 71953->72018 71955->71940 71956->71859 71958 14009eeca 71957->71958 71959 14009eee2 71957->71959 71989 140095dfc 8 API calls _set_errno_from_matherr 71958->71989 71961 14009ef84 71959->71961 71964 14009ef1a 71959->71964 71993 140095dfc 8 API calls _set_errno_from_matherr 71961->71993 71963 14009eecf 71990 140095e1c 8 API calls _set_errno_from_matherr 71963->71990 71967 14009ef23 71964->71967 71968 14009ef38 71964->71968 71965 14009ef89 71994 140095e1c 8 API calls _set_errno_from_matherr 71965->71994 71991 140095dfc 8 API calls _set_errno_from_matherr 71967->71991 71987 1400a49b8 EnterCriticalSection 71968->71987 71972 14009ef30 71995 140091958 38 API calls _invalid_parameter_noinfo 71972->71995 71973 14009ef28 71992 140095e1c 8 API calls _set_errno_from_matherr 71973->71992 71974 14009ef3f 71976 14009ef6a 71974->71976 71977 14009ef55 71974->71977 71980 14009efbc _fread_nolock 41 API calls 71976->71980 71979 140095e1c _set_errno_from_matherr 8 API calls 71977->71979 71981 14009ef5a 71979->71981 71983 14009eed7 71980->71983 71982 140095dfc _fread_nolock 8 API calls 71981->71982 71982->71983 71983->71883 71984->71875 71985->71886 71986->71878 71988 1400d7208 71987->71988 71989->71963 71990->71983 71991->71973 71992->71972 71993->71965 71994->71972 71995->71983 71997 1400a8e09 71996->71997 71998 1400a8e16 71996->71998 72022 140095e1c 8 API calls _set_errno_from_matherr 71997->72022 72002 14009f1f5 71998->72002 72023 140095e1c 8 API calls _set_errno_from_matherr 71998->72023 72001 1400a8e4d 72024 140091958 38 API calls _invalid_parameter_noinfo 72001->72024 72002->71929 72002->71932 72004->71902 72005->71907 72006->71911 72007->71909 72008->71921 72009->71927 72010->71955 72011->71942 72012->71955 72013->71941 72014->71955 72015->71955 72016->71955 72017->71953 72018->71955 72019->71903 72020->71909 72021->71907 72022->72002 72023->72001 72024->72002 72025 140047159 72026 140047177 72025->72026 72027 1400471b6 72026->72027 72028 1400471e2 72026->72028 72029 1400471c3 72027->72029 72030 14004726e 72027->72030 72032 1400ae200 std::_Facet_Register 41 API calls 72028->72032 72034 1400471cb ctype _Receive_impl 72028->72034 72031 1400ae200 std::_Facet_Register 41 API calls 72029->72031 72035 14002d8b0 41 API calls 2 library calls 72030->72035 72031->72034 72032->72034 72035->72034 72036 140099758 72037 1400995bc _fread_nolock 38 API calls 72036->72037 72038 140099777 72037->72038 72039 1400997b5 72038->72039 72040 14009977e 72038->72040 72058 1400996dc 38 API calls _fread_nolock 72038->72058 72039->72040 72042 1400997f5 72039->72042 72059 14009e2ac 38 API calls 2 library calls 72039->72059 72047 1400995e4 72042->72047 72045 1400997e9 72045->72042 72060 14009e988 8 API calls 2 library calls 72045->72060 72048 1400995bc _fread_nolock 38 API calls 72047->72048 72049 140099609 72048->72049 72050 1400996a9 72049->72050 72051 140099618 72049->72051 72070 14009cad4 38 API calls 2 library calls 72050->72070 72052 140099636 72051->72052 72056 140099654 72051->72056 72069 14009cad4 38 API calls 2 library calls 72052->72069 72055 140099644 72055->72040 72056->72055 72061 14009f5dc 72056->72061 72058->72039 72059->72045 72060->72042 72062 14009f60c 72061->72062 72071 14009f408 72062->72071 72064 14009f625 72065 14009f64b 72064->72065 72080 14008f918 38 API calls 3 library calls 72064->72080 72066 14009f660 72065->72066 72081 14008f918 38 API calls 3 library calls 72065->72081 72066->72055 72069->72055 72070->72055 72072 14009f451 72071->72072 72079 14009f435 72071->72079 72073 14009f4df 72072->72073 72075 14009f489 72072->72075 72087 140091888 38 API calls _invalid_parameter_noinfo 72073->72087 72076 1400a49b8 _fread_nolock EnterCriticalSection 72075->72076 72077 14009f490 72076->72077 72077->72079 72082 14009f530 72077->72082 72079->72064 72080->72065 72081->72066 72088 1400a4cc4 72082->72088 72085 14009f56e SetFilePointerEx 72086 14009f55d __std_fs_convert_wide_to_narrow _fread_nolock 72085->72086 72086->72079 72087->72079 72089 1400a4ccd 72088->72089 72091 1400a4ce2 72088->72091 72100 140095dfc 8 API calls _set_errno_from_matherr 72089->72100 72096 14009f557 72091->72096 72102 140095dfc 8 API calls _set_errno_from_matherr 72091->72102 72092 1400a4cd2 72101 140095e1c 8 API calls _set_errno_from_matherr 72092->72101 72095 1400a4d1d 72103 140095e1c 8 API calls _set_errno_from_matherr 72095->72103 72096->72085 72096->72086 72098 1400a4d25 72104 140091958 38 API calls _invalid_parameter_noinfo 72098->72104 72100->72092 72101->72096 72102->72095 72103->72098 72104->72096 72105 140088578 72106 14008859e 72105->72106 72125 140088589 72105->72125 72107 1400885a7 72106->72107 72121 14008874b 72106->72121 72109 140041d90 41 API calls 72107->72109 72122 140088601 72107->72122 72108 1400887f7 72112 140088f60 43 API calls 72108->72112 72109->72122 72110 1400adf40 _Strxfrm 4 API calls 72111 140088e0b 72110->72111 72113 140088810 72112->72113 72117 140088520 4 API calls 72113->72117 72114 140088f60 43 API calls 72114->72121 72115 1400886c0 72116 140088f60 43 API calls 72115->72116 72119 1400886f2 72116->72119 72117->72125 72118 140088f60 43 API calls 72118->72122 72123 140088520 4 API calls 72119->72123 72120 140088520 4 API calls 72120->72121 72121->72108 72121->72114 72121->72120 72122->72115 72122->72118 72124 140088520 4 API calls 72122->72124 72123->72125 72124->72122 72125->72110

                                            Executed Functions

                                            Function 0000000140081580 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225windowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
                                            • String ID:
                                            • API String ID: 3214587331-3916222277
                                            • Opcode ID: 8507eae6e127520d5fd2d5e599d7727f0d7f940a95fba6922d6dc85d00d11c1d
                                            • Instruction ID: 7acbdb5b1728fdebe35a056424210b53f97045402e049f6f50554125dd802b88
                                            • Opcode Fuzzy Hash: 8507eae6e127520d5fd2d5e599d7727f0d7f940a95fba6922d6dc85d00d11c1d
                                            • Instruction Fuzzy Hash: F9B13E32208BC086E761DB22E8547DEB7A5FBD9BC0F408515EA8E43B69DF7CC1858B50
                                            Function 00000001400BB76C Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 40 1400bb76c-1400bb7ac 41 1400bb7ae-1400bb7b5 40->41 42 1400bb7c1-1400bb7ca 40->42 41->42 43 1400bb7b7-1400bb7bc 41->43 44 1400bb7cc-1400bb7cf 42->44 45 1400bb7e6-1400bb7e8 42->45 46 1400bba40-1400bba66 call 1400adf40 43->46 44->45 47 1400bb7d1-1400bb7d9 44->47 48 1400bba3e 45->48 49 1400bb7ee-1400bb7f2 45->49 53 1400bb7db-1400bb7dd 47->53 54 1400bb7df-1400bb7e2 47->54 48->46 50 1400bb8c9-1400bb8f0 call 1400bbb40 49->50 51 1400bb7f8-1400bb7fb 49->51 64 1400bb912-1400bb91b 50->64 65 1400bb8f2-1400bb8fb 50->65 55 1400bb80f-1400bb821 GetFileAttributesExW 51->55 56 1400bb7fd-1400bb805 51->56 53->45 53->54 54->45 60 1400bb874-1400bb883 55->60 61 1400bb823-1400bb82c call 1400d7168 55->61 56->55 59 1400bb807-1400bb809 56->59 59->50 59->55 66 1400bb887-1400bb889 60->66 61->46 76 1400bb832-1400bb844 FindFirstFileW 61->76 72 1400bb9cf-1400bb9d8 64->72 73 1400bb921-1400bb939 GetFileInformationByHandleEx 64->73 70 1400bb90b-1400bb90d 65->70 71 1400bb8fd-1400bb905 call 1400d7140 65->71 67 1400bb88b-1400bb893 66->67 68 1400bb895-1400bb8c3 66->68 67->50 67->68 68->48 68->50 70->46 71->70 95 1400bba81-1400bba86 call 1400ab1c0 71->95 74 1400bb9da-1400bb9ee GetFileInformationByHandleEx 72->74 75 1400bba27-1400bba29 72->75 78 1400bb93b-1400bb947 call 1400d7168 73->78 79 1400bb961-1400bb97a 73->79 80 1400bb9f0-1400bb9fc call 1400d7168 74->80 81 1400bba14-1400bba24 74->81 86 1400bba2b-1400bba2f 75->86 87 1400bba67-1400bba6b 75->87 83 1400bb851-1400bb872 call 1400d7110 76->83 84 1400bb846-1400bb84c call 1400d7168 76->84 108 1400bb95a-1400bb95c 78->108 109 1400bb949-1400bb954 call 1400d7140 78->109 79->72 82 1400bb97c-1400bb980 79->82 80->108 111 1400bba02-1400bba0d call 1400d7140 80->111 81->75 92 1400bb982-1400bb99c GetFileInformationByHandleEx 82->92 93 1400bb9c8 82->93 83->66 84->46 86->48 97 1400bba31-1400bba3c call 1400d7140 86->97 90 1400bba7a-1400bba7f 87->90 91 1400bba6d-1400bba78 call 1400d7140 87->91 90->46 91->90 91->95 101 1400bb9bf-1400bb9c6 92->101 102 1400bb99e-1400bb9aa call 1400d7168 92->102 107 1400bb9cc 93->107 119 1400bba87-1400bba8c call 1400ab1c0 95->119 97->48 97->95 101->107 102->108 122 1400bb9ac-1400bb9b7 call 1400d7140 102->122 107->72 108->46 109->108 120 1400bba93-1400bba9b call 1400ab1c0 109->120 125 1400bba0f 111->125 126 1400bba8d-1400bba92 call 1400ab1c0 111->126 119->126 122->119 133 1400bb9bd 122->133 125->108 126->120 133->108
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                                            • String ID:
                                            • API String ID: 2398595512-0
                                            • Opcode ID: bfb389c9a219f6e3a5f4b256f69d65311ef631e076c0c695385b0534e1d94cbf
                                            • Instruction ID: e43cbf2889c881592d797453b3e83a27f85f85a0e1f4208ea948725584557cef
                                            • Opcode Fuzzy Hash: bfb389c9a219f6e3a5f4b256f69d65311ef631e076c0c695385b0534e1d94cbf
                                            • Instruction Fuzzy Hash: A5918F31604E0147E7768F6BA8147AA26A0EB9D7F4F544314FBBA47BF4DBB8CA058700
                                            Function 0000000140083A60 Relevance: 22.6, APIs: 3, Strings: 9, Instructions: 1618COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Name$ComputerCurrentDevicesDisplayEnumFileGlobalMemoryModuleProfileStatusUserValuewcsftime
                                            • String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                            • API String ID: 4154315062-1182675529
                                            • Opcode ID: e2add8a9b6dc879c2399997afe7a11ec08e9ac9fd2808bc2de6f960079b52043
                                            • Instruction ID: 81603b826d2a0a0d7b23b5cd3d8acb831499e8318948b933adb4b2440ebc7b43
                                            • Opcode Fuzzy Hash: e2add8a9b6dc879c2399997afe7a11ec08e9ac9fd2808bc2de6f960079b52043
                                            • Instruction Fuzzy Hash: FE035B73614BC589EB228F65D8803DD37A1F799788F509216EB9D17BAAEF74C284C700
                                            Function 000000014003D930 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 864libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 625 14003d930-14003da20 LoadLibraryA 626 14003e8d7-14003e8e1 625->626 627 14003da26-14003dddf call 1400d7150 * 6 625->627 629 14003e8e3-14003e8e5 626->629 630 14003e8f0-14003e8f3 626->630 627->626 648 14003dde5-14003dde8 627->648 629->630 632 14003e8f5-14003e8f8 call 1400d7160 630->632 633 14003e8fe-14003e92d call 1400adf40 630->633 632->633 648->626 649 14003ddee-14003ddf1 648->649 649->626 650 14003ddf7-14003ddfa 649->650 650->626 651 14003de00-14003de03 650->651 651->626 652 14003de09-14003de0c 651->652 652->626 653 14003de12-14003de20 652->653 654 14003de24-14003de26 653->654 654->626 655 14003de2c-14003de38 654->655 655->626 656 14003de3e 655->656 657 14003de43-14003de5e 656->657 659 14003de64-14003de82 657->659 660 14003e8be-14003e8ca 657->660 659->660 663 14003de88-14003de9a 659->663 660->657 661 14003e8d0 660->661 661->626 664 14003e8a5-14003e8b7 663->664 665 14003dea0 663->665 664->660 666 14003dea4-14003def5 call 1400ae200 665->666 671 14003e174 666->671 672 14003defb-14003df02 666->672 674 14003e176-14003e17d 671->674 672->671 673 14003df08-14003dffb call 140073890 call 1400443f0 call 1400446c0 672->673 699 14003e002-14003e00a 673->699 676 14003e3f4-14003e430 674->676 677 14003e183-14003e18a 674->677 685 14003e6c7-14003e6c9 676->685 686 14003e436-14003e444 676->686 677->676 679 14003e190-14003e27e call 140073890 call 1400443f0 call 1400446c0 677->679 711 14003e285-14003e28d 679->711 689 14003e877-14003e88d call 140040580 685->689 690 14003e6cf-14003e7f4 call 140032280 call 140040f20 call 140032280 call 140040f20 call 140043140 call 1400ae200 call 14005a7f0 685->690 687 14003e44a-14003e451 686->687 688 14003e6c0-14003e6c3 686->688 687->688 696 14003e457-14003e54c call 140073890 call 1400443f0 call 1400446c0 687->696 688->685 693 14003e6c5 688->693 705 14003e893-14003e89e 689->705 706 14003dea2 689->706 785 14003e7f6-14003e7f8 690->785 786 14003e800-14003e819 call 1400429a0 690->786 693->685 728 14003e550-14003e557 696->728 699->699 704 14003e00c-14003e066 call 140032280 call 1400459e0 call 140043140 699->704 734 14003e068-14003e079 704->734 735 14003e099-14003e0c3 704->735 705->664 706->666 711->711 715 14003e28f-14003e2e8 call 140032280 call 1400459e0 call 140043140 711->715 750 14003e31b-14003e345 715->750 751 14003e2ea-14003e2fb 715->751 728->728 732 14003e559-14003e5b2 call 140032280 call 1400459e0 call 140043140 728->732 791 14003e5b4-14003e5c5 732->791 792 14003e5e5-14003e60e 732->792 739 14003e094 call 1400adf60 734->739 740 14003e07b-14003e08e 734->740 743 14003e0c5-14003e0d9 735->743 744 14003e0fb-14003e121 735->744 739->735 740->739 748 14003e98c-14003e991 call 140091978 740->748 753 14003e0f4-14003e0f9 call 1400adf60 743->753 754 14003e0db-14003e0ee 743->754 746 14003e123-14003e137 744->746 747 14003e159-14003e172 744->747 760 14003e152-14003e157 call 1400adf60 746->760 761 14003e139-14003e14c 746->761 747->674 766 14003e992-14003e997 call 140091978 748->766 756 14003e347-14003e35b 750->756 757 14003e37d-14003e3a3 750->757 763 14003e316 call 1400adf60 751->763 764 14003e2fd-14003e310 751->764 753->744 754->753 754->766 767 14003e376-14003e37b call 1400adf60 756->767 768 14003e35d-14003e370 756->768 773 14003e3a5-14003e3b9 757->773 774 14003e3db-14003e3ed 757->774 760->747 761->760 771 14003e998-14003e99d call 140091978 761->771 763->750 764->763 777 14003e99e-14003e9a3 call 140091978 764->777 766->771 767->757 768->767 784 14003e9a4-14003e9a9 call 140091978 768->784 771->777 788 14003e3d4-14003e3d9 call 1400adf60 773->788 789 14003e3bb-14003e3ce 773->789 774->676 777->784 798 14003e9aa-14003e9af call 140091978 784->798 794 14003e934-14003e985 call 140042b60 call 140046710 call 1400467e0 call 1400b1108 785->794 795 14003e7fe 785->795 806 14003e81d-14003e829 786->806 788->774 789->788 789->798 802 14003e5c7-14003e5da 791->802 803 14003e5e0 call 1400adf60 791->803 807 14003e644-14003e66a 792->807 808 14003e610-14003e624 792->808 834 14003e986-14003e98b call 140091978 794->834 795->806 812 14003e9b0-14003e9b5 call 140091978 798->812 802->803 802->812 803->792 817 14003e82b-14003e84e 806->817 818 14003e850-14003e85a call 14004bbd0 806->818 820 14003e66c-14003e680 807->820 821 14003e6a0-14003e6b9 807->821 815 14003e626-14003e639 808->815 816 14003e63f call 1400adf60 808->816 815->816 823 14003e92e-14003e933 call 140091978 815->823 816->807 825 14003e85f-14003e870 call 140043140 817->825 818->825 828 14003e682-14003e695 820->828 829 14003e69b call 1400adf60 820->829 821->688 823->794 825->689 828->829 828->834 829->821 834->748
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: AddressProc$Library$FreeLoad
                                            • String ID: cannot use push_back() with $system$vault
                                            • API String ID: 2449869053-1741236777
                                            • Opcode ID: fc1c4ef483ef86d24e2d3782b80fc56eaf6377bdc0ca023e7ec5893cc03d9ada
                                            • Instruction ID: 8ce8de93697553b4eeb946b80e2a49e7aa0d382d9d6c57aa8f8402b38374bf21
                                            • Opcode Fuzzy Hash: fc1c4ef483ef86d24e2d3782b80fc56eaf6377bdc0ca023e7ec5893cc03d9ada
                                            • Instruction Fuzzy Hash: 92924D32605BC48AEB628F2AE8443DE77B4F789798F504215EB9C57BA9EF34C654C700
                                            Function 0000000140078020 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 256synchronizationCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 930 140078020-140078059 call 14007b120 933 140078085-14007813b call 1400878b0 * 2 call 140083a60 call 140078c00 930->933 934 14007805b-140078084 call 14007b510 call 140086460 call 140041c10 ExitProcess 930->934 949 14007816f-1400781ac OpenMutexA 933->949 950 14007813d-14007814f 933->950 934->933 951 1400781ae-1400781b9 ExitProcess 949->951 952 1400781ba-1400781fa CreateMutexA call 1400726b0 call 14007b650 949->952 953 140078151-140078164 950->953 954 14007816a call 1400adf60 950->954 951->952 964 140078208-14007828c call 140083d70 call 14003d930 call 14003e9c0 call 14003f060 call 14003fe70 call 14003cde0 call 140062c50 call 140065930 call 140033180 call 14003b1e0 call 140039c00 call 140078e30 call 14003c300 call 140037d70 call 140035030 call 140082d90 952->964 965 1400781fc-140078207 ExitProcess 952->965 953->954 956 140078469-14007846e call 140091978 953->956 954->949 963 14007846f-140078474 call 140091978 956->963 970 140078475-14007847a call 140091978 963->970 1008 1400782a6-1400782b1 964->1008 1009 14007828e 964->1009 965->964 975 14007847b-140078480 call 140091978 970->975 1010 1400782b3-1400782be 1008->1010 1011 140078329-140078360 call 14007a7a0 call 140037350 1008->1011 1012 140078290-140078298 call 140037350 1009->1012 1013 1400782c0-1400782cf call 14002f910 1010->1013 1014 1400782d9-1400782f2 1010->1014 1028 140078362-140078379 1011->1028 1029 140078399-1400783ad call 140080480 1011->1029 1021 14007829d-1400782a4 1012->1021 1025 1400782d1 1013->1025 1018 1400782f4-140078307 1014->1018 1019 14007830d-140078321 call 1400adf60 1014->1019 1018->963 1018->1019 1019->1011 1021->1008 1021->1012 1025->1014 1030 140078394 call 1400adf60 1028->1030 1031 14007837b-14007838e 1028->1031 1034 1400783b2-1400783c2 call 140077630 1029->1034 1030->1029 1031->970 1031->1030 1038 1400783d6-1400783dd 1034->1038 1039 1400783c4-1400783d0 ReleaseMutex call 1400d7140 1034->1039 1041 1400783e5-1400783f1 1038->1041 1042 1400783df-1400783e4 call 140078490 1038->1042 1039->1038 1043 140078424-140078468 call 1400adf40 1041->1043 1044 1400783f3-140078408 1041->1044 1042->1041 1046 14007841f call 1400adf60 1044->1046 1047 14007840a-14007841d 1044->1047 1046->1043 1047->975 1047->1046
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Process$Exit$MutexOpenToken$CreateCurrentFileInformationInitializeModuleName
                                            • String ID: SeDebugPrivilege$SeImpersonatePrivilege
                                            • API String ID: 470559343-3768118664
                                            • Opcode ID: 27d7f94316964863325b27f389168ecd7c90451abd8ed8b0671e222d8601362b
                                            • Instruction ID: 9b187cf00e7220f93e114ed37885140c84941edb2b52332920d67cea5f3d9ee1
                                            • Opcode Fuzzy Hash: 27d7f94316964863325b27f389168ecd7c90451abd8ed8b0671e222d8601362b
                                            • Instruction Fuzzy Hash: 20B17C72258B8481FA22AB66E4453DEA361FB8DBD0F504615FB9D43AFADF7CC1818700
                                            Function 00000001400A22FC Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335timeCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1052 1400a22fc-1400a2337 call 1400a199c call 1400a19a4 call 1400a1a0c 1059 1400a233d-1400a2348 call 1400a19ac 1052->1059 1060 1400a2561-1400a25ad call 1400919a8 call 1400a199c call 1400a19a4 call 1400a1a0c 1052->1060 1059->1060 1065 1400a234e-1400a2358 1059->1065 1087 1400a26eb-1400a2759 call 1400919a8 call 1400aad20 1060->1087 1088 1400a25b3-1400a25be call 1400a19ac 1060->1088 1067 1400a237a-1400a237e 1065->1067 1068 1400a235a-1400a235d 1065->1068 1071 1400a2381-1400a2389 1067->1071 1070 1400a2360-1400a236b 1068->1070 1073 1400a236d-1400a2374 1070->1073 1074 1400a2376-1400a2378 1070->1074 1071->1071 1075 1400a238b-1400a239e call 14009f8ac 1071->1075 1073->1070 1073->1074 1074->1067 1077 1400a23a7-1400a23b5 1074->1077 1082 1400a23a0-1400a23a2 call 14009cf0c 1075->1082 1083 1400a23b6-1400a23c2 call 14009cf0c 1075->1083 1082->1077 1093 1400a23c9-1400a23d1 1083->1093 1106 1400a275b-1400a2762 1087->1106 1107 1400a2767-1400a276a 1087->1107 1088->1087 1095 1400a25c4-1400a25cf call 1400a19dc 1088->1095 1093->1093 1096 1400a23d3-1400a23e4 call 1400a7454 1093->1096 1095->1087 1104 1400a25d5-1400a25f8 call 14009cf0c GetTimeZoneInformation 1095->1104 1096->1060 1105 1400a23ea-1400a2440 call 1400b08f0 * 4 call 1400a2218 1096->1105 1121 1400a26c0-1400a26ea call 1400a1994 call 1400a1984 call 1400a198c 1104->1121 1122 1400a25fe-1400a261f 1104->1122 1164 1400a2442-1400a2446 1105->1164 1112 1400a27f7-1400a27fa 1106->1112 1108 1400a276c 1107->1108 1109 1400a27a1-1400a27b4 call 14009f8ac 1107->1109 1113 1400a276f 1108->1113 1129 1400a27bf-1400a27da call 1400aad20 1109->1129 1130 1400a27b6 1109->1130 1112->1113 1114 1400a2800-1400a2808 call 1400a22fc 1112->1114 1119 1400a2774-1400a27a0 call 14009cf0c call 1400adf40 1113->1119 1120 1400a276f call 1400a2578 1113->1120 1114->1119 1120->1119 1126 1400a262a-1400a2631 1122->1126 1127 1400a2621-1400a2627 1122->1127 1134 1400a2633-1400a263b 1126->1134 1135 1400a2645 1126->1135 1127->1126 1148 1400a27dc-1400a27df 1129->1148 1149 1400a27e1-1400a27f3 call 14009cf0c 1129->1149 1137 1400a27b8-1400a27bd call 14009cf0c 1130->1137 1134->1135 1141 1400a263d-1400a2643 1134->1141 1145 1400a2647-1400a26bb call 1400b08f0 * 4 call 1400a5e00 call 1400a2810 * 2 1135->1145 1137->1108 1141->1145 1145->1121 1148->1137 1149->1112 1166 1400a244c-1400a2450 1164->1166 1167 1400a2448 1164->1167 1166->1164 1169 1400a2452-1400a2477 call 140095c60 1166->1169 1167->1166 1175 1400a247a-1400a247e 1169->1175 1177 1400a2480-1400a248b 1175->1177 1178 1400a248d-1400a2491 1175->1178 1177->1178 1180 1400a2493-1400a2497 1177->1180 1178->1175 1183 1400a2499-1400a24c1 call 140095c60 1180->1183 1184 1400a2518-1400a251c 1180->1184 1193 1400a24df-1400a24e3 1183->1193 1194 1400a24c3 1183->1194 1185 1400a251e-1400a2520 1184->1185 1186 1400a2523-1400a2530 1184->1186 1185->1186 1188 1400a254b-1400a255a call 1400a1994 call 1400a1984 1186->1188 1189 1400a2532-1400a2548 call 1400a2218 1186->1189 1188->1060 1189->1188 1193->1184 1197 1400a24e5-1400a2503 call 140095c60 1193->1197 1195 1400a24c6-1400a24cd 1194->1195 1195->1193 1199 1400a24cf-1400a24dd 1195->1199 1204 1400a250f-1400a2516 1197->1204 1199->1193 1199->1195 1204->1184 1205 1400a2505-1400a2509 1204->1205 1205->1184 1206 1400a250b 1205->1206 1206->1204
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _get_daylight$_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                            • API String ID: 355007559-239921721
                                            • Opcode ID: 698478b1b6a5c3b2bc9f12d9f458d4d9d17b33579bfc92f55f84ff21dc36e5c8
                                            • Instruction ID: 5f9a1437c7f8d517a1c1ecab5cd7933d90f0a7c4f415f6426a54c213b5c2d337
                                            • Opcode Fuzzy Hash: 698478b1b6a5c3b2bc9f12d9f458d4d9d17b33579bfc92f55f84ff21dc36e5c8
                                            • Instruction Fuzzy Hash: 78D1927670064086EB26EF2BD8917E96761F7ACBD4F448235FF49476A5EB38C481CB40
                                            Function 0000000140080CC0 Relevance: 13.9, APIs: 9, Instructions: 377networkfileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1207 140080cc0-140080d1c 1208 140080ee0-140080f02 InternetOpenA 1207->1208 1209 140080d22-140080d35 call 1400ae0f0 1207->1209 1210 140080f04-140080f22 1208->1210 1211 140080f27-140080f40 1208->1211 1209->1208 1220 140080d3b-140080eab 1209->1220 1213 1400812b1-1400812da call 1400adf40 1210->1213 1214 140080f42 1211->1214 1215 140080f45-140080f72 InternetOpenUrlA 1211->1215 1214->1215 1218 140080f9a-140080fc5 HttpQueryInfoW 1215->1218 1219 140080f74-140080f95 1215->1219 1223 140080ff7-14008104b HttpQueryInfoW 1218->1223 1224 140080fc7-140080ff2 1218->1224 1222 1400812a8 1219->1222 1225 140080eb0-140080eb8 1220->1225 1222->1213 1227 14008104d-140081061 call 140095c60 1223->1227 1228 140081074-140081089 InternetQueryDataAvailable 1223->1228 1224->1222 1225->1225 1226 140080eba-140080edb call 140032280 call 1400ae544 call 1400ae090 1225->1226 1226->1208 1227->1228 1238 140081063-140081070 call 140047130 1227->1238 1230 14008125e-1400812a4 InternetCloseHandle 1228->1230 1231 14008108f 1228->1231 1230->1222 1236 140081094-140081099 1231->1236 1236->1230 1239 14008109f-1400810b9 1236->1239 1238->1228 1242 1400810bb-1400810c1 1239->1242 1243 14008112c-140081143 InternetReadFile 1239->1243 1248 1400810ef-1400810f2 call 1400ae200 1242->1248 1249 1400810c3-1400810ca 1242->1249 1246 140081149-14008114e 1243->1246 1247 140081218-14008121f 1243->1247 1246->1247 1251 140081154-14008115f 1246->1251 1247->1230 1252 140081221-140081232 1247->1252 1255 1400810f7-140081127 call 1400b08f0 1248->1255 1253 1400810d0-1400810db call 1400ae200 1249->1253 1254 1400812e1-1400812e6 call 14002d8b0 1249->1254 1257 14008118e-1400811a7 call 140047c60 1251->1257 1258 140081161-14008118c call 1400b0240 1251->1258 1259 14008124d-14008125a call 1400adf60 1252->1259 1260 140081234-140081247 1252->1260 1265 1400812db-1400812e0 call 140091978 1253->1265 1274 1400810e1-1400810ed 1253->1274 1255->1243 1276 1400811a8-1400811af 1257->1276 1258->1276 1259->1230 1260->1259 1260->1265 1265->1254 1274->1255 1277 1400811b1-1400811c2 1276->1277 1278 1400811f2 1276->1278 1280 1400811dd-1400811f0 call 1400adf60 1277->1280 1281 1400811c4-1400811d7 1277->1281 1279 1400811f4-140081209 InternetQueryDataAvailable 1278->1279 1279->1230 1283 14008120b-140081213 1279->1283 1280->1279 1281->1265 1281->1280 1283->1236
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskCriticalEnterFileHandleReadSection
                                            • String ID:
                                            • API String ID: 2604747929-0
                                            • Opcode ID: fc8e716130ba1c2eaac3aa80c3733a8122ffad3a7fe1aabccc742a6cd15a0ec3
                                            • Instruction ID: 1dbb50cf0e822a0a1ee51d8925ea7e92eca3ec5a1efa77562424804ef6e08756
                                            • Opcode Fuzzy Hash: fc8e716130ba1c2eaac3aa80c3733a8122ffad3a7fe1aabccc742a6cd15a0ec3
                                            • Instruction Fuzzy Hash: 64026A32A24B9489FB41CB66E8407DD77B4F788B98F105215EF8D57BA9EB78C190C740
                                            Function 000000014007A8F0 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 452fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1358 14007a8f0-14007a977 call 1400308d0 1361 14007b02e-14007b030 1358->1361 1362 14007a97d-14007a985 1358->1362 1363 14007b032-14007b036 1361->1363 1364 14007b06c-14007b082 call 140030100 1361->1364 1362->1363 1365 14007a98b-14007a9de call 1400b08f0 call 140089550 1362->1365 1366 14007b03e-14007b06b call 1400adf40 1363->1366 1374 14007b083-14007b088 call 140091978 1364->1374 1377 14007a9e4-14007a9ec 1365->1377 1378 14007ae29-14007ae65 call 140056b90 call 140056ab0 1365->1378 1383 14007b089-14007b0bf call 14002db80 call 14002ed90 call 1400b1108 1374->1383 1380 14007a9f1-14007aa14 call 140085720 call 140085920 1377->1380 1381 14007a9ee 1377->1381 1394 14007ae67-14007ae78 call 140047130 1378->1394 1395 14007ae84-14007aeee call 140056b90 call 1400896f0 1378->1395 1397 14007ab0a-14007ab24 GetFileSize 1380->1397 1398 14007aa1a-14007aa30 1380->1398 1381->1380 1411 14007b0c0-14007b0c3 1383->1411 1404 14007ae7d 1394->1404 1423 14007aef3-14007af12 1395->1423 1407 14007ab26-14007ab49 1397->1407 1408 14007ab4b-14007ab61 1397->1408 1402 14007aa66-14007ab05 call 1400539a0 call 1400bc820 1398->1402 1403 14007aa32-14007aa46 1398->1403 1402->1366 1409 14007aa48-14007aa5b 1403->1409 1410 14007aa61 call 1400adf60 1403->1410 1404->1395 1414 14007abb0-14007abf9 SetFilePointer call 1400d7190 1407->1414 1415 14007ab93-14007abab call 140047ab0 1408->1415 1416 14007ab63-14007ab91 call 1400b08f0 1408->1416 1409->1374 1409->1410 1410->1402 1420 14007b0c5-14007b0cc 1411->1420 1421 14007b0ce-14007b0df 1411->1421 1430 14007abff-14007ac51 1414->1430 1431 14007ad2b-14007ad4f 1414->1431 1415->1414 1416->1414 1427 14007b0e3-14007b115 call 14002db80 call 14002ed90 call 1400b1108 1420->1427 1421->1427 1423->1383 1429 14007af18-14007af24 call 140054200 1423->1429 1440 14007af26-14007af4d 1429->1440 1441 14007af53-14007b02c call 1400539a0 call 1400bc820 1429->1441 1445 14007ac87-14007ad26 call 1400539a0 call 1400bc820 1430->1445 1446 14007ac53-14007ac67 1430->1446 1443 14007ad85-14007ae24 call 1400539a0 call 1400bc820 1431->1443 1444 14007ad51-14007ad65 1431->1444 1440->1411 1440->1441 1441->1366 1443->1366 1449 14007ad67-14007ad7a 1444->1449 1450 14007ad80 call 1400adf60 1444->1450 1445->1366 1452 14007ac82 call 1400adf60 1446->1452 1453 14007ac69-14007ac7c 1446->1453 1449->1374 1449->1450 1450->1443 1452->1445 1453->1374 1453->1452
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: File$PointerReadSize
                                            • String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                            • API String ID: 404940565-15404121
                                            • Opcode ID: 60ae549cd09654dd77f6d63a7e445a6d39d7dc781ab6ffb3b1b573d33629ef86
                                            • Instruction ID: 6e7277c2f2bf3e65c043dad3a6f9a30a4daf752c77f676818b4faf36ced6b71b
                                            • Opcode Fuzzy Hash: 60ae549cd09654dd77f6d63a7e445a6d39d7dc781ab6ffb3b1b573d33629ef86
                                            • Instruction Fuzzy Hash: AC32F832610BC489EB21CF29D8907DD37A1F789788F448226EB9D57BA9EF78C644C740
                                            Function 000000014009EFBC Relevance: 10.8, APIs: 7, Instructions: 286COMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1467 14009efbc-14009efdd 1468 14009efdf-14009eff2 call 140095dfc call 140095e1c 1467->1468 1469 14009eff7-14009eff9 1467->1469 1486 14009f3f3 1468->1486 1471 14009f3db-14009f3e8 call 140095dfc call 140095e1c 1469->1471 1472 14009efff-14009f006 1469->1472 1491 14009f3ee call 140091958 1471->1491 1472->1471 1475 14009f00c-14009f040 1472->1475 1475->1471 1478 14009f046-14009f04d 1475->1478 1481 14009f04f-14009f062 call 140095dfc call 140095e1c 1478->1481 1482 14009f067-14009f06a 1478->1482 1481->1491 1483 14009f070-14009f072 1482->1483 1484 14009f3d7-14009f3d9 1482->1484 1483->1484 1490 14009f078-14009f07b 1483->1490 1489 14009f3f6-14009f405 1484->1489 1486->1489 1490->1481 1493 14009f07d-14009f0a1 1490->1493 1491->1486 1496 14009f0a3-14009f0a6 1493->1496 1497 14009f0d6-14009f0de 1493->1497 1500 14009f0ce-14009f0d4 1496->1500 1501 14009f0a8-14009f0b0 1496->1501 1498 14009f0e0-14009f10a call 14009f8ac call 14009cf0c * 2 1497->1498 1499 14009f0b2-14009f0c9 call 140095dfc call 140095e1c call 140091958 1497->1499 1530 14009f10c-14009f122 call 140095e1c call 140095dfc 1498->1530 1531 14009f127-14009f151 call 14009f680 1498->1531 1528 14009f265 1499->1528 1502 14009f155-14009f166 1500->1502 1501->1499 1501->1500 1505 14009f16c-14009f174 1502->1505 1506 14009f1ed-14009f1f7 call 1400a8e00 1502->1506 1505->1506 1509 14009f176-14009f178 1505->1509 1519 14009f1fd-14009f213 1506->1519 1520 14009f283 1506->1520 1509->1506 1513 14009f17a-14009f198 1509->1513 1513->1506 1517 14009f19a-14009f1a6 1513->1517 1517->1506 1522 14009f1a8-14009f1aa 1517->1522 1519->1520 1525 14009f215-14009f227 GetConsoleMode 1519->1525 1524 14009f288-14009f2a1 call 1400d7190 1520->1524 1522->1506 1529 14009f1ac-14009f1c4 1522->1529 1537 14009f2a7-14009f2a9 1524->1537 1525->1520 1527 14009f229-14009f231 1525->1527 1527->1524 1533 14009f233-14009f256 ReadConsoleW 1527->1533 1534 14009f268-14009f272 call 14009cf0c 1528->1534 1529->1506 1535 14009f1c6-14009f1d2 1529->1535 1530->1528 1531->1502 1540 14009f258 call 1400d7168 1533->1540 1541 14009f277-14009f281 1533->1541 1534->1489 1535->1506 1543 14009f1d4-14009f1d6 1535->1543 1545 14009f2af-14009f2b7 1537->1545 1546 14009f3a1-14009f3aa call 1400d7168 1537->1546 1555 14009f25e-14009f260 call 140095d90 1540->1555 1552 14009f2c4-14009f2db 1541->1552 1543->1506 1551 14009f1d8-14009f1e8 1543->1551 1545->1546 1547 14009f2bd 1545->1547 1561 14009f3ac-14009f3c2 call 140095e1c call 140095dfc 1546->1561 1562 14009f3c7-14009f3ca 1546->1562 1547->1552 1551->1506 1552->1534 1554 14009f2dd-14009f2e8 1552->1554 1558 14009f2ea-14009f303 call 14009ebcc 1554->1558 1559 14009f30f-14009f317 1554->1559 1555->1528 1569 14009f308-14009f30a 1558->1569 1564 14009f319-14009f32b 1559->1564 1565 14009f38f-14009f39c call 14009e9f4 1559->1565 1561->1528 1562->1555 1567 14009f3d0-14009f3d2 1562->1567 1570 14009f32d 1564->1570 1571 14009f382-14009f38a 1564->1571 1565->1569 1567->1534 1569->1534 1574 14009f333-14009f33a 1570->1574 1571->1534 1576 14009f33c-14009f340 1574->1576 1577 14009f377-14009f37c 1574->1577 1579 14009f35d 1576->1579 1580 14009f342-14009f349 1576->1580 1577->1571 1582 14009f363-14009f373 1579->1582 1580->1579 1581 14009f34b-14009f34f 1580->1581 1581->1579 1584 14009f351-14009f35b 1581->1584 1582->1574 1583 14009f375 1582->1583 1583->1571 1584->1582
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3215553584-0
                                            • Opcode ID: 427383641610129416f573c26b965a5f8a43f8b4abaa2b5a5e0b46760301a0eb
                                            • Instruction ID: 28e3d62006f04d764d18e357617f00b682677e3e14f1594278f1befba5bee7e6
                                            • Opcode Fuzzy Hash: 427383641610129416f573c26b965a5f8a43f8b4abaa2b5a5e0b46760301a0eb
                                            • Instruction Fuzzy Hash: 45C1BE3221868596EB63AB2784443FE7BA0F789BC4F454205FB4A077F6DB79C964D700
                                            Function 00000001400A2578 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                            • API String ID: 3458911817-239921721
                                            • Opcode ID: 0ae11ad46cd81f6c93aaa0b28e02eb80d6f50b1472f3390bab8a3a525c7da756
                                            • Instruction ID: e537b2c3748d4322202140d7b937f7a2868f3844b4be761c317a2bdade9b3c28
                                            • Opcode Fuzzy Hash: 0ae11ad46cd81f6c93aaa0b28e02eb80d6f50b1472f3390bab8a3a525c7da756
                                            • Instruction Fuzzy Hash: E8516D3671064086F722EF27E9917DA7761F79CBC4F444226BB4947AB6EB38C581CB40
                                            Function 0000000140037350 Relevance: 9.5, APIs: 2, Strings: 3, Instructions: 716fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1662 140037350-14003741f call 1400b08f0 call 140037170 call 140044f20 1669 140037424-14003746f FindFirstFileW call 140041c10 * 2 1662->1669 1670 140037421 1662->1670 1675 140037c66-140037c71 1669->1675 1676 140037475 1669->1676 1670->1669 1677 140037c73 1675->1677 1678 140037c7c 1675->1678 1679 140037480-140037494 1676->1679 1677->1678 1680 140037c39-140037c65 call 1400adf40 1678->1680 1681 1400374b8-1400374c3 1679->1681 1682 140037496-140037499 1679->1682 1683 140037c04-140037c1c FindNextFileW 1681->1683 1684 1400374c9-1400374ea 1681->1684 1682->1683 1685 14003749f-1400374a2 1682->1685 1683->1679 1688 140037c22-140037c2d 1683->1688 1687 1400374f0-1400374f9 1684->1687 1685->1681 1689 1400374a4-1400374a7 1685->1689 1687->1687 1691 1400374fb-1400375a9 call 140036ef0 call 14002f840 call 14002f910 call 140041c10 call 14002f500 1687->1691 1688->1680 1692 140037c2f-140037c38 1688->1692 1689->1681 1693 1400374a9-1400374b2 1689->1693 1705 1400375b0-1400375b3 1691->1705 1692->1680 1693->1681 1693->1683 1706 140037654-140037660 1705->1706 1707 1400375b9-1400375cb call 140044de0 1705->1707 1708 140037662-140037684 1706->1708 1709 1400376ac-1400376fb call 14002f540 call 14002f500 1706->1709 1715 140037646-14003764f 1707->1715 1716 1400375cd-1400375d9 1707->1716 1712 1400376a7 call 1400adf60 1708->1712 1713 140037686-1400376a1 1708->1713 1729 140037747-14003776f 1709->1729 1730 1400376fd-14003771f 1709->1730 1712->1709 1713->1712 1717 140037c83-140037c88 call 140091978 1713->1717 1715->1705 1721 140037625-140037641 1716->1721 1722 1400375db-1400375fd 1716->1722 1734 140037c89-140037c8e call 140091978 1717->1734 1727 14003780b-14003781d call 14002f910 1721->1727 1725 140037620 call 1400adf60 1722->1725 1726 1400375ff-14003761a 1722->1726 1725->1721 1726->1725 1732 140037c7e call 140091978 1726->1732 1727->1683 1739 140037776-140037779 1729->1739 1735 140037742 call 1400adf60 1730->1735 1736 140037721-14003773c 1730->1736 1732->1717 1748 140037c8f call 140091978 1734->1748 1735->1729 1736->1734 1736->1735 1742 140037830-14003783c 1739->1742 1743 14003777f-140037791 call 140044de0 1739->1743 1745 140037888-1400378ac 1742->1745 1746 14003783e-140037860 1742->1746 1758 140037822-14003782b 1743->1758 1759 140037797-1400377a3 1743->1759 1752 1400378ce-1400378de call 14007b5c0 1745->1752 1753 1400378ae-1400378b1 1745->1753 1749 140037883 call 1400adf60 1746->1749 1750 140037862-14003787d 1746->1750 1756 140037c94-140037c99 call 140091978 1748->1756 1749->1745 1750->1749 1750->1756 1767 1400378f7-1400378fa 1752->1767 1768 1400378e0-1400378f2 call 14002f910 1752->1768 1753->1752 1760 1400378b3-1400378bf call 140037350 1753->1760 1772 140037c9a-140037cc6 call 14002ef40 1756->1772 1758->1739 1762 1400377a5-1400377c7 1759->1762 1763 1400377ef-140037803 1759->1763 1771 1400378c4-1400378c9 1760->1771 1769 1400377ea call 1400adf60 1762->1769 1770 1400377c9-1400377e4 1762->1770 1763->1727 1774 140037bca-140037bcf 1767->1774 1775 140037900-14003790f call 140036a00 1767->1775 1768->1683 1769->1763 1770->1748 1770->1769 1777 140037bf7-140037bff call 14002f910 1771->1777 1786 140037cc8-140037cd6 1772->1786 1787 140037cf5-140037d11 1772->1787 1774->1777 1775->1774 1785 140037915-140037925 call 14007b1f0 1775->1785 1777->1683 1793 14003792a-140037933 1785->1793 1789 140037cd8-140037ceb 1786->1789 1790 140037cf0 call 1400adf60 1786->1790 1791 140037d13-140037d20 1787->1791 1792 140037d3f-140037d57 1787->1792 1794 140037d58-140037d5d call 140091978 1789->1794 1795 140037ced 1789->1795 1790->1787 1797 140037d22-140037d35 1791->1797 1798 140037d3a call 1400adf60 1791->1798 1799 140037bbc-140037bc9 call 140033110 1793->1799 1800 140037939-14003799b call 140042bf0 call 14002f3d0 1793->1800 1804 140037d5e-140037dbf call 140091978 1794->1804 1795->1790 1803 140037d37 1797->1803 1797->1804 1798->1792 1799->1774 1815 1400379a0-140037a94 call 1400443f0 call 1400446c0 call 140032280 call 140040f20 call 140043140 call 140041e50 * 2 1800->1815 1816 14003799d 1800->1816 1803->1798 1817 140037dc5-140037dcc 1804->1817 1818 140038009-140038035 call 1400adf40 1804->1818 1815->1772 1861 140037a9a-140037bbb call 140054650 call 140032280 call 140040f20 call 140043140 call 140041f40 call 140040f20 call 140040e40 call 140043140 1815->1861 1816->1815 1821 140037dd0-140037de6 1817->1821 1824 140037de8 1821->1824 1825 140037deb-140037e42 call 14004e1f0 call 140037170 call 14002f180 1821->1825 1824->1825 1838 140037e44-140037e5b 1825->1838 1839 140037e7b-140037ec2 call 1400308d0 1825->1839 1841 140037e76 call 1400adf60 1838->1841 1842 140037e5d-140037e70 1838->1842 1849 140037ed4-140037ed8 1839->1849 1850 140037ec4-140037ed2 1839->1850 1841->1839 1842->1841 1845 140038051-140038056 call 140091978 1842->1845 1853 140037ede-140037ee0 1849->1853 1854 14003803c-140038050 call 140030100 1849->1854 1850->1853 1859 140037fa8-140037fb7 1853->1859 1860 140037ee6-140037ef8 call 14007b1f0 1853->1860 1854->1845 1864 140037feb-140038003 1859->1864 1865 140037fb9-140037fcf 1859->1865 1873 140037f9f-140037fa3 call 140033110 1860->1873 1874 140037efe-140037f9e call 140054650 call 140041f40 call 140040f20 call 140041f40 call 140040f20 call 140043140 1860->1874 1861->1799 1864->1818 1864->1821 1866 140037fd1-140037fe4 1865->1866 1867 140037fe6 call 1400adf60 1865->1867 1866->1867 1870 140038036-14003803b call 140091978 1866->1870 1867->1864 1870->1854 1873->1859 1874->1873
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: FileFind$FirstNext
                                            • String ID: content$exists$filename
                                            • API String ID: 1690352074-1949714836
                                            • Opcode ID: 842a16ec2cc265db877fe287da46744b050d55632ce7bc0ab0c3224e999598cb
                                            • Instruction ID: c5a4031df7cb2cac97028a6fb0f62d4e23affc364100a5da7bf483d348cfcbcb
                                            • Opcode Fuzzy Hash: 842a16ec2cc265db877fe287da46744b050d55632ce7bc0ab0c3224e999598cb
                                            • Instruction Fuzzy Hash: EE623D72218BC495EB22DB26E4843DEB361F7897D4F405226EB9D47AB9DF78C584CB00
                                            Function 0000000140098E40 Relevance: 9.2, APIs: 6, Instructions: 224COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1904 140098e40-140098e54 1905 140098e71-140098e88 1904->1905 1906 140098e56-140098e62 call 140095e1c call 140091958 1904->1906 1905->1906 1907 140098e8a-140098e8e 1905->1907 1915 140098e67 1906->1915 1909 140098e9e-140098eab 1907->1909 1910 140098e90-140098e9c call 140095e1c 1907->1910 1909->1910 1914 140098ead call 1400a2890 1909->1914 1910->1915 1919 140098eb2-140098ec9 call 1400a19ac 1914->1919 1918 140098e69-140098e70 1915->1918 1922 140098ecf-140098eda call 1400a19dc 1919->1922 1923 140099125-14009913b call 1400919a8 1919->1923 1922->1923 1928 140098ee0-140098eeb call 1400a1a0c 1922->1928 1928->1923 1931 140098ef1-140098f08 1928->1931 1932 140098f6a-140098f77 call 1400a1d24 1931->1932 1933 140098f0a-140098f23 call 1400a1d24 1931->1933 1932->1918 1938 140098f7d-140098f83 1932->1938 1933->1918 1939 140098f29-140098f2c 1933->1939 1940 140098fa2 1938->1940 1941 140098f85-140098f8f call 1400a28d0 1938->1941 1942 14009911e-140099120 1939->1942 1943 140098f32-140098f3c call 1400a28d0 1939->1943 1945 140098fa6-140098fd3 1940->1945 1941->1940 1951 140098f91-140098fa0 1941->1951 1942->1918 1943->1942 1954 140098f42-140098f58 call 1400a1d24 1943->1954 1948 140098fde-14009901f 1945->1948 1949 140098fd5-140098fdc 1945->1949 1952 14009902b-140099076 1948->1952 1953 140099021-140099028 1948->1953 1949->1948 1951->1945 1956 140099082-14009909c 1952->1956 1957 140099078-14009907f 1952->1957 1953->1952 1954->1918 1962 140098f5e-140098f65 1954->1962 1958 1400990c9 1956->1958 1959 14009909e-1400990c7 1956->1959 1957->1956 1958->1942 1961 1400990cb-1400990fe 1958->1961 1959->1942 1963 14009911b 1961->1963 1964 140099100-140099119 1961->1964 1962->1942 1963->1942 1964->1942
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 1405656091-0
                                            • Opcode ID: c344a62bfee50d7b7fbbc143855967662656a4f3c5d66f4e064aeb2ebf8cc7c4
                                            • Instruction ID: 6851f70fb8c59bf304261e9a75d5106a6c2d977e829eda7b7fe21ff05f12678d
                                            • Opcode Fuzzy Hash: c344a62bfee50d7b7fbbc143855967662656a4f3c5d66f4e064aeb2ebf8cc7c4
                                            • Instruction Fuzzy Hash: 8F81C7B27003458BEB699F6AC9513EC27A5E758BC8F449125FF098B7A9EB38D541CB00
                                            Function 000000014008AAE0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 408COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1965 14008aae0-14008ab21 1966 14008adfd-14008ae37 call 14008e420 call 14008b370 1965->1966 1967 14008ab27-14008ab51 call 1400b08f0 1965->1967 1976 14008ae3c-14008ae42 1966->1976 1972 14008ab60-14008ab99 call 140066e20 call 14008d580 call 14008b370 1967->1972 1973 14008ab53-14008ab5c 1967->1973 2005 14008ab9f-14008ac24 call 140032280 call 140066f80 call 14006a660 call 140067500 1972->2005 2006 14008ad40-14008ad47 1972->2006 1973->1972 1979 14008afdf-14008afe3 1976->1979 1980 14008ae48-14008aec3 call 140032280 call 140066f80 call 14006a660 call 140067500 1976->1980 1982 14008afe9-14008b046 call 1400429a0 call 140043140 1979->1982 1983 14008b0ac-14008b0b3 1979->1983 2029 14008aec9-14008aed1 1980->2029 2030 14008b11e-14008b13a call 140065ff0 call 1400b1108 1980->2030 1985 14008b085-14008b0ab call 1400adf40 1982->1985 2013 14008b048-14008b05d 1982->2013 1983->1985 1986 14008b0b5-14008b0ca 1983->1986 1991 14008b0cc-14008b0df 1986->1991 1992 14008b074-14008b080 call 1400adf60 1986->1992 1998 14008b0e9-14008b0ee call 140091978 1991->1998 1999 14008b0e1 1991->1999 1992->1985 2015 14008b0ef-14008b10b call 140065ff0 call 1400b1108 1998->2015 1999->1992 2005->2015 2059 14008ac2a-14008ac32 2005->2059 2010 14008ad49-14008ad8f call 1400429a0 2006->2010 2011 14008ad91-14008ad94 2006->2011 2032 14008addc-14008adeb call 140043140 2010->2032 2018 14008adec-14008adf8 call 140066c40 2011->2018 2019 14008ad96-14008add7 call 1400429a0 2011->2019 2013->1992 2021 14008b05f-14008b072 2013->2021 2050 14008b10c-14008b111 call 140091978 2015->2050 2018->1985 2019->2032 2021->1992 2021->1998 2038 14008aed3-14008aee4 2029->2038 2039 14008af04-14008af49 call 1400aff18 * 2 2029->2039 2051 14008b13b-14008b140 call 140091978 2030->2051 2032->2018 2045 14008aeff call 1400adf60 2038->2045 2046 14008aee6-14008aef9 2038->2046 2067 14008af4b-14008af5d 2039->2067 2068 14008af7d-14008af98 2039->2068 2045->2039 2046->2045 2046->2051 2066 14008b112-14008b117 call 140091978 2050->2066 2065 14008b141-14008b146 call 140091978 2051->2065 2063 14008ac34-14008ac46 2059->2063 2064 14008ac66-14008acac call 1400aff18 * 2 2059->2064 2071 14008ac61 call 1400adf60 2063->2071 2072 14008ac48-14008ac5b 2063->2072 2094 14008acae-14008acbf 2064->2094 2095 14008acdf-14008acf9 2064->2095 2087 14008b118-14008b11d call 140091978 2066->2087 2076 14008af5f-14008af72 2067->2076 2077 14008af78 call 1400adf60 2067->2077 2069 14008af9a-14008afac 2068->2069 2070 14008afcc-14008afda 2068->2070 2079 14008afae-14008afc1 2069->2079 2080 14008afc7 call 1400adf60 2069->2080 2070->1979 2071->2064 2072->2050 2072->2071 2076->2065 2076->2077 2077->2068 2079->2080 2085 14008b0e3-14008b0e8 call 140091978 2079->2085 2080->2070 2085->1998 2087->2030 2098 14008acda call 1400adf60 2094->2098 2099 14008acc1-14008acd4 2094->2099 2096 14008acfb-14008ad0d 2095->2096 2097 14008ad2d-14008ad3b 2095->2097 2101 14008ad0f-14008ad22 2096->2101 2102 14008ad28 call 1400adf60 2096->2102 2097->2006 2098->2095 2099->2066 2099->2098 2101->2087 2101->2102 2102->2097
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: __std_exception_destroy
                                            • String ID: value
                                            • API String ID: 2453523683-494360628
                                            • Opcode ID: 4180194a8f72ce03a4426ffaf4264c672f8da8c9f32f2015f9558bc1c3083e86
                                            • Instruction ID: 2621742d02532884c3c62fb704f9cbaf3c811e7d5093b1875ff6d8ddd0068dcc
                                            • Opcode Fuzzy Hash: 4180194a8f72ce03a4426ffaf4264c672f8da8c9f32f2015f9558bc1c3083e86
                                            • Instruction Fuzzy Hash: 10026B73624BC085EB028B7AD4403DE6761F79A7E4F505212FBAE47AEADB78C185C740
                                            Function 000000014003E9C0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 324processCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                            • String ID: [PID:
                                            • API String ID: 420147892-2210602247
                                            • Opcode ID: e8760c4122b5e206d13a60dd8bb374aff66f33b366b5263b0fe5acfbe14def08
                                            • Instruction ID: d5bd4b332294735c4a4318e86d028a2b98b82f15b1953de4464851af110fdf6b
                                            • Opcode Fuzzy Hash: e8760c4122b5e206d13a60dd8bb374aff66f33b366b5263b0fe5acfbe14def08
                                            • Instruction Fuzzy Hash: 0BE16C72214BC086EB26DF26E8903DE7765F7897A8F504215EB9D07AE9DF78C285C700
                                            Function 0000000140080480 Relevance: 6.4, APIs: 4, Instructions: 431networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: recv$Cleanupclosesocket
                                            • String ID:
                                            • API String ID: 146070474-0
                                            • Opcode ID: 9bf1adc63f5191077d9431a5a3bc39b484351e088680c12ae9aeaad8ae1ee760
                                            • Instruction ID: c201989313ac52d89c996de4872a965f228b5b157725633adba4060b4a065da8
                                            • Opcode Fuzzy Hash: 9bf1adc63f5191077d9431a5a3bc39b484351e088680c12ae9aeaad8ae1ee760
                                            • Instruction Fuzzy Hash: 89128073618BC481EB229B26E4543DAA761F79D7D0F504612EBAD43AFADF78C180CB10
                                            Function 00000001400878B0 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                            • String ID:
                                            • API String ID: 2349140579-0
                                            • Opcode ID: fbf7b0cc3bc22610d5552f091d41485e4fe28e08ce852d67ae269c7227012baa
                                            • Instruction ID: 0b6256a4ccffb7d8118ccf1aa076f4c82f8cc2a9e2f4d9c68c669bcde3123048
                                            • Opcode Fuzzy Hash: fbf7b0cc3bc22610d5552f091d41485e4fe28e08ce852d67ae269c7227012baa
                                            • Instruction Fuzzy Hash: 8A212A32218B8086E621CB12E44079AB7A4FB8DBD0F959126FBCE47B68DF78C5418B40
                                            Function 0000000140083040 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 171timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: InformationTimeZone
                                            • String ID: [UTC
                                            • API String ID: 565725191-1715286942
                                            • Opcode ID: cbcfeccc56f0404e1d7aa4c25a4bf5f24f5c1e198b83cc6711815d20937e9379
                                            • Instruction ID: 108d166495ca799403ef54c779e24d2b383bbe75e95818d2f86b3665d95b3fdd
                                            • Opcode Fuzzy Hash: cbcfeccc56f0404e1d7aa4c25a4bf5f24f5c1e198b83cc6711815d20937e9379
                                            • Instruction Fuzzy Hash: 0291E532629FC48AD7918F29E88179EB3B4F399784F106219FE9D57B19EB34C254C740
                                            Function 0000000140073B40 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: CryptDataFreeLocalUnprotect
                                            • String ID:
                                            • API String ID: 1561624719-0
                                            • Opcode ID: 1f152763ec19e619bfc368bf77117f477a0b79e9407e037414c49aea0ab6e5f4
                                            • Instruction ID: 1bf4ef7dcfcad00e6f050f5eeeed7628fd77ba7299689734fd65fb5fb8b7e31d
                                            • Opcode Fuzzy Hash: 1f152763ec19e619bfc368bf77117f477a0b79e9407e037414c49aea0ab6e5f4
                                            • Instruction Fuzzy Hash: 61414232614B80CAF3218F75E4403ED37A4F75878CF444229EB8917E9ADB79C2A4C754
                                            Function 0000000140082D90 Relevance: 1.7, APIs: 1, Instructions: 160COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: DriveLogicalStrings
                                            • String ID:
                                            • API String ID: 2022863570-0
                                            • Opcode ID: af8766a1a653f9afb03a4df2a6fc78b3e1ba998be69a67b48ad1bfa209858650
                                            • Instruction ID: bd68a7ba88a643a028a711c26e8c652d744391138e2c00afbeb78304b4bb3afe
                                            • Opcode Fuzzy Hash: af8766a1a653f9afb03a4df2a6fc78b3e1ba998be69a67b48ad1bfa209858650
                                            • Instruction Fuzzy Hash: C1715C33A18B8082E711CF25E48039EB7B5F798798F105215FB9813ABADB78D2D1DB44
                                            Function 0000000140081B60 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: NameUser
                                            • String ID:
                                            • API String ID: 2645101109-0
                                            • Opcode ID: 974e4f322e43ef909849fbc456c3f4976db81938fc0d4d45dcd05a562f6cf0af
                                            • Instruction ID: 0a2244c00ca32d0d979f4fdf9b7fc3b15d2c1ab24080606c7e4cb6e306690b80
                                            • Opcode Fuzzy Hash: 974e4f322e43ef909849fbc456c3f4976db81938fc0d4d45dcd05a562f6cf0af
                                            • Instruction Fuzzy Hash: F201217261878186E761DF26E8413DAB3A4FB9C788F441226F78D47669DBBCC1948B40
                                            Function 000000014007A4D0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 192windowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 134 14007a4d0-14007a50b call 14007a250 137 14007a50d-14007a51c EnterCriticalSection 134->137 138 14007a54c 134->138 139 14007a570-14007a58a LeaveCriticalSection GdipGetImageEncodersSize 137->139 140 14007a51e-14007a540 GdiplusStartup 137->140 141 14007a551-14007a56f call 1400adf40 138->141 139->138 144 14007a58c-14007a59f 139->144 140->139 142 14007a542-14007a546 LeaveCriticalSection 140->142 142->138 146 14007a5a1-14007a5aa call 140079fe0 144->146 147 14007a5db-14007a5e9 call 1400983ac 144->147 152 14007a5d8 146->152 153 14007a5ac-14007a5b6 146->153 154 14007a5f0-14007a5fa 147->154 155 14007a5eb-14007a5ee 147->155 152->147 156 14007a5b8 153->156 157 14007a5c2-14007a5d6 call 1400aef30 153->157 158 14007a5fe-14007a601 154->158 155->158 156->157 157->158 160 14007a603-14007a608 158->160 161 14007a60d-14007a61e GdipGetImageEncoders 158->161 163 14007a778-14007a77b 160->163 164 14007a624-14007a62d 161->164 165 14007a763-14007a768 161->165 168 14007a794-14007a796 163->168 169 14007a77d 163->169 166 14007a65f 164->166 167 14007a62f-14007a63d 164->167 165->163 172 14007a666-14007a676 166->172 170 14007a640-14007a64b 167->170 168->141 171 14007a780-14007a792 call 140090d60 169->171 173 14007a658-14007a65d 170->173 174 14007a64d-14007a652 170->174 171->168 176 14007a678-14007a683 172->176 177 14007a689-14007a6a5 172->177 173->166 173->170 174->173 178 14007a707-14007a70b 174->178 176->165 176->177 180 14007a6a7-14007a700 GdipCreateBitmapFromScan0 GdipSaveImageToStream 177->180 181 14007a712-14007a751 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 177->181 178->172 182 14007a702-14007a705 180->182 183 14007a710 180->183 184 14007a753 181->184 185 14007a76a-14007a777 GdipDisposeImage 181->185 186 14007a756-14007a75d GdipDisposeImage 182->186 183->185 184->186 185->163 186->165
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
                                            • String ID: &
                                            • API String ID: 1703174404-3042966939
                                            • Opcode ID: 8835fc14b8c0fd5262807f6dd3a58a869a1510dc22799758eb5ac62de40f1462
                                            • Instruction ID: 38c664c037f79f00e76d2e271b55282c61ee8f4cc1c68833e08fad2d1326c5a7
                                            • Opcode Fuzzy Hash: 8835fc14b8c0fd5262807f6dd3a58a869a1510dc22799758eb5ac62de40f1462
                                            • Instruction Fuzzy Hash: BF915E36200B859AEB26CF22E840BD937A4F79DBD8F558215FB0947BA4EB3CC595C340
                                            Function 000000014007B650 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 286networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 845 14007b650-14007b776 call 1400812f0 call 140054650 call 140032280 call 140040f20 call 140032280 call 140040f20 call 140043140 WSAStartup 860 14007b8ef 845->860 861 14007b77c-14007b79c socket 845->861 862 14007b8f1-14007b8f9 860->862 863 14007b7a2-14007b7cf htons 861->863 864 14007b8e9 WSACleanup 861->864 865 14007b92c-14007b96c call 1400adf40 862->865 866 14007b8fb-14007b90c 862->866 867 14007b7d5-14007b7dd 863->867 868 14007b990-14007b9c4 call 14007a7a0 call 140041c80 863->868 864->860 870 14007b927 call 1400adf60 866->870 871 14007b90e-14007b921 866->871 873 14007b7e8-14007b7f6 867->873 874 14007b7df-14007b7e6 867->874 893 14007b9c6-14007b9dc 868->893 894 14007b9fc-14007ba19 call 14007a7a0 868->894 870->865 871->870 876 14007ba99-14007ba9e call 140091978 871->876 879 14007b7f8 873->879 880 14007b7fb-14007b7fe 873->880 874->879 895 14007ba9f-14007baa4 call 140091978 876->895 879->880 883 14007b814-14007b81c 880->883 884 14007b800-14007b80a call 140098980 880->884 885 14007b826-14007b82c 883->885 886 14007b81e-14007b824 883->886 884->883 896 14007b80c-14007b812 884->896 891 14007b82e-14007b845 885->891 892 14007b847-14007b865 885->892 886->891 897 14007b867 891->897 892->897 898 14007b86a-14007b897 call 1400b0240 call 14008cbd0 892->898 899 14007b9f7 call 1400adf60 893->899 900 14007b9de-14007b9f1 893->900 905 14007ba1e-14007ba46 call 140041c80 894->905 896->883 896->884 897->898 916 14007b89c-14007b8c9 inet_pton connect 898->916 917 14007b899 898->917 899->894 900->895 900->899 912 14007ba48-14007ba5e 905->912 913 14007ba7a-14007ba8e 905->913 914 14007ba75 call 1400adf60 912->914 915 14007ba60-14007ba73 912->915 913->862 914->913 915->914 918 14007ba93-14007ba98 call 140091978 915->918 920 14007b8cf-14007b8d6 916->920 921 14007b96d-14007b977 916->921 917->916 918->876 920->867 922 14007b8dc-14007b8e3 closesocket 920->922 921->868 924 14007b979-14007b982 921->924 922->864 926 14007b987-14007b98f call 1400436e0 924->926 927 14007b984 924->927 926->868 927->926
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                            • String ID: geo$system
                                            • API String ID: 213021568-2364779556
                                            • Opcode ID: da89b18c45df3b7cb4ffe36055a4c0a58308284c6d25d434c3def7dd7b007e54
                                            • Instruction ID: 662e9e5062e619ee5eaf2d028ce49d3b070395de269e488d2a712fe453693d6c
                                            • Opcode Fuzzy Hash: da89b18c45df3b7cb4ffe36055a4c0a58308284c6d25d434c3def7dd7b007e54
                                            • Instruction Fuzzy Hash: 90C1AB72714A8485FB129F66D4443DC7376E74CBD4F405626EB6A27AFAEE38C546C300
                                            Function 00000001400C36A8 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1285 1400c36a8-1400c371b call 1400c3288 1288 1400c371d-1400c3726 call 140095dfc 1285->1288 1289 1400c3735-1400c373f call 1400a4ac8 1285->1289 1294 1400c3729-1400c3730 call 140095e1c 1288->1294 1295 1400c375a-1400c37c3 CreateFileW 1289->1295 1296 1400c3741-1400c3758 call 140095dfc call 140095e1c 1289->1296 1312 1400c3a77-1400c3a97 1294->1312 1297 1400c3840-1400c384b GetFileType 1295->1297 1298 1400c37c5-1400c37cb 1295->1298 1296->1294 1305 1400c384d-1400c3888 call 1400d7168 call 140095d90 call 1400d7140 1297->1305 1306 1400c389e-1400c38a5 1297->1306 1302 1400c380d-1400c383b call 1400d7168 call 140095d90 1298->1302 1303 1400c37cd-1400c37d1 1298->1303 1302->1294 1303->1302 1308 1400c37d3-1400c380b CreateFileW 1303->1308 1305->1294 1332 1400c388e-1400c3899 call 140095e1c 1305->1332 1310 1400c38ad-1400c38b0 1306->1310 1311 1400c38a7-1400c38ab 1306->1311 1308->1297 1308->1302 1316 1400c38b6-1400c390b call 1400a49e0 1310->1316 1317 1400c38b2 1310->1317 1311->1316 1326 1400c390d-1400c3919 call 1400c3494 1316->1326 1327 1400c392a-1400c395b call 1400c3010 1316->1327 1317->1316 1326->1327 1334 1400c391b 1326->1334 1336 1400c395d-1400c395f 1327->1336 1337 1400c3961-1400c39a4 1327->1337 1332->1294 1338 1400c391d-1400c3925 call 14009d084 1334->1338 1336->1338 1340 1400c39c6-1400c39d1 1337->1340 1341 1400c39a6-1400c39aa 1337->1341 1338->1312 1344 1400c3a75 1340->1344 1345 1400c39d7-1400c39db 1340->1345 1341->1340 1343 1400c39ac-1400c39c1 1341->1343 1343->1340 1344->1312 1345->1344 1347 1400c39e1-1400c3a26 call 1400d7140 CreateFileW 1345->1347 1350 1400c3a5b-1400c3a70 1347->1350 1351 1400c3a28-1400c3a56 call 1400d7168 call 140095d90 call 1400a4c08 1347->1351 1350->1344 1351->1350
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                            • String ID:
                                            • API String ID: 1330151763-0
                                            • Opcode ID: 490799599c57ad564ab0fcf16f8555b356a9328dbb73e8c96f5ba99975714cec
                                            • Instruction ID: 7925b1bc4626db2df41809a69d40e7813c49447d39d3539b5f5eb353443ccaf8
                                            • Opcode Fuzzy Hash: 490799599c57ad564ab0fcf16f8555b356a9328dbb73e8c96f5ba99975714cec
                                            • Instruction Fuzzy Hash: 6BC1AC36728B4086EB25CFAAD4907ED3B61E34DBE8F015309EB6A977A4DB35C556C300
                                            Function 000000014007A330 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
                                            • String ID:
                                            • API String ID: 4268643673-0
                                            • Opcode ID: 9312ee92e43017e15c80159da1815fefed654e82bb603727025027d9faa898aa
                                            • Instruction ID: 6e800591289b1b958dbc267e63b95a5c78e17ec1863c6d83043539bfc95367e5
                                            • Opcode Fuzzy Hash: 9312ee92e43017e15c80159da1815fefed654e82bb603727025027d9faa898aa
                                            • Instruction Fuzzy Hash: F511E632111B9081EB129F26E84439D7364FB88FA8F688215FB6D476B4EF39C997C350
                                            Function 000000014008080E Relevance: 4.7, APIs: 3, Instructions: 186networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Cleanupclosesocketrecv
                                            • String ID:
                                            • API String ID: 3447645871-0
                                            • Opcode ID: 2e5fa39f8d788ae15f55805ae352d6bf687d26d5b6e855cda861c4eabf628b45
                                            • Instruction ID: f1ad65e566db8d56104e5002ef3795829c0597c371e9b30b1d3988138c39b960
                                            • Opcode Fuzzy Hash: 2e5fa39f8d788ae15f55805ae352d6bf687d26d5b6e855cda861c4eabf628b45
                                            • Instruction Fuzzy Hash: 81915073614BC481EA268B2AE4453DEA721F79DBE4F505311EBAD07AEADF78C181C710
                                            Function 00000001400903B4 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo$_local_unwind
                                            • String ID:
                                            • API String ID: 1677304287-0
                                            • Opcode ID: 2d0cb57732f71c7861a18988631ea2dcdbba9467b0616a14b128760128b0135d
                                            • Instruction ID: c9135e651182ec7ef32d28b115c1b320e5b2e09d5bd9a6f31a5e72c3a114a952
                                            • Opcode Fuzzy Hash: 2d0cb57732f71c7861a18988631ea2dcdbba9467b0616a14b128760128b0135d
                                            • Instruction Fuzzy Hash: 9C219C72620A448AEA56EB16E8913ED3365F79DBD4F944211FB4A473F2DB39C654C300
                                            Function 00000001400812F0 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Info$User
                                            • String ID:
                                            • API String ID: 2017065092-0
                                            • Opcode ID: f0b6ba3127188870d9ca77e4cdfddb0e206f65f9be5dd170d7b6ddfbdcbbc9f0
                                            • Instruction ID: 5f9ab726204127fcecfcc2675b989eceadf73ed3b1207f0f22be86ce81961314
                                            • Opcode Fuzzy Hash: f0b6ba3127188870d9ca77e4cdfddb0e206f65f9be5dd170d7b6ddfbdcbbc9f0
                                            • Instruction Fuzzy Hash: C1119D7362479086D7118F62F454B9EB3A1FB98BC8F045224EB8503B69EF7CD594CB84
                                            Function 000000014007B120 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ProcessToken$CurrentInformationOpen
                                            • String ID:
                                            • API String ID: 2743777493-0
                                            • Opcode ID: d270990935d05291609a27100eb666b5b0fbef0ab6ff9c34a914c4aa256aee9f
                                            • Instruction ID: 7d4d56d9fa040bcd168dd546eb2ab8de2c4673392563bf712e4f6970bc1867fe
                                            • Opcode Fuzzy Hash: d270990935d05291609a27100eb666b5b0fbef0ab6ff9c34a914c4aa256aee9f
                                            • Instruction Fuzzy Hash: 20110A72218B8186E7518F16F85078BB7B4FB88B84F849225FB8A47B68DF7CD455CB40
                                            Function 00000001400A43AC Relevance: 4.5, APIs: 3, Instructions: 15COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Process$CurrentExitTerminate
                                            • String ID:
                                            • API String ID: 1703294689-0
                                            • Opcode ID: 8eb0a8c4b131ff86e2201643d666c16c7870ab94c2bf69e596262afad84de1cc
                                            • Instruction ID: 2365d90791e986f2a727615bc03a77a4ae7a8324cf26ba53d7bce3ad59984ead
                                            • Opcode Fuzzy Hash: 8eb0a8c4b131ff86e2201643d666c16c7870ab94c2bf69e596262afad84de1cc
                                            • Instruction Fuzzy Hash: DED09E3D31171482EB5A7B7668D57DD12615F9C7C5F401A38BB0747BB3EE39848E4610
                                            Function 0000000140047940 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 111COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Concurrency::cancel_current_task
                                            • String ID: cannot use operator[] with a numeric argument with
                                            • API String ID: 118556049-485864652
                                            • Opcode ID: 9a2ec3b0cc3da9766dac5e37370d2a63ca4c330877e530557692c63393320a9d
                                            • Instruction ID: f5bad0dc291c2e2ed61cf1a991e4da9de59e05c1d597257095e3d27b27032456
                                            • Opcode Fuzzy Hash: 9a2ec3b0cc3da9766dac5e37370d2a63ca4c330877e530557692c63393320a9d
                                            • Instruction Fuzzy Hash: 0631F27230578085EE16DB17A5087DCA356A748BE4F180B31AF7D0BBE6DA78C5A18308
                                            Function 0000000140078216 Relevance: 3.1, APIs: 2, Instructions: 132synchronizationCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: First$CloseCreateCredDriveEnumerateFileFindHandleLogicalMutexProcess32ReleaseSnapshotStringsToolhelp32
                                            • String ID:
                                            • API String ID: 1242419452-0
                                            • Opcode ID: 2a8e4913302f608f44babd115b0cf2680b0270ae9856bbe6e494cef3fa44f7e9
                                            • Instruction ID: 748de06db89f56bcdcb57a80fb8047b59612c0f970b08029c33e2f8c4310ae84
                                            • Opcode Fuzzy Hash: 2a8e4913302f608f44babd115b0cf2680b0270ae9856bbe6e494cef3fa44f7e9
                                            • Instruction Fuzzy Hash: 3F517C72654A8441FA22AB2BE0453DE6352AB8DBE0F545211FBAD17AFBDE7CC0818700
                                            Function 000000014007824A Relevance: 3.1, APIs: 2, Instructions: 121synchronizationCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: CloseDriveFileFindFirstHandleLogicalMutexReleaseStrings
                                            • String ID:
                                            • API String ID: 3179890297-0
                                            • Opcode ID: 7540eafd819b28442b57375ef9155a7cce12f6d8c2c082102260d290eff2ba41
                                            • Instruction ID: c0d2c7fed480eec1cfe9d79b94d055446cfe1a5d26624a7e6dbb8324abf26adc
                                            • Opcode Fuzzy Hash: 7540eafd819b28442b57375ef9155a7cce12f6d8c2c082102260d290eff2ba41
                                            • Instruction Fuzzy Hash: D6518C72654AC441FA329B2AE0453DE6352EB8DBE0F545312FFAD17AEADE7CC0818700
                                            Function 000000014007A7A0 Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: FolderFreeKnownPathTask
                                            • String ID:
                                            • API String ID: 969438705-0
                                            • Opcode ID: 37415099ad387ae43774670f15801e1a7372ea81981d43541a6168cbfb7c6b27
                                            • Instruction ID: b8e95fa56b30fdb0023a51b1be703f0894ae9977bd5e5f76aed81624ebd50f44
                                            • Opcode Fuzzy Hash: 37415099ad387ae43774670f15801e1a7372ea81981d43541a6168cbfb7c6b27
                                            • Instruction Fuzzy Hash: 93315372914B8481E7218F2AE48039AB761F7DDBE4F505315FBAD07AA9DF7CC1818B40
                                            Function 000000014009F530 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ErrorFileLastPointer
                                            • String ID:
                                            • API String ID: 2976181284-0
                                            • Opcode ID: aae81a2dd0585ac03914996930617a7374804057a0023572312201c9d4728205
                                            • Instruction ID: 72c744fa8e5dc1ff14c32ef57c9a2c0f625bdc24d4400b57af55c7e5e922e97a
                                            • Opcode Fuzzy Hash: aae81a2dd0585ac03914996930617a7374804057a0023572312201c9d4728205
                                            • Instruction Fuzzy Hash: 56119E72204B8081EA21DB2AA4443ADA761A789FF4FA54311FF7A4B7E9DE78C1518700
                                            Function 00000001400AE200 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                            • String ID:
                                            • API String ID: 1173176844-0
                                            • Opcode ID: cb30be615b2a740bb91050d633ba98dd94f54af7fee1c5634fd4bcc6230015a6
                                            • Instruction ID: fc8930262ab32eab3bd104a898b23aed0cd21ee4062b3fc4e665a17430962243
                                            • Opcode Fuzzy Hash: cb30be615b2a740bb91050d633ba98dd94f54af7fee1c5634fd4bcc6230015a6
                                            • Instruction Fuzzy Hash: DEE0E2A061124645FE2A26A3281A3E411480B2D7F0F281B20BB754B2E7A93889D28A10
                                            Function 000000014009CF0C Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 485612231-0
                                            • Opcode ID: 45209dc9db24084941d5b4e6ac6d9946b256a9172249de886d3448e3530a5b4a
                                            • Instruction ID: b590ebf0d0b224aabd4ccf73cdfdbaf80e0e20b688dd46ba616e7d568d858a8d
                                            • Opcode Fuzzy Hash: 45209dc9db24084941d5b4e6ac6d9946b256a9172249de886d3448e3530a5b4a
                                            • Instruction Fuzzy Hash: EEE0EC70B2160442FE1B67B758597AE02525F9C7C1F4440646B09872B2E93485954210
                                            Function 000000014008F370 Relevance: 1.7, APIs: 1, Instructions: 183COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Concurrency::cancel_current_task
                                            • String ID:
                                            • API String ID: 118556049-0
                                            • Opcode ID: f557cecd5e0577b148bb0491fa87b0300d06998ab9ba3dd4ae8ab662c60691aa
                                            • Instruction ID: d7debb1f34da7971ef8d2a0c2bbb4e1c522ce9d578eb9b013e2a5ce506d514c1
                                            • Opcode Fuzzy Hash: f557cecd5e0577b148bb0491fa87b0300d06998ab9ba3dd4ae8ab662c60691aa
                                            • Instruction Fuzzy Hash: 63616C33201A8485EA26DE6B90543BD7361F749FE4F959622EF6E4B7E1DF38C5819300
                                            Function 0000000140047AB0 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Concurrency::cancel_current_task
                                            • String ID:
                                            • API String ID: 118556049-0
                                            • Opcode ID: 476ce1fecc353de413fc8332848cc0940288fd447011ffcb3c5ee369f453a5ed
                                            • Instruction ID: c7d030a3ecbe7d3d3e0d1d88f105e82d357067209a2854074c08e7336d0d632d
                                            • Opcode Fuzzy Hash: 476ce1fecc353de413fc8332848cc0940288fd447011ffcb3c5ee369f453a5ed
                                            • Instruction Fuzzy Hash: 2541BD32304B8481EA26EF27A5447DAB365F748BE4F584A25EFAD077EADF38C4418344
                                            Function 0000000140030160 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: __std_fs_directory_iterator_open
                                            • String ID:
                                            • API String ID: 4007087469-0
                                            • Opcode ID: 0774b3d9213ff1652328d42d257ed2440927087ae2c5d6503d9ddf9be0d73473
                                            • Instruction ID: 49f32ad9aa8c52940ced2e7b0f0bfcfe32909ef633f5e2c6e1672cc1b2165abe
                                            • Opcode Fuzzy Hash: 0774b3d9213ff1652328d42d257ed2440927087ae2c5d6503d9ddf9be0d73473
                                            • Instruction Fuzzy Hash: 0541CD73601A4482EA239B1AE5583AB6361E78DBF4F544325FF69477E5EF38C5C18700
                                            Function 0000000140081CA0 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: InformationVolume__std_fs_get_current_path
                                            • String ID:
                                            • API String ID: 155845060-0
                                            • Opcode ID: d6d1497e9b231d35f782c5648b1e4ee71e09ed8b787a088405192df33d1219b7
                                            • Instruction ID: ef89591a8d52536fb15e5c5a6e6083a2c416713c222d085306f93125d8700a7a
                                            • Opcode Fuzzy Hash: d6d1497e9b231d35f782c5648b1e4ee71e09ed8b787a088405192df33d1219b7
                                            • Instruction Fuzzy Hash: 7A518A33A14B8089EB12CF69E8443DE7764F799788F504216EB8953AA9DF78C685CB40
                                            Function 000000014009D408 Relevance: 1.6, APIs: 1, Instructions: 105COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3215553584-0
                                            • Opcode ID: 071ebb08b0fc02b9d3ef8c25180f68ab3a457de1887feec64baca47ad46b2841
                                            • Instruction ID: 827b9f23f064e195f1fd80acc8c7da2f9e5b97116b6af4902af03383d44fa2e2
                                            • Opcode Fuzzy Hash: 071ebb08b0fc02b9d3ef8c25180f68ab3a457de1887feec64baca47ad46b2841
                                            • Instruction Fuzzy Hash: 2D41AE32250A4087EA369B1EE5413EA77A0E759BC8F550206FB9A877F1CB79D402CB51
                                            Function 0000000140047159 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 01cf2dcc710f72c2a1b72338f7bbd675db8e59d2117eb95be9309cd29dc07e6b
                                            • Instruction ID: 81e14a1b91022de0ee63eca7bada4234bd81b760ef366483a7f5e4603f685b7c
                                            • Opcode Fuzzy Hash: 01cf2dcc710f72c2a1b72338f7bbd675db8e59d2117eb95be9309cd29dc07e6b
                                            • Instruction Fuzzy Hash: 7D31A472305A4085FE26DB57A6047DDA362E74CBE0F594631FB6E0B7E9DA78C4918308
                                            Function 000000014009EEA0 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3215553584-0
                                            • Opcode ID: fb2abcc3e97f28c6e70c47a0fd1fa5229a04abe3fde6ae5ca4541a6dce7644a9
                                            • Instruction ID: 7ad071255414eab1b55e36e777b76eb34705a6988f923fab3ccff09a3d6beabb
                                            • Opcode Fuzzy Hash: fb2abcc3e97f28c6e70c47a0fd1fa5229a04abe3fde6ae5ca4541a6dce7644a9
                                            • Instruction Fuzzy Hash: 1D31823261468086F717AF57D8913EE3B61A79CBE5F550216FB29073F2CB78C8518711
                                            Function 00000001400A42DD Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: HandleModule$AddressFreeLibraryProc
                                            • String ID:
                                            • API String ID: 3947729631-0
                                            • Opcode ID: a6d988fad7f82c8ed6f6a36b49a2ab38b1c706cf5ea4fa191dba1a8892074849
                                            • Instruction ID: d5c9464d6b8d2a054bfb961884ae510d6a27d2236e52e3d99c9fbd0b5c1faed8
                                            • Opcode Fuzzy Hash: a6d988fad7f82c8ed6f6a36b49a2ab38b1c706cf5ea4fa191dba1a8892074849
                                            • Instruction Fuzzy Hash: AF218C36A007008EEF268F65C4403EC37A0E798798F08472AE76C47EE9DB74C685CB81
                                            Function 00000001400BE3F8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3215553584-0
                                            • Opcode ID: 77eb78eceebaf9aac1283afbdc11339d6bb147956a1b1fa3eec95f7ad3fa8818
                                            • Instruction ID: 846f15da9fc3c56ecc9e08d8bb7cb848960d564921cfaf608a2463cb41289ea9
                                            • Opcode Fuzzy Hash: 77eb78eceebaf9aac1283afbdc11339d6bb147956a1b1fa3eec95f7ad3fa8818
                                            • Instruction Fuzzy Hash: A9118432218AC081EA62AF9394003EDB6F4B79DFC0F484021FF895B7A6DB7DCA508700
                                            Function 00000001400C2F4C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3215553584-0
                                            • Opcode ID: a50a0b47cc8fb1f1aa58c7d522dfd3dac9cb2a3c51579a89a64ad1e107e1cc06
                                            • Instruction ID: ea5a2193af0cbf518e3f6b5f7f94f62ae3233ac40b7671baedc464373216cbbb
                                            • Opcode Fuzzy Hash: a50a0b47cc8fb1f1aa58c7d522dfd3dac9cb2a3c51579a89a64ad1e107e1cc06
                                            • Instruction Fuzzy Hash: 17216632218B8487DB6A9F1AD49039977B0F798BD4F644239FB59876E5DB39C8418B00
                                            Function 0000000140037BD1 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: FileFindNext
                                            • String ID:
                                            • API String ID: 2029273394-0
                                            • Opcode ID: 2a33c8ed0ea8a7ff33b4bf5881203da667c28cb78f46e6057f686215caa0375e
                                            • Instruction ID: 5aca283b3c95ff823a9037a8aa05f053069595e5bdb8907956f138cbc61f99fe
                                            • Opcode Fuzzy Hash: 2a33c8ed0ea8a7ff33b4bf5881203da667c28cb78f46e6057f686215caa0375e
                                            • Instruction Fuzzy Hash: 05014F36218A8180EA72CB53F44479BB320F78CBD4F404022DF8D43B68DE39C886CB00
                                            Function 0000000140090AB4 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3215553584-0
                                            • Opcode ID: 3ae8ffb49856a14d60f99efa49b0fe83e22d235a8448dcdbc0ad68fd56e97e18
                                            • Instruction ID: 0c767e3cbc4931c4aa8882f63e94758b56fa545a3ce8bdd11540b7d769112b3b
                                            • Opcode Fuzzy Hash: 3ae8ffb49856a14d60f99efa49b0fe83e22d235a8448dcdbc0ad68fd56e97e18
                                            • Instruction Fuzzy Hash: C4E0D831215B8145FB677BBB95813ED7150AF4C7F4F144321BB38036E6DA3488604702
                                            Function 00000001400BB67C Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: FileFindNext
                                            • String ID:
                                            • API String ID: 2029273394-0
                                            • Opcode ID: ed1b562b9eaccad4d1a8cb5c87ebc476f475394f3bf74eab8c21655979839179
                                            • Instruction ID: 981c6749304d533e8fdbedb094f8015d6330da6e913776a4b914b8757997fcb7
                                            • Opcode Fuzzy Hash: ed1b562b9eaccad4d1a8cb5c87ebc476f475394f3bf74eab8c21655979839179
                                            • Instruction Fuzzy Hash: DFC09B38F15911C2E75A1B775C82B8913E09B5C780F540210D34881270E97C85E79721
                                            Function 00000001400BCFA0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: InfoNativeSystem
                                            • String ID:
                                            • API String ID: 1721193555-0
                                            • Opcode ID: 2207f1aaff4f69cd87f85f70297096fb5378e3f094066669bafcd2760b152ba3
                                            • Instruction ID: f2dd737eda34713f0cce8303110b871d3b707fbabb630c02e0f133b95e01dc4e
                                            • Opcode Fuzzy Hash: 2207f1aaff4f69cd87f85f70297096fb5378e3f094066669bafcd2760b152ba3
                                            • Instruction Fuzzy Hash: DAB09236A248C0C3C612EB04EC426497331FB98B08FD00000E38D43624EF2CCA2A8E10
                                            Function 000000014009F8AC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: AllocHeap
                                            • String ID:
                                            • API String ID: 4292702814-0
                                            • Opcode ID: eb99e2a0aa2c5a543b3daa01bf1a85af620a59f00b68e4e07b531dba3724a22a
                                            • Instruction ID: 9e91537f030aa400b32e62a5d8ac1f2b6596a14e99e6149370d123651f872c09
                                            • Opcode Fuzzy Hash: eb99e2a0aa2c5a543b3daa01bf1a85af620a59f00b68e4e07b531dba3724a22a
                                            • Instruction Fuzzy Hash: F5F0303070138549FE9767B75951BFA22805B8C7E0F1C07207F3A876F2DE38C481A620

                                            Non-executed Functions

                                            Function 0000000140086060 Relevance: 37.8, APIs: 18, Strings: 3, Instructions: 1064stringmemorynativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize
                                            • String ID: aaa$bbb$ccc
                                            • API String ID: 1424456515-3079797815
                                            • Opcode ID: f0b7a16c3e847143c70db0fec26786c2ad8d8c6e76ed255575291fbbb71af5a4
                                            • Instruction ID: b923225278945e31d1e214b42046eec2a27db5636e5914fbe7de8292be46462c
                                            • Opcode Fuzzy Hash: f0b7a16c3e847143c70db0fec26786c2ad8d8c6e76ed255575291fbbb71af5a4
                                            • Instruction Fuzzy Hash: 0DD28336629FC58AD7A18F69E88179EB3B4F788B88F105215EFCD57B18EB38C1548740
                                            Function 0000000140070D50 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 279COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Initialize$Security
                                            • String ID: @
                                            • API String ID: 119290355-2766056989
                                            • Opcode ID: e59b98966bda130ea35d372dae056438257616fd67346b0219cdfdf902116535
                                            • Instruction ID: 67c53c2c2d814d0a9250b11d1f1d9bb412a14425931474304dd3d9427839a308
                                            • Opcode Fuzzy Hash: e59b98966bda130ea35d372dae056438257616fd67346b0219cdfdf902116535
                                            • Instruction Fuzzy Hash: 67D17772B04B848AEB12CFB6E4547DD3361EB8CB98F404615EF5A17AA9DF78C095C344
                                            Function 0000000140085920 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 362nativelibraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Handle$Query$CloseInformationProcessSystem$AddressCriticalCurrentEnterFinalModuleNameObjectOpenPathProcSection
                                            • String ID: File$NtDuplicateObject$ntdll.dll
                                            • API String ID: 2066483518-3955674919
                                            • Opcode ID: e594203d8851b2cba567bebb7f27c6ffd0b35645b79d28f4c6519c117bc5403b
                                            • Instruction ID: 4f27cde101778101ecd7cab267c446bc3dafccd890f1742b76eda9cda1e43c20
                                            • Opcode Fuzzy Hash: e594203d8851b2cba567bebb7f27c6ffd0b35645b79d28f4c6519c117bc5403b
                                            • Instruction Fuzzy Hash: 49E18D72710B848AFB16AFA6D4543ED3762F748BD8F408625EF4927BA9DB34C645C340
                                            Function 0000000140076D60 Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 472COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: CriticalEnterExecuteSectionShell
                                            • String ID: .exe$.exe$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas$temp_directory_path
                                            • API String ID: 4038919937-3845196099
                                            • Opcode ID: e200e1a29eb46e4a5ff2b6316c9a2ce6143466b816e6ac2a742d2c4bea0fa9f7
                                            • Instruction ID: 7cbde7a1c2cb2ca04f7e1c7201835cb8b3a5905d3ea1d6bc7fa7a4196d7a7de0
                                            • Opcode Fuzzy Hash: e200e1a29eb46e4a5ff2b6316c9a2ce6143466b816e6ac2a742d2c4bea0fa9f7
                                            • Instruction Fuzzy Hash: F9328B72610B8089EB11DF6AE8847DE77A1F7887A8F505216FB5E07AB9DB78C185C700
                                            Function 00000001400A80AC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ErrorLastNameTranslate$CodePageValidValue
                                            • String ID: utf8
                                            • API String ID: 1791977518-905460609
                                            • Opcode ID: 7b07d4ff2d2c8ac8aae54d70d264f8f5fd38b117be414cfb2d7e50e751da9c84
                                            • Instruction ID: e67117c05542a16c3d237f6d918e56036c799c5066030088a6dac1a7e0b76059
                                            • Opcode Fuzzy Hash: 7b07d4ff2d2c8ac8aae54d70d264f8f5fd38b117be414cfb2d7e50e751da9c84
                                            • Instruction Fuzzy Hash: E4917D32200B4086EB769F63D8417EA27A5F7ACBC4F448225BF59477A5EB38C596CB40
                                            Function 00000001400A8AE0 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                            • String ID:
                                            • API String ID: 2591520935-0
                                            • Opcode ID: 3d25f31d395c3ae3e3608586c5fefc0b956f88d735d05026e9ed1f693fc9eb64
                                            • Instruction ID: 63c079c9bdc3934e62a49766a8657e039bd4138966bf6506c00c4e0c34cff1be
                                            • Opcode Fuzzy Hash: 3d25f31d395c3ae3e3608586c5fefc0b956f88d735d05026e9ed1f693fc9eb64
                                            • Instruction Fuzzy Hash: 6E717C727107108AFF669B62D8507EC33A0BB6CBC8F444625EF19576E5EB38C985CB60
                                            Function 00000001400665D0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 408COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: __std_exception_destroy
                                            • String ID: value
                                            • API String ID: 2453523683-494360628
                                            • Opcode ID: 4459256ee55020a31ff87e32e83d014d1221c33cab15f4399cce6727210ce636
                                            • Instruction ID: 360b10f0aa72913117fbd999b4c056a8fb455a009dc272f4eaf6707da87cb4e5
                                            • Opcode Fuzzy Hash: 4459256ee55020a31ff87e32e83d014d1221c33cab15f4399cce6727210ce636
                                            • Instruction Fuzzy Hash: A0026D32624BC089EB02CB7AD8403DE6761E7997E4F605712FB9D53AEADB78C185C700
                                            Function 0000000140091688 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                            • String ID:
                                            • API String ID: 1239891234-0
                                            • Opcode ID: 2d623047d3aecc7385336590f9e49eab95d49ea2abbdc5ec59ad4e6f52a05f12
                                            • Instruction ID: 84cf17d4c7d3108b2b180c25b472523c4d0c7ea9f2d81cd25f0633b2042140d4
                                            • Opcode Fuzzy Hash: 2d623047d3aecc7385336590f9e49eab95d49ea2abbdc5ec59ad4e6f52a05f12
                                            • Instruction Fuzzy Hash: 09314F36214B8086DB61CF66E8407EE73A4F788794F544225FB9D43BA9EF38C546CB00
                                            Function 0000000140094A50 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: memcpy_s
                                            • String ID:
                                            • API String ID: 1502251526-3916222277
                                            • Opcode ID: 1b748593274e8ddd9ac1e908b2a22b3d8043b10f383cd2471e7c6bd1e5b959b4
                                            • Instruction ID: 34293ee4bd884ca1a5d113340ea240fef62ce90f8ec454a1e98fd0f960cfc058
                                            • Opcode Fuzzy Hash: 1b748593274e8ddd9ac1e908b2a22b3d8043b10f383cd2471e7c6bd1e5b959b4
                                            • Instruction Fuzzy Hash: 40C1F6727156858BEB65CF1AE088F9EB791F3987C8F448225EB4A47B94D738D805CB40
                                            Function 00000001400BD6E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00000001400BD763
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: DebugDebuggerErrorLastOutputPresentString
                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                            • API String ID: 389471666-631824599
                                            • Opcode ID: 9f2ba7ac1ffdfb54cd24e7aa69bef8e5fd03b463d21a3b8ac8ac174eb3ea57fd
                                            • Instruction ID: 04c1f3162799c90fa18bfa9d0fdfa597dbb09a44218ac3b5afe7244516e8db41
                                            • Opcode Fuzzy Hash: 9f2ba7ac1ffdfb54cd24e7aa69bef8e5fd03b463d21a3b8ac8ac174eb3ea57fd
                                            • Instruction Fuzzy Hash: 58113C32210B9097FB569B67EA543E933B4FB4C795F404125A74983AA0FF38D4B4C750
                                            Function 0000000140098CE0 Relevance: 6.1, APIs: 4, Instructions: 81memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Virtual$AllocInfoProtectQuerySystem
                                            • String ID:
                                            • API String ID: 3562403962-0
                                            • Opcode ID: 0563650b0593b8a3372685d5b5ba1ed04743c52572833c5a6095c6b83099c874
                                            • Instruction ID: 7b29950938f5d1eb1f1057a13fe2bbe9f8d3e4bead821d60fa31d514101dd8cb
                                            • Opcode Fuzzy Hash: 0563650b0593b8a3372685d5b5ba1ed04743c52572833c5a6095c6b83099c874
                                            • Instruction Fuzzy Hash: 23312F32311A949EEB21DF36D8407D933A5F75CB88F444126AE0E8BB99DF38D645C750
                                            Function 000000014006A660 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 366COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: __std_exception_copy
                                            • String ID: parse_error$value
                                            • API String ID: 592178966-1739288027
                                            • Opcode ID: 594008a15763408666559e2e9687e6c47fb96841d2a711eed68f262bb4e26c07
                                            • Instruction ID: 5fcd192059ae7d40b4fc9f5b92788c6f353c03fb8b32c6bf07e2948d10f9e21b
                                            • Opcode Fuzzy Hash: 594008a15763408666559e2e9687e6c47fb96841d2a711eed68f262bb4e26c07
                                            • Instruction Fuzzy Hash: 93F1BC72B10A8494FB02EF76D8413ED6322E7997D8F905612EB5D17AEAEB78C185C340
                                            Function 00000001400BB330 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: FormatInfoLocaleMessage
                                            • String ID: !x-sys-default-locale
                                            • API String ID: 4235545615-2729719199
                                            • Opcode ID: c1628e58b74db45d6c1c166ba316052c12fc9305e6d311366bbb753391ec371b
                                            • Instruction ID: ee3019a1607bff4b850c8d5276a856c598ae6c010dbfced3cef60c4648155c67
                                            • Opcode Fuzzy Hash: c1628e58b74db45d6c1c166ba316052c12fc9305e6d311366bbb753391ec371b
                                            • Instruction Fuzzy Hash: 8E018472714B8483E7528B62F454BE9B7A1F78C7D4F444115E74943BA8CB7CC645C701
                                            Function 00000001400A8560 Relevance: 4.7, APIs: 3, Instructions: 169COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 1791019856-0
                                            • Opcode ID: e67600567bfe96fbbb60148a47ae1074da6cf3433536b878f09fbb7db3c093e2
                                            • Instruction ID: 3250d0611f82e919bd07214604e52a085f39cddba797da83e5303319a7d8c9f6
                                            • Opcode Fuzzy Hash: e67600567bfe96fbbb60148a47ae1074da6cf3433536b878f09fbb7db3c093e2
                                            • Instruction Fuzzy Hash: B061B4322046418AEB359F22E5403ED73A1F7ACBC0F548225EF9A936E5DB38D595CB00
                                            Function 000000014009DB64 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID: GetLocaleInfoEx
                                            • API String ID: 2299586839-2904428671
                                            • Opcode ID: 7158f00e854bc0a64802fd91f42c5edb2a8ca4e8e68280abc9d613188f6456ce
                                            • Instruction ID: 5df82f3035c796c9833f9b0ac1052cadc78fbd90198fa1db922be0fbb3987b3a
                                            • Opcode Fuzzy Hash: 7158f00e854bc0a64802fd91f42c5edb2a8ca4e8e68280abc9d613188f6456ce
                                            • Instruction Fuzzy Hash: 14016931704A8086EB069B57B4407DAB7A1EB8CBD0F584426FF4D53BBACE38CA428740
                                            Function 0000000140038060 Relevance: 3.1, APIs: 2, Instructions: 145encryptionCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: CryptDataFreeLocalUnprotect
                                            • String ID:
                                            • API String ID: 1561624719-0
                                            • Opcode ID: 3f01dd70acda989559950bac7c6ce8da687c370d4f84c80b7e33fb28e5680184
                                            • Instruction ID: 2c56df0f6b7fe195d8ab3dd192573ab1076b12a6302c88be85a928adc98b6aa1
                                            • Opcode Fuzzy Hash: 3f01dd70acda989559950bac7c6ce8da687c370d4f84c80b7e33fb28e5680184
                                            • Instruction Fuzzy Hash: 94616A32B10B809AFB22DFB5E4503DE73A5E75978CF008225FF8917A99DB78C1958344
                                            Function 0000000140073E40 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: CryptDataFreeLocalProtect
                                            • String ID:
                                            • API String ID: 2714945720-0
                                            • Opcode ID: 1b1f0b59f50daae5b913928cb930c74407ec3cf0d3c045937b738d3d3b56883e
                                            • Instruction ID: 487597bf66b3906908a9818e8a41d1dd645e71feaf2304e6cd687c69599107e4
                                            • Opcode Fuzzy Hash: 1b1f0b59f50daae5b913928cb930c74407ec3cf0d3c045937b738d3d3b56883e
                                            • Instruction Fuzzy Hash: 7F412232614B80CAF3218F75E4403ED37A4F75878CF444629FB8907E9ADB79C6A48754
                                            Function 00000001400A87AC Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ErrorLastValue$InfoLocale
                                            • String ID:
                                            • API String ID: 673564084-0
                                            • Opcode ID: 26972a3f8ec8664294c930cd51fb86fe8abaacfcc16369afc2f7ca5bbb20aff8
                                            • Instruction ID: a0cab8b25ff71ef6b22773c3f09fb607e25bff2e546453f5d41f5ddc3141f955
                                            • Opcode Fuzzy Hash: 26972a3f8ec8664294c930cd51fb86fe8abaacfcc16369afc2f7ca5bbb20aff8
                                            • Instruction Fuzzy Hash: 8E317E3260068186EB79DF27E5413EA73A1FB9C7C4F848225AF59832A5DF3CD9958B40
                                            Function 00000001400A83F8 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ErrorLast$EnumLocalesSystemValue
                                            • String ID:
                                            • API String ID: 3029459697-0
                                            • Opcode ID: 545877f1b48be7b9932d6e1bd4acb48e8ec6ab1aa6b15a7524e22e0cca3c5db5
                                            • Instruction ID: a51ea0ab000cc3dfd680d4ee4bb78ce126f552227a412868a4e57a41080536f0
                                            • Opcode Fuzzy Hash: 545877f1b48be7b9932d6e1bd4acb48e8ec6ab1aa6b15a7524e22e0cca3c5db5
                                            • Instruction Fuzzy Hash: B711D673A146448AEB268F16D0407EC7BA1F368FE0F448225EB65433E0D734C5D1CB40
                                            Function 00000001400A89B4 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ErrorLast$InfoLocaleValue
                                            • String ID:
                                            • API String ID: 3796814847-0
                                            • Opcode ID: fe6d65bc296aa4c948ab69cfea43ae809ff16573e1c5ee61f01f6c506c0a908a
                                            • Instruction ID: 10372d9deee32bd296c56e200d6745ea7de78220619460b3e25ca986d8c60a03
                                            • Opcode Fuzzy Hash: fe6d65bc296aa4c948ab69cfea43ae809ff16573e1c5ee61f01f6c506c0a908a
                                            • Instruction Fuzzy Hash: 361125326182A083FBB69B13E0407E922A1E778BE0F105327FF69076E5DB75C8C18B01
                                            Function 00000001400A84C8 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ErrorLast$EnumLocalesSystemValue
                                            • String ID:
                                            • API String ID: 3029459697-0
                                            • Opcode ID: 9a12b1fb76cf22861b2f448ca0e92b673a6715a3d8d74ac81b673a24401075ac
                                            • Instruction ID: ab4f1f4d7ac106faa2a67bd51681ca0f30e1138ec3efffad9f1a5adc633610c5
                                            • Opcode Fuzzy Hash: 9a12b1fb76cf22861b2f448ca0e92b673a6715a3d8d74ac81b673a24401075ac
                                            • Instruction Fuzzy Hash: FD01B172A046808AEB265B27F4407D976A1E768BE4F958321EF25472E4DB74C8C18B00
                                            Function 000000014009D620 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: EnumLocalesSystem
                                            • String ID:
                                            • API String ID: 2099609381-0
                                            • Opcode ID: 3ab42c288a21d81e2ffe37b664d861115ee0eba558140e8c864f0cc5d19cbbb4
                                            • Instruction ID: 78ef9602807423e242a0ea38a9212b2f99fc96f6c47c8dcba990794fa9f5bbf7
                                            • Opcode Fuzzy Hash: 3ab42c288a21d81e2ffe37b664d861115ee0eba558140e8c864f0cc5d19cbbb4
                                            • Instruction Fuzzy Hash: 83F01472300B4483E705DB2AE990BD92365F79DBC0F549126EB5983375EF38C9658740
                                            Function 00000001400A9084 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: HeapProcess
                                            • String ID:
                                            • API String ID: 54951025-0
                                            • Opcode ID: 821eb4daeda04d3c8aa90b2308e45ed5b1180566e4f4d070028705abe430cb4e
                                            • Instruction ID: acc1b05366cccbd76d9293523b6b0114d904872555dc885eff4670e25f93c100
                                            • Opcode Fuzzy Hash: 821eb4daeda04d3c8aa90b2308e45ed5b1180566e4f4d070028705abe430cb4e
                                            • Instruction Fuzzy Hash: 4CB09234A03A89C2EA0A2B126C8274923A47B8CB00F884119930D42330EB3C10B64B10
                                            Function 00000001400D7008 Relevance: .1, Instructions: 141COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 32622de27a61a8a2e5330a76705853dc24aae8fd8be83df1bd1a29b95d32b718
                                            • Instruction ID: 8061895d313a3bcd5ad51126a45877f99b8ea286b47d7ccf3b83f9bc6b2a3c0f
                                            • Opcode Fuzzy Hash: 32622de27a61a8a2e5330a76705853dc24aae8fd8be83df1bd1a29b95d32b718
                                            • Instruction Fuzzy Hash: CB5135AB54EAC04AF7A34A2A0C667CC1FD4EF6AB94F4D5146E744873E3F45A48068322
                                            Function 00000001400D7090 Relevance: .1, Instructions: 80COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d19410ad7230259186e62de70c501f604483edc097cd3d5680812bf89975e4c9
                                            • Instruction ID: f4926e5eaaec30b59a6ec3998276cba8c5ddb8ab5c1d13e9c54e759204d5da3f
                                            • Opcode Fuzzy Hash: d19410ad7230259186e62de70c501f604483edc097cd3d5680812bf89975e4c9
                                            • Instruction Fuzzy Hash: A631F0AF55EAC04AF3B349290CA77CC2FE4EB6AB54F4E5146D744873D3F55A480A8322
                                            Function 00000001400D7098 Relevance: .1, Instructions: 77COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 938643a2e72afeb32524c677afc066cef9a073125af7897a2a4558e983be0b23
                                            • Instruction ID: 44940e46665272858d9026c3291fb7c82fbecdcbe0f183109b5bb7cec3d570f7
                                            • Opcode Fuzzy Hash: 938643a2e72afeb32524c677afc066cef9a073125af7897a2a4558e983be0b23
                                            • Instruction Fuzzy Hash: 4E31B1AF54EAC14AF2B349290CA77CC2FE4EB6AB54F4E5146D744873D3F55A480A8322
                                            Function 00000001400D76D0 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 802a02f397435f7a2983d68343294454bc351265127295eb8017025d374bf0fa
                                            • Instruction ID: 4a8609c3f0e89bfa2cd04c8ea72c5120382184179509efa3a5e72aed363f3d3a
                                            • Opcode Fuzzy Hash: 802a02f397435f7a2983d68343294454bc351265127295eb8017025d374bf0fa
                                            • Instruction Fuzzy Hash: 8001A56750EAC00BF7634A2A4C66B8C2F60AB5AF80F4D8457E394872D3F5194C578772
                                            Function 00000001400D7100 Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d140950b30a8c0819f409446343fd7a16b42e04218d9a303406ff1e5d3a830a6
                                            • Instruction ID: 1799708525bdddc13f49a387cca5bccd1344612a0c503987f8f434d036b036d8
                                            • Opcode Fuzzy Hash: d140950b30a8c0819f409446343fd7a16b42e04218d9a303406ff1e5d3a830a6
                                            • Instruction Fuzzy Hash: 6B01E1AF94D9C10AF6B3491E08D77CC1BD9EF6A798F091249DB048B3E3F966480B4212
                                            Function 00000001400D76C0 Relevance: .0, Instructions: 9COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b47b12ad1dd9cb6d4a9d9e2362430c60ebee91eeab1b6ea40ce17222472a3128
                                            • Instruction ID: 78540e5299ba76ac7c74a2f19fc1c2b441bdd4ef5b5f379b0b393088ed1945eb
                                            • Opcode Fuzzy Hash: b47b12ad1dd9cb6d4a9d9e2362430c60ebee91eeab1b6ea40ce17222472a3128
                                            • Instruction Fuzzy Hash: D5C04C9B50A9C406F173551E0459BCC2F949B16B50E88544DD7E446162B45544474A66
                                            Function 00000001400D7720 Relevance: .0, Instructions: 3COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5c39617187c66315793016437c6cda029c4f5dd06a6cc6bee0d9654a8a4072c9
                                            • Instruction ID: 203ed785ae7c57f520fe977b5c607e435b600b22d8b6d4786c73795fd436a206
                                            • Opcode Fuzzy Hash: 5c39617187c66315793016437c6cda029c4f5dd06a6cc6bee0d9654a8a4072c9
                                            • Instruction Fuzzy Hash: 47B0124350C2E124C3034624402895B6F2055C2400B9C82FEC3D117A83D58C1054C352
                                            Function 0000000140070A40 Relevance: 28.7, APIs: 19, Instructions: 177processCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: CloseHandle$Token$Process32$InformationNextOpenProcess$ConvertCreateDuplicateErrorFirstLastSnapshotStringToolhelp32_invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 1854266383-0
                                            • Opcode ID: c6496b269248900584d7fd2b61856a7f51f25a84bdd1b29fe432eca5ef48a86e
                                            • Instruction ID: 0a6af3262ed0087e602f77b39e3d0d2059ca5fd9f98d819a84fa1aba99afca1b
                                            • Opcode Fuzzy Hash: c6496b269248900584d7fd2b61856a7f51f25a84bdd1b29fe432eca5ef48a86e
                                            • Instruction Fuzzy Hash: 1B811836214B80C6EB529B67E8507AEB7A4F788BD4F405215EF8D47BA8EF78C545CB00
                                            Function 0000000140091B38 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 415COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID: 0$0$0$0
                                            • API String ID: 3215553584-3558443385
                                            • Opcode ID: cb6153525aa798686fad21c2e9d9cf714d1e4191a1d43d2486d7861d2780c7f4
                                            • Instruction ID: d65c986ca340be5fea91ae015ff08865670063a256b4a82c7e29f510a7f8066a
                                            • Opcode Fuzzy Hash: cb6153525aa798686fad21c2e9d9cf714d1e4191a1d43d2486d7861d2780c7f4
                                            • Instruction Fuzzy Hash: FBF1B43230AA9989F7638F2785503ED7BE5A399BC0F988012EB99477E6D739C555C300
                                            Function 00000001400500A0 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 213COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: No closed word$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                            • API String ID: 0-2700065129
                                            • Opcode ID: 9fcd9b668a95f407d325d919b819b8c650df0833725703cd25a656c3a8d42033
                                            • Instruction ID: 58c3bc531708cdb88afb9f79fcc7e30f65ed040d56352c5498f019c403c5e272
                                            • Opcode Fuzzy Hash: 9fcd9b668a95f407d325d919b819b8c650df0833725703cd25a656c3a8d42033
                                            • Instruction Fuzzy Hash: 0EA17E32524EC594EB56EF22E8813DA3765FB8C388F905502F78A075B9DF78C689C300
                                            Function 00000001400767D0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 173COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                            • String ID: bad locale name$false$true
                                            • API String ID: 164343898-1062449267
                                            • Opcode ID: f759427ded3d1b3cabc39376bec70ff733624301768eaacd754337384279a6d8
                                            • Instruction ID: 80c3eb7a6a07223e04e5f0717b0c2e016bddd5f6b4aeeb11bbd2f16ac769cf8c
                                            • Opcode Fuzzy Hash: f759427ded3d1b3cabc39376bec70ff733624301768eaacd754337384279a6d8
                                            • Instruction Fuzzy Hash: CD713D32701B408AEB26DFB2E5503ED37B5EB88B88F144129AF4967BA9DF38C451D744
                                            Function 0000000140085720 Relevance: 13.6, APIs: 9, Instructions: 127COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Session$ListProcess$CriticalCurrentEnterRegisterResourcesSectionStart
                                            • String ID:
                                            • API String ID: 3572076967-0
                                            • Opcode ID: d817a67acd6db6480a775f706d479f0e5b7ae8bde52ed5eae0e180c41ccf0277
                                            • Instruction ID: 1c49036fe72cdc63f0beaf1dd1150fff1543ea9193bdff0cda437168c852a40e
                                            • Opcode Fuzzy Hash: d817a67acd6db6480a775f706d479f0e5b7ae8bde52ed5eae0e180c41ccf0277
                                            • Instruction Fuzzy Hash: 7D512932B10A408AF711DFA6E8407DD33B1B78CB99F404526EB4E63AA8EF34C945CB50
                                            Function 0000000140095014 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID: 0$f$p$p
                                            • API String ID: 3215553584-1202675169
                                            • Opcode ID: ddb5b90cffe7d2d3e0c664012388527694b11d3f7d0ea02711828fb826aaea95
                                            • Instruction ID: a3bd42d5379aa3d027f7814c4745283c46a02f78083dac8e034260718656a6b5
                                            • Opcode Fuzzy Hash: ddb5b90cffe7d2d3e0c664012388527694b11d3f7d0ea02711828fb826aaea95
                                            • Instruction Fuzzy Hash: C312AF7260564186FB66BE17E0547EEBBA2F3887D6FD84115FB9247AE4D738C9808B00
                                            Function 000000014009D69C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: AddressFreeLibraryProc
                                            • String ID: api-ms-$ext-ms-
                                            • API String ID: 3013587201-537541572
                                            • Opcode ID: 12135105b5f4dd6ea4bcef39dd476f6d9ed135b4d13e617c32e3e87089a7a057
                                            • Instruction ID: b274465ccf9ba22b4214f7b93b774bbea952c849d70e6785e4929c4053378e65
                                            • Opcode Fuzzy Hash: 12135105b5f4dd6ea4bcef39dd476f6d9ed135b4d13e617c32e3e87089a7a057
                                            • Instruction Fuzzy Hash: FE41CF72315A0081FB17DB6BA8047DA6395BB4DBE4F488126FF198B7A8FE3CC4468340
                                            Function 0000000140076C10 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Internet$CloseFileHandleOpenRead
                                            • String ID: File Downloader
                                            • API String ID: 4038090926-3631955488
                                            • Opcode ID: 3ee79157f89af13d5e06345f82add2bd8ba9855f0618fbf83edde4809386b858
                                            • Instruction ID: 43130f5fe14bcf6d0d5455ae0f7443da92bbabf2d7a90802a4e63c9bf303fcac
                                            • Opcode Fuzzy Hash: 3ee79157f89af13d5e06345f82add2bd8ba9855f0618fbf83edde4809386b858
                                            • Instruction Fuzzy Hash: 5F317C32214B8486EB229F26E4507DAB361FB8DBC4F545115FF8A43B68EFBCD5918B00
                                            Function 0000000140099B94 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Value$ErrorLast
                                            • String ID:
                                            • API String ID: 2506987500-0
                                            • Opcode ID: 23565e1f370c88a1e01d5dadd5e726acd3c17e7c91acbffbb25193025dd91155
                                            • Instruction ID: ae7cc464916aab66519ca55994373210c9e37001fa0b15fdcadb8524bd19fbcf
                                            • Opcode Fuzzy Hash: 23565e1f370c88a1e01d5dadd5e726acd3c17e7c91acbffbb25193025dd91155
                                            • Instruction Fuzzy Hash: C4213D7030864042FA6BA72B5A653ED63965B4CBF0F144725BB360BAF6DE79C4419701
                                            Function 00000001400ABB28 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                            • String ID: CONOUT$
                                            • API String ID: 3230265001-3130406586
                                            • Opcode ID: 224f991252595473e360711b9ed6629489629b1a0c31b547de0f3402cf39e5f5
                                            • Instruction ID: dae0cd1da474ecd68c0f1ced87abecf25dda5365d3406c3d20bf62305c1cd903
                                            • Opcode Fuzzy Hash: 224f991252595473e360711b9ed6629489629b1a0c31b547de0f3402cf39e5f5
                                            • Instruction Fuzzy Hash: 80118831220B4086F7529B47E854799A7A4FB9CFE8F400224EB1E877B8DB78C8458B14
                                            Function 00000001400BD314 Relevance: 9.2, APIs: 6, Instructions: 240COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$CompareInfoString
                                            • String ID:
                                            • API String ID: 2984826149-0
                                            • Opcode ID: f9a507bb13e9e0357262f9cd78c472a85d4b7cc200172b173b9b3c32d6c59667
                                            • Instruction ID: bc78d481dd2fb7fbb8cca10355bf95cf6853a50da0a75c496b8b6d5e7a1eecca
                                            • Opcode Fuzzy Hash: f9a507bb13e9e0357262f9cd78c472a85d4b7cc200172b173b9b3c32d6c59667
                                            • Instruction Fuzzy Hash: E8A19532605B8446FB368FA794507EAB7A1E748BE8F484226FB5D077E5EB78C9458300
                                            Function 0000000140071290 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 471COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ImpersonateLoggedRevertSelfUser
                                            • String ID: APPB
                                            • API String ID: 1724704203-1278849820
                                            • Opcode ID: 87a9713733893e0c6f88486d19aa8b1336c80bb1c49c683c8fdf6caa53c29ba1
                                            • Instruction ID: 394382830c3d6946c1531023e552b24c618bac6e5ce85e6df1867b8ffe842ff2
                                            • Opcode Fuzzy Hash: 87a9713733893e0c6f88486d19aa8b1336c80bb1c49c683c8fdf6caa53c29ba1
                                            • Instruction Fuzzy Hash: D3127E72B2068489FF029BBAD8553DD2B61E7897E8F505611FB6D17AEADF78C085C300
                                            Function 00000001400BCFB8 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiStringWide
                                            • String ID:
                                            • API String ID: 2829165498-0
                                            • Opcode ID: 568cdcc071fa6e11a5db189a350f89fe32867b41da656cec5731020258f84116
                                            • Instruction ID: f92ab99a2f7cf35814a9fea9e2409f5534924b6a4e4aeff7fd1dbc8ba49c22d6
                                            • Opcode Fuzzy Hash: 568cdcc071fa6e11a5db189a350f89fe32867b41da656cec5731020258f84116
                                            • Instruction Fuzzy Hash: 7E81A972211B8086EB258FA6D4407D9B7F5FB58BE8F044616FF5957BE8EB38C8458700
                                            Function 0000000140099D0C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32 ref: 0000000140099D1B
                                            • FlsSetValue.KERNEL32(?,?,8000000000000000,0000000140095E25,?,?,?,?,000000014009CF40), ref: 0000000140099D51
                                            • FlsSetValue.KERNEL32(?,?,8000000000000000,0000000140095E25,?,?,?,?,000000014009CF40), ref: 0000000140099D7E
                                            • FlsSetValue.KERNEL32(?,?,8000000000000000,0000000140095E25,?,?,?,?,000000014009CF40), ref: 0000000140099D8F
                                            • FlsSetValue.KERNEL32(?,?,8000000000000000,0000000140095E25,?,?,?,?,000000014009CF40), ref: 0000000140099DA0
                                            • SetLastError.KERNEL32 ref: 0000000140099DBB
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Value$ErrorLast
                                            • String ID:
                                            • API String ID: 2506987500-0
                                            • Opcode ID: 10d7e0d626b1d7213abfa432a929936a6378427cef95495f276e26cdb1db6cb6
                                            • Instruction ID: 734ff71a785b52918bb9cba74f7067165adb3cd9db710ca5d33c78ad089c1033
                                            • Opcode Fuzzy Hash: 10d7e0d626b1d7213abfa432a929936a6378427cef95495f276e26cdb1db6cb6
                                            • Instruction Fuzzy Hash: 5C111C3030664042FA57A73B56A13ED63929B8DBF0F144725BB3A0B7FADE79C4518701
                                            Function 000000014002FBB0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 279COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ApisFile__std_exception_destroy__std_fs_code_page
                                            • String ID: ", "$: "
                                            • API String ID: 376971205-747220369
                                            • Opcode ID: f7d98d6b7326af0b8cb237e3d9462c6c48a17a19d0a7430b07de30dba85b8ef0
                                            • Instruction ID: ea3f6e5f97bf6bdcbd0d103ee1ac1ffc8a51faede6db81c37d0ee239ede0a486
                                            • Opcode Fuzzy Hash: f7d98d6b7326af0b8cb237e3d9462c6c48a17a19d0a7430b07de30dba85b8ef0
                                            • Instruction Fuzzy Hash: BBA18772310A8495EB06DF6AE4543ED2362E748BC8F508536EF5D47BAADF78C896C340
                                            Function 00000001400A4410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: AddressFreeHandleLibraryModuleProc
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 4061214504-1276376045
                                            • Opcode ID: 8a1d3a3be8c220392397c732354a95df63a527e80713268e78113875a5d94587
                                            • Instruction ID: 98f8446855592729d7e10a5667fbe29b29aa873ca2805a54b3b845b24e02b0d7
                                            • Opcode Fuzzy Hash: 8a1d3a3be8c220392397c732354a95df63a527e80713268e78113875a5d94587
                                            • Instruction Fuzzy Hash: 2FF06275211A0181EB168B26E44479D6360AFCE7E5F940715EB69476F4DF3CC18AC720
                                            Function 00000001400A0EC4 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _set_statfp
                                            • String ID:
                                            • API String ID: 1156100317-0
                                            • Opcode ID: a8e7f674e444c430dcab0a326aefe8bd211f8fcb11616e81174b6f6b026ae09c
                                            • Instruction ID: af3071e0bee92d839052dec8344f2e2b51121cf2c489282b3b45be5312fe506f
                                            • Opcode Fuzzy Hash: a8e7f674e444c430dcab0a326aefe8bd211f8fcb11616e81174b6f6b026ae09c
                                            • Instruction Fuzzy Hash: 4C81A032614A4849F6778B37B4403EAA6A1EBAD7D4F044315BB5A27AF5DB38C5C28E00
                                            Function 0000000140092174 Relevance: 7.7, APIs: 5, Instructions: 157COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3215553584-0
                                            • Opcode ID: 8fe47afb3800f68be13bbe9b63e2be9326a40284285b68905b179da7a6afdabd
                                            • Instruction ID: 7a428a4386f63e493158c0509331fd65a4757546a53b0a6f49cc4351dc459348
                                            • Opcode Fuzzy Hash: 8fe47afb3800f68be13bbe9b63e2be9326a40284285b68905b179da7a6afdabd
                                            • Instruction Fuzzy Hash: A1518532205B8496E7639F23E4603ED3BA5A75EBC4F89C051EBC8473A6DA3D8955C302
                                            Function 00000001400ACED0 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _set_statfp
                                            • String ID:
                                            • API String ID: 1156100317-0
                                            • Opcode ID: bd658b213281b8180d680cb5284e660fc3441ab3d2b441db00ad661a662aa27e
                                            • Instruction ID: 910659adc1651636596cfe2fda14398b106978431f66616b18fe143b413dec5b
                                            • Opcode Fuzzy Hash: bd658b213281b8180d680cb5284e660fc3441ab3d2b441db00ad661a662aa27e
                                            • Instruction Fuzzy Hash: 82118276A34A094DF65A112BE4467E911426BFD3F0F0A0734BB7A0B7F79E3889C15A48
                                            Function 0000000140099DD4 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • FlsGetValue.KERNEL32(?,?,?,0000000140091617,?,?,00000000,00000001400918B2,?,?,?,?,8000000000000000,000000014009183E), ref: 0000000140099DF3
                                            • FlsSetValue.KERNEL32(?,?,?,0000000140091617,?,?,00000000,00000001400918B2,?,?,?,?,8000000000000000,000000014009183E), ref: 0000000140099E12
                                            • FlsSetValue.KERNEL32(?,?,?,0000000140091617,?,?,00000000,00000001400918B2,?,?,?,?,8000000000000000,000000014009183E), ref: 0000000140099E3A
                                            • FlsSetValue.KERNEL32(?,?,?,0000000140091617,?,?,00000000,00000001400918B2,?,?,?,?,8000000000000000,000000014009183E), ref: 0000000140099E4B
                                            • FlsSetValue.KERNEL32(?,?,?,0000000140091617,?,?,00000000,00000001400918B2,?,?,?,?,8000000000000000,000000014009183E), ref: 0000000140099E5C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Value
                                            • String ID:
                                            • API String ID: 3702945584-0
                                            • Opcode ID: ca041b53e005c77730e5b4023cff483f4379ac388898f76ba841aadf262eed56
                                            • Instruction ID: 4e2cdae51b6b0ef9d0c9a7702e45846a959b073c19d1744dbfe0150df42658a4
                                            • Opcode Fuzzy Hash: ca041b53e005c77730e5b4023cff483f4379ac388898f76ba841aadf262eed56
                                            • Instruction Fuzzy Hash: 41113D3070864141FA5AE72B96613E972925B9CBF0F184725BB3A0B6F6DE79C4518202
                                            Function 0000000140099C68 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Value
                                            • String ID:
                                            • API String ID: 3702945584-0
                                            • Opcode ID: 3e5c20a67329dbba8e21e5bcee7e617fd474fffe89f5f8156b1eab71d72c3704
                                            • Instruction ID: 5a762f1b3da12e99b705ebbfadf4c445ab3f8ffc203e5697425a27e4fb485252
                                            • Opcode Fuzzy Hash: 3e5c20a67329dbba8e21e5bcee7e617fd474fffe89f5f8156b1eab71d72c3704
                                            • Instruction Fuzzy Hash: 8311007024560141FE6BB77B58617F922924B8DBF0F180B25BB370B2F3EE39D8519202
                                            Function 00000001400C1D64 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                            • API String ID: 3215553584-1196891531
                                            • Opcode ID: 0524d665bc5a06fd11eb7e2e04d7f90da3eaa764dfd4209342eddcaac0b5d37c
                                            • Instruction ID: dfb0432c6f06ff27fb8ade60ff9cbd94804fc78f1fe0fbb781c9fed0584a1649
                                            • Opcode Fuzzy Hash: 0524d665bc5a06fd11eb7e2e04d7f90da3eaa764dfd4209342eddcaac0b5d37c
                                            • Instruction Fuzzy Hash: 62814B7260C74085FB6F9F2BC1503FC2AA0A39ABC8F958029FB06976F5D339C9529701
                                            Function 0000000140048470 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 172COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
                                            • String ID: bad locale name
                                            • API String ID: 1287851536-1405518554
                                            • Opcode ID: 48ac9f242940bc41e57652e659744f13fa30727a24d025037d863f02779f8363
                                            • Instruction ID: 2254c255a6c4935af6d93423b4c95e3e0c008ec596716f9ce7e504583dfb9204
                                            • Opcode Fuzzy Hash: 48ac9f242940bc41e57652e659744f13fa30727a24d025037d863f02779f8363
                                            • Instruction Fuzzy Hash: C9715C32702B408AFB16DFB6D4503DD33B6EB48B98F054526EF5D67AA9DA34C451C388
                                            Function 000000014005B690 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: __std_exception_destroy
                                            • String ID: at line $, column
                                            • API String ID: 2453523683-191570568
                                            • Opcode ID: 2e5234fcc3aaa90247cd826984ceeebebac9ff1b793ca4912b3fa40d38fefeb7
                                            • Instruction ID: c95716d310434b59b2a81e399601e63033a052a00854612b1375c14b18a3a36e
                                            • Opcode Fuzzy Hash: 2e5234fcc3aaa90247cd826984ceeebebac9ff1b793ca4912b3fa40d38fefeb7
                                            • Instruction Fuzzy Hash: F751DE72604B8481EB15DB2AE5843AEB721F78DBD0F504221FBA907BEADF39D081C740
                                            Function 000000014002EA30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
                                            • String ID: bad locale name
                                            • API String ID: 1612978173-1405518554
                                            • Opcode ID: 1bf784a48bb9dc5e36313bfe16d945f658639e91e8b5ce0241725dba8c3e9fae
                                            • Instruction ID: 49919a0638b93a0d9c349e220f20bf12f5f23e43642ce0c5e52ec5149b2b47df
                                            • Opcode Fuzzy Hash: 1bf784a48bb9dc5e36313bfe16d945f658639e91e8b5ce0241725dba8c3e9fae
                                            • Instruction Fuzzy Hash: 96511B32702B409AFB16DFA2D4903ED3375EB58788F044529EF5927AA9DF34C925D344
                                            Function 00000001400828E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID: ?
                                            • API String ID: 71445658-1684325040
                                            • Opcode ID: d73c2fc119a0a159e46710a9827755788a2eba32557b50d056ad65d865444428
                                            • Instruction ID: 4e8db620cbc1b91769a94bcd6e881d2b8906939414d5f1eafba696dead868338
                                            • Opcode Fuzzy Hash: d73c2fc119a0a159e46710a9827755788a2eba32557b50d056ad65d865444428
                                            • Instruction Fuzzy Hash: 5041D072618B8082EB11CB26E48439EB760FB997D4F505215FB8E43BA9DF78C184CB44
                                            Function 000000014009C220 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                            • String ID:
                                            • API String ID: 2718003287-0
                                            • Opcode ID: 9747b9886aa077a2834e1a796ac88b116a11c1980555fa48c7763810529486d9
                                            • Instruction ID: 735718e44f5e91c12114911fda1885aa3ecff155e1c3bdeed2142872ed253e7b
                                            • Opcode Fuzzy Hash: 9747b9886aa077a2834e1a796ac88b116a11c1980555fa48c7763810529486d9
                                            • Instruction Fuzzy Hash: 46D1FC72B10A808AEB12CF7AD4407EC37B1F348BD8F558216EF9997BA9CA34C546C740
                                            Function 000000014009CBFC Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ConsoleErrorLastMode
                                            • String ID:
                                            • API String ID: 953036326-0
                                            • Opcode ID: 7063050246c2fad88b065a933e2c6f249031a7ed32688652b8e99d20094d880a
                                            • Instruction ID: 743a2a84d553b006bec44a164e9b48346854ff6cee7a980c229786938ba229d3
                                            • Opcode Fuzzy Hash: 7063050246c2fad88b065a933e2c6f249031a7ed32688652b8e99d20094d880a
                                            • Instruction Fuzzy Hash: 1191A2B2A2065089FB62CB679480BED3BA0F74DBD8F445116FF4A67AA5DB34C485C710
                                            Function 00000001400C3288 Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo$_get_daylight
                                            • String ID:
                                            • API String ID: 72036449-0
                                            • Opcode ID: 23c2d46af6276b08be865227d4156c69869a5f5364afc3469a4aa53254264490
                                            • Instruction ID: c4eb06b392054e80e3e2d3b0349eb777ce60f8b0d8cdd9ad56ca04f13fb0d0dd
                                            • Opcode Fuzzy Hash: 23c2d46af6276b08be865227d4156c69869a5f5364afc3469a4aa53254264490
                                            • Instruction Fuzzy Hash: B351DF3262C38086F77F5A2BD5153FD6A90E34D7D4F198525BB469B2FACA3CCA408742
                                            Function 000000014004E11E Relevance: 6.1, APIs: 4, Instructions: 148COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e5a54e9a1cb11344d50727d94958118c2c4a6430c0e9c873597cf07d1822e852
                                            • Instruction ID: 5cd87b551d54bf12e46765c41e30f6003248c96073f8407b344622b368d20a9f
                                            • Opcode Fuzzy Hash: e5a54e9a1cb11344d50727d94958118c2c4a6430c0e9c873597cf07d1822e852
                                            • Instruction Fuzzy Hash: E741F83270178446FA269F67A6447E9A294AB487E4F180A35BFAD07BE7DB78C4918304
                                            Function 0000000140085E90 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: EnvironmentInitStringStringsUnicode$Free
                                            • String ID:
                                            • API String ID: 2488768755-0
                                            • Opcode ID: 63d5e256d85fd567c6aa2f24b043233b31a11fa5b9e1f1fe608c5c5c2082496a
                                            • Instruction ID: 9ee951371d52096d9653f2fd91a1abf04450b78460846d13f21951c0045c0739
                                            • Opcode Fuzzy Hash: 63d5e256d85fd567c6aa2f24b043233b31a11fa5b9e1f1fe608c5c5c2082496a
                                            • Instruction Fuzzy Hash: F7519B33A14B8082EB129F26E44039DB760F798BD8F549215EB9D03BA6DF78D6E1C704
                                            Function 0000000140042210 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
                                            • String ID:
                                            • API String ID: 3698853521-0
                                            • Opcode ID: 52f09004af13444489614d13a4beed677261be053e2b71cb6c70c7ba7eb4c573
                                            • Instruction ID: d65f8c266149f92a50ffe7e80d9563658ca8043f39de160116dfe31be92447d4
                                            • Opcode Fuzzy Hash: 52f09004af13444489614d13a4beed677261be053e2b71cb6c70c7ba7eb4c573
                                            • Instruction Fuzzy Hash: D7415832214B8081EA16DF16E8903EA77A4F78CBA4F991522AB9D077B9DF78C951C704
                                            Function 0000000140092018 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _invalid_parameter_noinfo
                                            • String ID:
                                            • API String ID: 3215553584-0
                                            • Opcode ID: 46041605b107bf846d44f5685209754c03f59a2c6bd87be6db18ef3a7a800cef
                                            • Instruction ID: b9da052f4a1c8645c0c669a10c0eca53c74bdbb8bd2ac94490040e784225e891
                                            • Opcode Fuzzy Hash: 46041605b107bf846d44f5685209754c03f59a2c6bd87be6db18ef3a7a800cef
                                            • Instruction Fuzzy Hash: 8B416D32104BC886E763DF23D4603ED3FA4A759BC4F49C051EBC8473A6DA3A8855C312
                                            Function 0000000140076360 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                            • String ID:
                                            • API String ID: 1168246061-0
                                            • Opcode ID: 630083b87030d874fb98124a302e25b2be5d17abf895b295ad6d9102da189e85
                                            • Instruction ID: 3c80963576db171c177ba1fc5730fdf64f35d93e38b68416c7fec54ad968ef5d
                                            • Opcode Fuzzy Hash: 630083b87030d874fb98124a302e25b2be5d17abf895b295ad6d9102da189e85
                                            • Instruction Fuzzy Hash: 43414932214B8085FA16AB27E8503DA6760F78CBE4F581621FB9E477B9DF38C5428700
                                            Function 00000001400764B0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                            • String ID:
                                            • API String ID: 1168246061-0
                                            • Opcode ID: a59cef1689774fe1fab41ed2815740ae3a49e56a25c405c4f9a4d703edcec962
                                            • Instruction ID: 15c9f317cc1556a32457209af1c7154bdf24ec9ee8daf65e76026d090249e89c
                                            • Opcode Fuzzy Hash: a59cef1689774fe1fab41ed2815740ae3a49e56a25c405c4f9a4d703edcec962
                                            • Instruction Fuzzy Hash: 48413A32214E8081FA16EF27E4503DA6760F78CBE4F481621BB9E477B9DF38C5528740
                                            Function 0000000140055AE0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Locinfo::_Locinfo_ctorRegister
                                            • String ID:
                                            • API String ID: 4181401918-0
                                            • Opcode ID: 341d0c1e0db9659c00f22877e9a5ce8211df1a606b3819ad1c108b85621a30d4
                                            • Instruction ID: 495580b44bb60ffe8221b037bbc441cecc3f35ffbf9d5ccaa041f9d8bb5e3b79
                                            • Opcode Fuzzy Hash: 341d0c1e0db9659c00f22877e9a5ce8211df1a606b3819ad1c108b85621a30d4
                                            • Instruction Fuzzy Hash: 24415C32214A8085FA16EF17E8643EA77A0F78CBE4F581621BB9D477B9DF38C5518700
                                            Function 0000000140043F00 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                            • String ID:
                                            • API String ID: 1168246061-0
                                            • Opcode ID: 9af72d6ad9fd38ab47eddf7528dcaacaf76fef6c26246278d57936cf75c35419
                                            • Instruction ID: bb11e2fb72f8f9207540e96e0655980bf263c009e36167cd33950d5557aee338
                                            • Opcode Fuzzy Hash: 9af72d6ad9fd38ab47eddf7528dcaacaf76fef6c26246278d57936cf75c35419
                                            • Instruction Fuzzy Hash: 83414A32214A4081FA26DF17E4903EA6770F78CBE8F481625FB9E477B9DE38C5558700
                                            Function 00000001400BB5B0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ByteCharErrorLastMultiWide
                                            • String ID:
                                            • API String ID: 203985260-0
                                            • Opcode ID: 34891596e761fd8460ac700fee511bf0e15182bd71cca03b29692357d58ccc2a
                                            • Instruction ID: 47b26950a7319bc93b44fdd10b38eee0aa547041d88658f082306caa57fbc3ad
                                            • Opcode Fuzzy Hash: 34891596e761fd8460ac700fee511bf0e15182bd71cca03b29692357d58ccc2a
                                            • Instruction Fuzzy Hash: EE215C76624B8487E7208F16E44475EBBB4F79DFD4F240228EB8953B64DB78C9128B00
                                            Function 00000001400BBA9C Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: AttributesCloseErrorFileHandleLast__std_fs_open_handle
                                            • String ID:
                                            • API String ID: 833716960-0
                                            • Opcode ID: 56b2687e7590be9060b2f521e43c00ef56049a5b324cbe43c349fec2da949a14
                                            • Instruction ID: ecf8e04536506bf301bab2cbce95ce546ef55d5cb58c3ad7ac5d5ba8bfebee2f
                                            • Opcode Fuzzy Hash: 56b2687e7590be9060b2f521e43c00ef56049a5b324cbe43c349fec2da949a14
                                            • Instruction Fuzzy Hash: 6111A331224A4046EB564FABA4947BE6671EB8C7F0F501614FB7747AF9DBF8C5418B00
                                            Function 00000001400AF04C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                            • String ID:
                                            • API String ID: 2933794660-0
                                            • Opcode ID: 8a0a3ff48e10abca6989925f8e92c0d4ed7927e3ad9b4e6d21f331759776fbbe
                                            • Instruction ID: f32ff44ab8f647aaea5c1ba308e4dc9f7cf81c67fb3c72460e437b910a9db9d9
                                            • Opcode Fuzzy Hash: 8a0a3ff48e10abca6989925f8e92c0d4ed7927e3ad9b4e6d21f331759776fbbe
                                            • Instruction Fuzzy Hash: A0111532710B008AEB019B62E8543A833A4F71DBA8F441E21EB6D877A4EF78C1958390
                                            Function 00000001400309D0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: [json.exception.
                                            • API String ID: 0-791563284
                                            • Opcode ID: e7c6df6e06eb819e060d3a7ba2ee612fd43aad838a7fe250ee90466a3a1256be
                                            • Instruction ID: 9239c17516455b3a448012381c2d1f074603d3bc66761de1d626d829efb37534
                                            • Opcode Fuzzy Hash: e7c6df6e06eb819e060d3a7ba2ee612fd43aad838a7fe250ee90466a3a1256be
                                            • Instruction Fuzzy Hash: 5D71C072B10B9085FB02CB7AE8503DE7761E799BD8F545225EF5917BAACB78C082C340
                                            Function 0000000140076A40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                            • String ID: bad locale name
                                            • API String ID: 3988782225-1405518554
                                            • Opcode ID: d919f00f0427a943367ba304c046a1614d0789efb4bf88867333352a77ce6253
                                            • Instruction ID: de661e414a94730733a874623ce5d124cd788fc6ff04c6228a6b3c2b018ffba2
                                            • Opcode Fuzzy Hash: d919f00f0427a943367ba304c046a1614d0789efb4bf88867333352a77ce6253
                                            • Instruction Fuzzy Hash: 60512E32302A4099EB16EFB2D4903ED3374EB5CB88F084425EF4A67AA9DF34C965D344
                                            Function 0000000140056720 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                            • String ID: bad locale name
                                            • API String ID: 3988782225-1405518554
                                            • Opcode ID: f4c26f5956a8700790c51c2685bcd79b78604b35ced4f3d01a0509a6ba63debc
                                            • Instruction ID: 79aabdc48e9d7dcfcd419c141c539c529153b4b47ca512ee9535b94420428082
                                            • Opcode Fuzzy Hash: f4c26f5956a8700790c51c2685bcd79b78604b35ced4f3d01a0509a6ba63debc
                                            • Instruction Fuzzy Hash: 6B514B32302A4099FB56DFB2E4903ED33B4EB58B88F044525EB4967AA9DF35C515D344
                                            Function 00000001400A2218 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _get_daylight$_invalid_parameter_noinfo
                                            • String ID: ?
                                            • API String ID: 1286766494-1684325040
                                            • Opcode ID: f2c0b3350a0b98d8fb562b82a11e3b8b7a1d2433ae3c1a46563649a3f1cccff1
                                            • Instruction ID: 4c8615930a8e04b970d715e0e7ecd6ce3c4b969d2bbe945c248259dc4a670e9c
                                            • Opcode Fuzzy Hash: f2c0b3350a0b98d8fb562b82a11e3b8b7a1d2433ae3c1a46563649a3f1cccff1
                                            • Instruction Fuzzy Hash: 3B41C33271478056FB669B2BA4517FA6760E7A9BE4F144335BF5807AF9DB38C4C18B00
                                            Function 000000014009C8CC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ErrorFileLastWrite
                                            • String ID: U
                                            • API String ID: 442123175-4171548499
                                            • Opcode ID: 0590916d9f3c9588fd2507377106b378a06cfe3691d6ecd7915443abf02f52c6
                                            • Instruction ID: ac8fc7e6074c7c9a51e373c6e66c1b2afe9ebf26f6743781aa6d0e43878e351d
                                            • Opcode Fuzzy Hash: 0590916d9f3c9588fd2507377106b378a06cfe3691d6ecd7915443abf02f52c6
                                            • Instruction Fuzzy Hash: 6041A372724A8085EB11CF26E4447EA7760F798BD4F454121EF8D877A8DB3CC441CB40
                                            Function 00000001400A1550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: _set_errno_from_matherr
                                            • String ID: exp
                                            • API String ID: 1187470696-113136155
                                            • Opcode ID: 923f91936fd528ad164bd700489891902ce9ad963cd2544eea48445b34140e2b
                                            • Instruction ID: c8faf32d2f23000669eabe8167213066500611c4af5ff7a223cae201b8e6b3ae
                                            • Opcode Fuzzy Hash: 923f91936fd528ad164bd700489891902ce9ad963cd2544eea48445b34140e2b
                                            • Instruction Fuzzy Hash: 0221F536B11A14CEE751DF79D4407ED37B0FB9C788F401625FA0A97B9AEB38C5818A40
                                            Function 0000000140081E80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: Value
                                            • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                            • API String ID: 3702945584-1787575317
                                            • Opcode ID: adf216c2d1b5f5292331595630b64b33fa050b190fc1c5e17533aec2785cb7d3
                                            • Instruction ID: 82c62a7f4ec79859ab1e0cf62bff8524839eff1fb1f348316490ea4113246402
                                            • Opcode Fuzzy Hash: adf216c2d1b5f5292331595630b64b33fa050b190fc1c5e17533aec2785cb7d3
                                            • Instruction Fuzzy Hash: F6111C32618B8486E7218F26F4413DAB3A4F78DB88F505225EB9847B69DFB8C155CB40
                                            Function 00000001400B1108 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.2248774869.0000000140000000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_2_2_140000000_attrib.jbxd
                                            Similarity
                                            • API ID: ExceptionFileHeaderRaise
                                            • String ID: csm
                                            • API String ID: 2573137834-1018135373
                                            • Opcode ID: a8459bb6fad1551cf5a45c3703ef9eb160a5f06788234bdcb96471953bc322dd
                                            • Instruction ID: 90ede0d865761f79051705b934f7b60601a23e415855fb028d7554a438b0a527
                                            • Opcode Fuzzy Hash: a8459bb6fad1551cf5a45c3703ef9eb160a5f06788234bdcb96471953bc322dd
                                            • Instruction Fuzzy Hash: 21111C32214F8482EB628F56E44039AB7B5FB88BD4F584621EF8D07B69DF39C551CB00