Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
yk2Eh24FDd.exe

Overview

General Information

Sample Name:yk2Eh24FDd.exe
Original Sample Name:a2ceac5a8509a11f58b58a09cf9302f8.exe
Analysis ID:1317500
MD5:a2ceac5a8509a11f58b58a09cf9302f8
SHA1:8d22ab1318281f5d39ad895013009f3cf06b18cc
SHA256:c6845e9f37437ffd4ee1bb170b696fcdc80f5c9c1fb1be3b75d0c48b87423b82
Tags:exeRedLineStealer
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Potentially malicious time measurement code found
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Contains functionality for execution timing, often used to detect debuggers
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Tries to load missing DLLs
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • yk2Eh24FDd.exe (PID: 7272 cmdline: C:\Users\user\Desktop\yk2Eh24FDd.exe MD5: A2CEAC5A8509A11F58B58A09CF9302F8)
    • conhost.exe (PID: 7280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • yk2Eh24FDd.exe (PID: 7332 cmdline: C:\Users\user\Desktop\yk2Eh24FDd.exe MD5: A2CEAC5A8509A11F58B58A09CF9302F8)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: yk2Eh24FDd.exeReversingLabs: Detection: 50%
Source: yk2Eh24FDd.exeVirustotal: Detection: 34%Perma Link
Antivirus / Scanner detection for submitted sample
Source: yk2Eh24FDd.exeAvira: detected
Antivirus detection for URL or domain
Source: https://garchieve.cloud/ds.exeAvira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URL
Source: https://garchieve.cloud/ds.exeVirustotal: Detection: 13%Perma Link
Source: yk2Eh24FDd.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897880706.00007FFA256B3000.00000002.00000001.01000000.00000007.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897007864.00007FFA089B0000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897675787.00007FFA1BDF7000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897208013.00007FFA1961C000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: yk2Eh24FDd.exe, 00000002.00000002.897124313.00007FFA08A36000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897765745.00007FFA1CDA3000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: yk2Eh24FDd.exe, 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1u 30 May 2023built on: Wed May 31 23:27:41 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: yk2Eh24FDd.exe, 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897208013.00007FFA1961C000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897335711.00007FFA1963D000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: yk2Eh24FDd.exe, 00000000.00000003.886131526.000001951DDB5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897803308.00007FFA1D4E1000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: yk2Eh24FDd.exe, 00000000.00000003.886131526.000001951DDB5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897803308.00007FFA1D4E1000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897732933.00007FFA1CCE8000.00000002.00000001.01000000.00000006.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: yk2Eh24FDd.exe, 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: yk2Eh24FDd.exe, 00000002.00000002.896516389.00007FFA04FEB000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: yk2Eh24FDd.exe, 00000002.00000002.897567776.00007FFA1968D000.00000002.00000001.01000000.00000008.sdmp, _ssl.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: yk2Eh24FDd.exe, 00000002.00000002.897124313.00007FFA08A36000.00000002.00000001.01000000.00000009.sdmp
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C796878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF69C796878
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7869E0 FindFirstFileExW,FindClose,0_2_00007FF69C7869E0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C796878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF69C796878
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7A0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF69C7A0A34
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C796878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF69C796878
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C796878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF69C796878
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7869E0 FindFirstFileExW,FindClose,2_2_00007FF69C7869E0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7A0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF69C7A0A34
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0491322E _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FFA0491322E
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: yk2Eh24FDd.exe, 00000002.00000002.896085621.0000013B3932C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
Source: yk2Eh24FDd.exe, 00000000.00000003.886479467.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887152113.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDC5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: yk2Eh24FDd.exe, 00000000.00000003.886479467.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDC4000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887152113.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: yk2Eh24FDd.exe, 00000000.00000003.886479467.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDC4000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887152113.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: yk2Eh24FDd.exe, 00000000.00000003.886479467.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDC4000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887152113.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDC5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: yk2Eh24FDd.exe, 00000002.00000003.892622118.0000013B378AF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892808743.0000013B378B2000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896037601.0000013B378AD000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892881926.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896042317.0000013B378C4000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892630955.0000013B378A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: yk2Eh24FDd.exe, 00000002.00000003.894050825.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37368000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895487367.0000013B3710D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894254913.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: yk2Eh24FDd.exe, 00000002.00000003.892496134.0000013B377D2000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B37833000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892988561.0000013B377D3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892638944.0000013B3783C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892778385.0000013B3783F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: yk2Eh24FDd.exe, 00000002.00000003.892622118.0000013B378AF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892808743.0000013B378B2000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896037601.0000013B378AD000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892881926.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892630955.0000013B378A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: yk2Eh24FDd.exe, 00000002.00000003.892622118.0000013B378AF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892808743.0000013B378B2000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896042317.0000013B378C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896037601.0000013B378AD000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892881926.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892630955.0000013B378A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl1
Source: yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl3
Source: yk2Eh24FDd.exe, 00000002.00000003.894050825.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895487367.0000013B3710D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894254913.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892738935.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894067228.0000013B3743F000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B373E7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893237412.0000013B373F8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892988561.0000013B377F3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893646441.0000013B3743D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893254514.0000013B3743C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B377F3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894174151.0000013B377F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: yk2Eh24FDd.exe, 00000002.00000003.894050825.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895487367.0000013B3710D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894254913.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crlm
Source: yk2Eh24FDd.exe, 00000002.00000003.894050825.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895487367.0000013B3710D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894254913.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892738935.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894067228.0000013B3743F000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B373E7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893237412.0000013B373F8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893646441.0000013B3743D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893254514.0000013B3743C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: yk2Eh24FDd.exe, 00000002.00000003.894050825.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895487367.0000013B3710D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894254913.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlr;
Source: yk2Eh24FDd.exe, 00000002.00000003.894050825.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895487367.0000013B3710D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894254913.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: yk2Eh24FDd.exe, 00000002.00000003.894050825.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895487367.0000013B3710D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894254913.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlY
Source: yk2Eh24FDd.exe, 00000000.00000003.886479467.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887152113.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDC5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: yk2Eh24FDd.exe, 00000000.00000003.886479467.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDC4000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887152113.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: yk2Eh24FDd.exe, 00000000.00000003.886479467.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDC4000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887152113.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: yk2Eh24FDd.exe, 00000000.00000003.886479467.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDC4000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887152113.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: yk2Eh24FDd.exe, 00000002.00000003.889749049.0000013B37770000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895834836.0000013B37560000.00000004.00001000.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889772947.0000013B370FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: yk2Eh24FDd.exe, 00000002.00000003.893776073.0000013B372FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893591620.0000013B372FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893355211.0000013B372F8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893198286.0000013B372F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892738935.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B373E7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893237412.0000013B373F8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889789467.0000013B37428000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893572862.0000013B3740F000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895786641.0000013B37418000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37428000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: yk2Eh24FDd.exe, 00000002.00000003.893284702.0000013B37666000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889772947.0000013B3710E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894050825.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893155563.0000013B37663000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893473242.0000013B3766D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889922237.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895487367.0000013B3710D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894254913.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: yk2Eh24FDd.exe, 00000002.00000003.892908963.0000013B37883000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B37883000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896023167.0000013B37887000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893452382.0000013B37887000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B37883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: yk2Eh24FDd.exe, 00000002.00000003.892617996.0000013B3745A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B37453000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895810250.0000013B3745E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: yk2Eh24FDd.exe, 00000000.00000003.886479467.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDC4000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887152113.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: yk2Eh24FDd.exe, 00000000.00000003.886479467.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDC4000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887152113.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDC5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: yk2Eh24FDd.exe, 00000000.00000003.886479467.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887152113.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDC5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: yk2Eh24FDd.exe, 00000000.00000003.886479467.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDC4000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887152113.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B37833000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892643427.0000013B37844000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892778385.0000013B37846000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892638944.0000013B3783C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892778385.0000013B3783F000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892717778.0000013B3784A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: yk2Eh24FDd.exe, 00000002.00000002.896085621.0000013B39300000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: yk2Eh24FDd.exe, 00000002.00000003.892908963.0000013B37883000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892617996.0000013B3745A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B37883000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896023167.0000013B37887000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B37453000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895810250.0000013B3745E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893452382.0000013B37887000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B37883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B3786B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892908963.0000013B3787A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892610920.0000013B37875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: yk2Eh24FDd.exe, 00000002.00000003.892617996.0000013B3745A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B37453000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895810250.0000013B3745E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B3786B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892908963.0000013B3787A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892610920.0000013B37875000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlT
Source: yk2Eh24FDd.exe, 00000002.00000003.893083179.0000013B373DA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893849955.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895731434.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894018622.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: yk2Eh24FDd.exe, 00000002.00000003.892617996.0000013B3745A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B37453000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895810250.0000013B3745E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: yk2Eh24FDd.exe, 00000002.00000003.893083179.0000013B373DA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893849955.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892617996.0000013B3745A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895731434.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894018622.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B37453000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895810250.0000013B3745E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: yk2Eh24FDd.exe, 00000002.00000003.892725713.0000013B3788E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892622118.0000013B378AF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B37883000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892881926.0000013B3788F000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892712510.0000013B3788B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B37883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: yk2Eh24FDd.exe, 00000002.00000003.889465811.0000013B373D9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889541607.0000013B37661000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889449341.0000013B373D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: yk2Eh24FDd.exe, 00000000.00000003.886479467.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886649275.000001951DDC4000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887152113.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: yk2Eh24FDd.exe, 00000002.00000003.893849955.0000013B373C3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894344049.0000013B373C8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892553194.0000013B378D3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893659060.0000013B373C1000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B37833000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892643427.0000013B37844000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B378C8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893222852.0000013B373AC000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892638944.0000013B3783C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892778385.0000013B3784C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378C8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892717778.0000013B3784A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: yk2Eh24FDd.exe, 00000002.00000003.889772947.0000013B3710E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889922237.0000013B3710B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/
Source: yk2Eh24FDd.exe, 00000002.00000003.893284702.0000013B37666000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893155563.0000013B37663000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893473242.0000013B3766D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: yk2Eh24FDd.exe, 00000002.00000003.889465811.0000013B373F2000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889789467.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889439716.0000013B373EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: yk2Eh24FDd.exe, 00000002.00000003.889541607.0000013B37661000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889449341.0000013B373D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: yk2Eh24FDd.exe, 00000002.00000003.894528719.0000013B3713E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893323163.0000013B3712E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894419408.0000013B3713B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893485455.0000013B37132000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: yk2Eh24FDd.exe, 00000002.00000003.892750726.0000013B37824000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B37815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: yk2Eh24FDd.exe, 00000002.00000003.893925729.0000013B373F9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892738935.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B373E7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893237412.0000013B373F8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889749049.0000013B37770000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894062474.0000013B373F9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889772947.0000013B370FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: yk2Eh24FDd.exe, 00000002.00000003.893776073.0000013B372FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889254615.0000013B373E6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893591620.0000013B372FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894935826.0000013B37308000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893355211.0000013B372F8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889525258.0000013B372CB000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889296788.0000013B372EF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895622372.0000013B37308000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893198286.0000013B372F5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894733306.0000013B37305000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue42195.
Source: yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893659060.0000013B373C1000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893222852.0000013B373AC000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889483136.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: yk2Eh24FDd.exe, 00000002.00000002.896108019.0000013B39400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: yk2Eh24FDd.exe, 00000002.00000002.895834836.0000013B37560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: yk2Eh24FDd.exe, 00000002.00000002.895546316.0000013B37160000.00000004.00001000.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896168879.0000013B3951C000.00000004.00001000.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://garchieve.cloud/ds.exe
Source: yk2Eh24FDd.exe, 00000002.00000003.892661370.0000013B3772F000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892407595.0000013B3772A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892541617.0000013B3772E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889763275.0000013B3772A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: yk2Eh24FDd.exe, 00000002.00000003.890078027.0000013B36C07000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893840907.0000013B370A7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888574536.0000013B36C0A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895339453.0000013B36C2C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888990504.0000013B3706C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893341030.0000013B3709E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895447778.0000013B370C0000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894481329.0000013B370B9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893426307.0000013B370A6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893885340.0000013B36C17000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888496108.0000013B36C12000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893305073.0000013B36C10000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893113441.0000013B36C0C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893408334.0000013B36C13000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889838353.0000013B36BFA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892706856.0000013B36C08000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894567627.0000013B370C0000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893902822.0000013B36C29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: yk2Eh24FDd.exe, 00000002.00000002.895344851.0000013B36CB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: yk2Eh24FDd.exe, 00000002.00000003.893902822.0000013B36C29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: yk2Eh24FDd.exe, 00000002.00000003.890078027.0000013B36C07000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893840907.0000013B370A7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888574536.0000013B36C0A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895339453.0000013B36C2C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888990504.0000013B3706C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893341030.0000013B3709E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895447778.0000013B370C0000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894481329.0000013B370B9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893426307.0000013B370A6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893885340.0000013B36C17000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888496108.0000013B36C12000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893305073.0000013B36C10000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893113441.0000013B36C0C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893408334.0000013B36C13000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889838353.0000013B36BFA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892706856.0000013B36C08000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894567627.0000013B370C0000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893902822.0000013B36C29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: yk2Eh24FDd.exe, 00000002.00000003.890078027.0000013B36C07000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893840907.0000013B370A7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888574536.0000013B36C0A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895339453.0000013B36C2C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888990504.0000013B3706C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893341030.0000013B3709E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895447778.0000013B370C0000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894481329.0000013B370B9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893426307.0000013B370A6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893885340.0000013B36C17000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888496108.0000013B36C12000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893305073.0000013B36C10000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893113441.0000013B36C0C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893408334.0000013B36C13000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889838353.0000013B36BFA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892706856.0000013B36C08000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894567627.0000013B370C0000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893902822.0000013B36C29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: yk2Eh24FDd.exe, 00000002.00000002.895834836.0000013B37560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892738935.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B373E7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889789467.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894197011.0000013B373EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: yk2Eh24FDd.exe, 00000002.00000002.895834836.0000013B37560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: yk2Eh24FDd.exe, 00000002.00000002.895457428.0000013B370E6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893332432.0000013B376F5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893632698.0000013B370E5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893890780.0000013B370E6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893155563.0000013B376F5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893368555.0000013B370E3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892407595.0000013B3772A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893935146.0000013B376FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895876778.0000013B376FB000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892541617.0000013B3772E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894041725.0000013B376FB000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889763275.0000013B3772A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893312550.0000013B3706C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: yk2Eh24FDd.exe, 00000002.00000002.895457428.0000013B370E6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893332432.0000013B376F5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893632698.0000013B370E5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893890780.0000013B370E6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893155563.0000013B376F5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893368555.0000013B370E3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893935146.0000013B376FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895876778.0000013B376FB000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894041725.0000013B376FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: yk2Eh24FDd.exe, 00000002.00000003.892706856.0000013B36C08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: yk2Eh24FDd.exe, 00000002.00000003.893750726.0000013B376DF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893284702.0000013B376DF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893473242.0000013B376DF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893155563.0000013B376DF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894669082.0000013B376DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: yk2Eh24FDd.exe, 00000002.00000003.893312550.0000013B3706C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: yk2Eh24FDd.exe, 00000002.00000002.896085621.0000013B39300000.00000004.00001000.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893378191.0000013B36BF7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894027187.0000013B36BFE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894174151.0000013B377F4000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892455487.0000013B37775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: yk2Eh24FDd.exe, 00000002.00000003.893545870.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894461354.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894808489.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895452271.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: yk2Eh24FDd.exe, 00000002.00000002.896108019.0000013B39424000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: yk2Eh24FDd.exe, 00000002.00000003.894041725.0000013B376F6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893368555.0000013B370E3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893935146.0000013B376FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889809738.0000013B3743E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37428000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: yk2Eh24FDd.exe, 00000002.00000003.893083179.0000013B373DA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889828900.0000013B37741000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: yk2Eh24FDd.exe, 00000002.00000002.895372876.0000013B36E70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: yk2Eh24FDd.exe, 00000002.00000002.896516389.00007FFA04FEB000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
Source: yk2Eh24FDd.exe, 00000002.00000003.893545870.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894461354.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894808489.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895452271.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896108019.0000013B39424000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: yk2Eh24FDd.exe, 00000002.00000003.894503922.0000013B37269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: yk2Eh24FDd.exe, 00000002.00000003.892407595.0000013B3772A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892541617.0000013B3772E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889763275.0000013B3772A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893312550.0000013B3706C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896067115.0000013B37A60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: yk2Eh24FDd.exe, 00000002.00000002.896067115.0000013B37A60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyp
Source: yk2Eh24FDd.exe, 00000002.00000002.895834836.0000013B37560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: yk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897143416.00007FFA08A6B000.00000002.00000001.01000000.00000009.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.openssl.org/H
Source: yk2Eh24FDd.exe, 00000002.00000003.893545870.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894461354.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894808489.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895452271.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: yk2Eh24FDd.exe, 00000002.00000003.893083179.0000013B373DA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889828900.0000013B37741000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37391000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: yk2Eh24FDd.exe, 00000002.00000003.888249822.0000013B37092000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888216456.0000013B3706C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888229731.0000013B3706C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888205204.0000013B37092000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895344851.0000013B36C30000.00000004.00001000.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888229731.0000013B37079000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: yk2Eh24FDd.exe, 00000002.00000002.896588197.00007FFA05088000.00000004.00000001.01000000.00000004.sdmp, python311.dll.0.drString found in binary or memory: https://www.python.org/psf/license/
Source: yk2Eh24FDd.exe, 00000002.00000003.892622118.0000013B378AF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892808743.0000013B378B2000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: yk2Eh24FDd.exe, 00000002.00000003.892622118.0000013B378AF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892808743.0000013B378B2000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896042317.0000013B378C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: yk2Eh24FDd.exe, 00000002.00000002.895457428.0000013B370E6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893332432.0000013B376F5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893632698.0000013B370E5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893890780.0000013B370E6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893155563.0000013B376F5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893368555.0000013B370E3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893935146.0000013B376FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895876778.0000013B376FB000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894041725.0000013B376FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownDNS traffic detected: queries for: garchieve.cloud
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04C54458 htons,recv,send,2_2_00007FFA04C54458
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7A5DEC0_2_00007FF69C7A5DEC
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7A4EA00_2_00007FF69C7A4EA0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7858E00_2_00007FF69C7858E0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7968780_2_00007FF69C796878
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C79FA880_2_00007FF69C79FA88
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C79FA880_2_00007FF69C79FA88
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7926140_2_00007FF69C792614
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C78FD400_2_00007FF69C78FD40
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7905600_2_00007FF69C790560
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C79CD640_2_00007FF69C79CD64
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7A2DB00_2_00007FF69C7A2DB0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7916C40_2_00007FF69C7916C4
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7966C40_2_00007FF69C7966C4
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C794FC00_2_00007FF69C794FC0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C78FF440_2_00007FF69C78FF44
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7907640_2_00007FF69C790764
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7970FC0_2_00007FF69C7970FC
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7A511C0_2_00007FF69C7A511C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C79D8780_2_00007FF69C79D878
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7A58A00_2_00007FF69C7A58A0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7968780_2_00007FF69C796878
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7921DC0_2_00007FF69C7921DC
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C79D1F80_2_00007FF69C79D1F8
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C792A180_2_00007FF69C792A18
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7A0A340_2_00007FF69C7A0A34
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7901500_2_00007FF69C790150
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C79132C0_2_00007FF69C79132C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7A324C0_2_00007FF69C7A324C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7A8BE80_2_00007FF69C7A8BE8
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7874200_2_00007FF69C787420
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7903540_2_00007FF69C790354
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C798D000_2_00007FF69C798D00
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7A5DEC2_2_00007FF69C7A5DEC
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7921DC2_2_00007FF69C7921DC
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C79132C2_2_00007FF69C79132C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C79FA882_2_00007FF69C79FA88
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7926142_2_00007FF69C792614
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C78FD402_2_00007FF69C78FD40
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7905602_2_00007FF69C790560
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C79CD642_2_00007FF69C79CD64
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7A2DB02_2_00007FF69C7A2DB0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7916C42_2_00007FF69C7916C4
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7966C42_2_00007FF69C7966C4
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7A4EA02_2_00007FF69C7A4EA0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C794FC02_2_00007FF69C794FC0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C78FF442_2_00007FF69C78FF44
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7907642_2_00007FF69C790764
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7858E02_2_00007FF69C7858E0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7970FC2_2_00007FF69C7970FC
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7A511C2_2_00007FF69C7A511C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7968782_2_00007FF69C796878
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C79D8782_2_00007FF69C79D878
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7A58A02_2_00007FF69C7A58A0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7968782_2_00007FF69C796878
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C79D1F82_2_00007FF69C79D1F8
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C792A182_2_00007FF69C792A18
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7A0A342_2_00007FF69C7A0A34
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7901502_2_00007FF69C790150
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7A324C2_2_00007FF69C7A324C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C79FA882_2_00007FF69C79FA88
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7A8BE82_2_00007FF69C7A8BE8
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7874202_2_00007FF69C787420
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7903542_2_00007FF69C790354
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C798D002_2_00007FF69C798D00
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049125F42_2_00007FFA049125F4
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049169E72_2_00007FFA049169E7
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0491177B2_2_00007FFA0491177B
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04AC85C02_2_00007FFA04AC85C0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0492C6202_2_00007FFA0492C620
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04916C212_2_00007FFA04916C21
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04A3C8302_2_00007FFA04A3C830
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04914B5B2_2_00007FFA04914B5B
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0491276B2_2_00007FFA0491276B
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049141062_2_00007FFA04914106
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04915B782_2_00007FFA04915B78
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04912C7A2_2_00007FFA04912C7A
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04914C3C2_2_00007FFA04914C3C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04A503402_2_00007FFA04A50340
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04912E912_2_00007FFA04912E91
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049C04402_2_00007FFA049C0440
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049114242_2_00007FFA04911424
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0492C4802_2_00007FFA0492C480
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049126EE2_2_00007FFA049126EE
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049111402_2_00007FFA04911140
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04AC4CF02_2_00007FFA04AC4CF0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04916D5C2_2_00007FFA04916D5C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049122FC2_2_00007FFA049122FC
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04911F962_2_00007FFA04911F96
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049112172_2_00007FFA04911217
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04916EBF2_2_00007FFA04916EBF
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049136342_2_00007FFA04913634
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04912D792_2_00007FFA04912D79
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04914A592_2_00007FFA04914A59
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049127612_2_00007FFA04912761
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049159342_2_00007FFA04915934
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049122AC2_2_00007FFA049122AC
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04912FD12_2_00007FFA04912FD1
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049111CC2_2_00007FFA049111CC
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04914C192_2_00007FFA04914C19
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04AC94F02_2_00007FFA04AC94F0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049153AD2_2_00007FFA049153AD
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049144CB2_2_00007FFA049144CB
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049156142_2_00007FFA04915614
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0491428C2_2_00007FFA0491428C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0491504C2_2_00007FFA0491504C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04915F102_2_00007FFA04915F10
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04914ACA2_2_00007FFA04914ACA
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049115C82_2_00007FFA049115C8
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049154CF2_2_00007FFA049154CF
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049112992_2_00007FFA04911299
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049165642_2_00007FFA04916564
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04A517E02_2_00007FFA04A517E0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04913A942_2_00007FFA04913A94
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049154D42_2_00007FFA049154D4
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0491318E2_2_00007FFA0491318E
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049144082_2_00007FFA04914408
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04915BF52_2_00007FFA04915BF5
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04A511B02_2_00007FFA04A511B0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0491710D2_2_00007FFA0491710D
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049165A02_2_00007FFA049165A0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049110AA2_2_00007FFA049110AA
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0492D2602_2_00007FFA0492D260
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0491144C2_2_00007FFA0491144C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04A3D1D02_2_00007FFA04A3D1D0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049352002_2_00007FFA04935200
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049155152_2_00007FFA04915515
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049168CA2_2_00007FFA049168CA
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0491736A2_2_00007FFA0491736A
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049116222_2_00007FFA04911622
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04911D832_2_00007FFA04911D83
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04AC9CD02_2_00007FFA04AC9CD0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049150B02_2_00007FFA049150B0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049172572_2_00007FFA04917257
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049138372_2_00007FFA04913837
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049129872_2_00007FFA04912987
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049172AC2_2_00007FFA049172AC
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049126712_2_00007FFA04912671
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04913BA72_2_00007FFA04913BA7
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04A460602_2_00007FFA04A46060
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04912D102_2_00007FFA04912D10
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049159FC2_2_00007FFA049159FC
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049154342_2_00007FFA04915434
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049121352_2_00007FFA04912135
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049153C62_2_00007FFA049153C6
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04913A8A2_2_00007FFA04913A8A
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04911CFD2_2_00007FFA04911CFD
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04914F432_2_00007FFA04914F43
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0491216C2_2_00007FFA0491216C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0491638E2_2_00007FFA0491638E
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04AB1BF02_2_00007FFA04AB1BF0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049136022_2_00007FFA04913602
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049136982_2_00007FFA04913698
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0491348B2_2_00007FFA0491348B
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04916FFF2_2_00007FFA04916FFF
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0491707C2_2_00007FFA0491707C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04914E532_2_00007FFA04914E53
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04A428A02_2_00007FFA04A428A0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04915A652_2_00007FFA04915A65
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04911B312_2_00007FFA04911B31
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: String function: 00007FFA049124B9 appears 42 times
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: String function: 00007FFA04911EF1 appears 1013 times
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: String function: 00007FFA04912A09 appears 159 times
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: String function: 00007FF69C781C50 appears 90 times
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: String function: 00007FF69C781CB0 appears 38 times
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: String function: 00007FFA04912739 appears 261 times
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: String function: 00007FFA0491698D appears 35 times
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: String function: 00007FFA04914840 appears 70 times
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: String function: 00007FFA0491405C appears 455 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: yk2Eh24FDd.exe, 00000000.00000003.886479467.000001951DDB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000000.00000003.886131526.000001951DDB5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exeBinary or memory string: OriginalFilename vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000002.00000002.897703748.00007FFA1BDFE000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000002.00000002.897368729.00007FFA19642000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000002.00000002.896983453.00007FFA05227000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython311.dll. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000002.00000002.897910677.00007FFA256B6000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000002.00000002.897143416.00007FFA08A6B000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenamelibsslH vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000002.00000002.897293232.00007FFA19625000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000002.00000002.897743707.00007FFA1CCF2000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000002.00000002.897824196.00007FFA1D4E7000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000002.00000002.897636973.00007FFA196A5000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000002.00000002.897080903.00007FFA089B5000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000002.00000002.897783697.00007FFA1CDA6000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs yk2Eh24FDd.exe
Source: yk2Eh24FDd.exe, 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs yk2Eh24FDd.exe
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeSection loaded: python3.dllJump to behavior
Source: yk2Eh24FDd.exeReversingLabs: Detection: 50%
Source: yk2Eh24FDd.exeVirustotal: Detection: 34%
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile read: C:\Users\user\Desktop\yk2Eh24FDd.exeJump to behavior
Source: yk2Eh24FDd.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\yk2Eh24FDd.exe C:\Users\user\Desktop\yk2Eh24FDd.exe
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeProcess created: C:\Users\user\Desktop\yk2Eh24FDd.exe C:\Users\user\Desktop\yk2Eh24FDd.exe
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeProcess created: C:\Users\user\Desktop\yk2Eh24FDd.exe C:\Users\user\Desktop\yk2Eh24FDd.exeJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722Jump to behavior
Source: classification engineClassification label: mal76.evad.winEXE@4/18@1/1
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C786670 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF69C786670
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7280:120:WilError_01
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: yk2Eh24FDd.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: yk2Eh24FDd.exeStatic file information: File size 7697557 > 1048576
Source: yk2Eh24FDd.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: yk2Eh24FDd.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: yk2Eh24FDd.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: yk2Eh24FDd.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: yk2Eh24FDd.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: yk2Eh24FDd.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: yk2Eh24FDd.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: yk2Eh24FDd.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: yk2Eh24FDd.exe, 00000000.00000003.887418775.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897880706.00007FFA256B3000.00000002.00000001.01000000.00000007.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: yk2Eh24FDd.exe, 00000000.00000003.887476124.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897007864.00007FFA089B0000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: yk2Eh24FDd.exe, 00000000.00000003.886375758.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897675787.00007FFA1BDF7000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897208013.00007FFA1961C000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: yk2Eh24FDd.exe, 00000002.00000002.897124313.00007FFA08A36000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: yk2Eh24FDd.exe, 00000000.00000003.886433756.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897765745.00007FFA1CDA3000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: yk2Eh24FDd.exe, 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1u 30 May 2023built on: Wed May 31 23:27:41 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: yk2Eh24FDd.exe, 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: yk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897208013.00007FFA1961C000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: yk2Eh24FDd.exe, 00000000.00000003.886179230.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897335711.00007FFA1963D000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: yk2Eh24FDd.exe, 00000000.00000003.886131526.000001951DDB5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897803308.00007FFA1D4E1000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: yk2Eh24FDd.exe, 00000000.00000003.886131526.000001951DDB5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897803308.00007FFA1D4E1000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: yk2Eh24FDd.exe, 00000000.00000003.886453527.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897732933.00007FFA1CCE8000.00000002.00000001.01000000.00000006.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: yk2Eh24FDd.exe, 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: yk2Eh24FDd.exe, 00000002.00000002.896516389.00007FFA04FEB000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: yk2Eh24FDd.exe, 00000002.00000002.897567776.00007FFA1968D000.00000002.00000001.01000000.00000008.sdmp, _ssl.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: yk2Eh24FDd.exe, 00000002.00000002.897124313.00007FFA08A36000.00000002.00000001.01000000.00000009.sdmp
Source: yk2Eh24FDd.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: yk2Eh24FDd.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: yk2Eh24FDd.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: yk2Eh24FDd.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: yk2Eh24FDd.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: yk2Eh24FDd.exeStatic PE information: section name: _RDATA
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: python311.dll.0.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722\select.pydJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722\python311.dllJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72722\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C782F20 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF69C782F20
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72722\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049132FB rdtsc 2_2_00007FFA049132FB
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeAPI coverage: 6.3 %
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C796878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF69C796878
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7869E0 FindFirstFileExW,FindClose,0_2_00007FF69C7869E0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C796878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF69C796878
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7A0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF69C7A0A34
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C796878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF69C796878
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C796878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF69C796878
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7869E0 FindFirstFileExW,FindClose,2_2_00007FF69C7869E0
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C7A0A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF69C7A0A34
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA0491322E _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FFA0491322E
Source: yk2Eh24FDd.exe, 00000002.00000003.893382331.0000013B37394000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895664838.0000013B37395000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893677326.0000013B37395000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893793345.0000013B37395000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889483136.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37391000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW|j
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

Anti Debugging

barindex
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049142462_2_00007FFA04914246
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049157312_2_00007FFA04915731
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C78AA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF69C78AA2C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7A2620 GetProcessHeap,0_2_00007FF69C7A2620
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA049132FB rdtsc 2_2_00007FFA049132FB
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C78A500 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,0_2_00007FF69C78A500
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C78AA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF69C78AA2C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C78A180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF69C78A180
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C78ABD4 SetUnhandledExceptionFilter,0_2_00007FF69C78ABD4
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C799C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF69C799C44
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C78A500 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,2_2_00007FF69C78A500
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C78AA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF69C78AA2C
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C78A180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF69C78A180
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C78ABD4 SetUnhandledExceptionFilter,2_2_00007FF69C78ABD4
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FF69C799C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF69C799C44
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 2_2_00007FFA04915A24 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFA04915A24
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeProcess created: C:\Users\user\Desktop\yk2Eh24FDd.exe C:\Users\user\Desktop\yk2Eh24FDd.exeJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\charset_normalizer\md.cp311-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\charset_normalizer\md__mypyc.cp311-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\Desktop\yk2Eh24FDd.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\certifi\cacert.pem VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72722\certifi\cacert.pem VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7A8A30 cpuid 0_2_00007FF69C7A8A30
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C78A910 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF69C78A910
Source: C:\Users\user\Desktop\yk2Eh24FDd.exeCode function: 0_2_00007FF69C7A4EA0 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF69C7A4EA0

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium12
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory31
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account Manager1
Remote System Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
DLL Side-Loading		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer2
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets22
System Information Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
yk2Eh24FDd.exe50%ReversingLabsWin64.Spyware.RedLine
yk2Eh24FDd.exe35%VirustotalBrowse
yk2Eh24FDd.exe100%AviraTR/Dldr.Agent.urxvj

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI72722\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72722\VCRUNTIME140.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72722\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72722\_bz2.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72722\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72722\_decimal.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72722\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72722\_hashlib.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72722\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72722\_lzma.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72722\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72722\_queue.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72722\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72722\_socket.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72722\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72722\_ssl.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72722\charset_normalizer\md.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72722\charset_normalizer\md.cp311-win_amd64.pyd1%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72722\charset_normalizer\md__mypyc.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72722\charset_normalizer\md__mypyc.cp311-win_amd64.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72722\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72722\libcrypto-1_1.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72722\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72722\libssl-1_1.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72722\python311.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72722\python311.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72722\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72722\select.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI72722\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72722\unicodedata.pyd0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
garchieve.cloud3%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://.../back.jpeg0%Avira URL Cloudsafe
https://mahler:8092/site-updates.py0%Avira URL Cloudsafe
http://crl.dhimyotis.com/certignarootca.crl30%Avira URL Cloudsafe
http://crl.securetrust.com/SGCA.crl0%Avira URL Cloudsafe
http://crl.dhimyotis.com/certignarootca.crl10%Avira URL Cloudsafe
http://crl.dhimyotis.com/certignarootca.crl00%Avira URL Cloudsafe
http://crl.dhimyotis.com/certignarootca.crl00%VirustotalBrowse
http://crl.dhimyotis.com/certignarootca.crl10%VirustotalBrowse
http://crl.securetrust.com/STCA.crl00%Avira URL Cloudsafe
http://crl.securetrust.com/SGCA.crl00%Avira URL Cloudsafe
http://cacerts.digicert.co0%Avira URL Cloudsafe
http://crl.securetrust.com/SGCA.crl0%VirustotalBrowse
http://crl.dhimyotis.com/certignarootca.crl0%Avira URL Cloudsafe
http://crl.dhimyotis.com/certignarootca.crl30%VirustotalBrowse
http://crl.xrampsecurity.com/XGCA.crlY0%Avira URL Cloudsafe
http://crl.securetrust.com/STCA.crlr;0%Avira URL Cloudsafe
http://crl.securetrust.com/SGCA.crl00%VirustotalBrowse
http://crl.xrampsecurity.com/XGCA.crl0%Avira URL Cloudsafe
http://cacerts.digicert.co0%VirustotalBrowse
http://crl.securetrust.com/SGCA.crlm0%Avira URL Cloudsafe
https://wwww.certigna.fr/autorites/0m0%Avira URL Cloudsafe
http://crl.xrampsecurity.com/XGCA.crl0%VirustotalBrowse
http://crl.securetrust.com/STCA.crl00%VirustotalBrowse
http://ocsp.accv.es00%Avira URL Cloudsafe
http://crl.dhimyotis.com/certignarootca.crl0%VirustotalBrowse
https://wwww.certigna.fr/autorites/0%Avira URL Cloudsafe
https://wwww.certigna.fr/autorites/0m0%VirustotalBrowse
http://www.cl.cam.ac.uk/~mgk25/iso-time.html0%Avira URL Cloudsafe
http://crl.securetrust.com/STCA.crl0%Avira URL Cloudsafe
http://crl.securetrust.com/SGCA.crlm0%VirustotalBrowse
http://crl.securetrust.com/STCA.crlr;0%VirustotalBrowse
http://crl.xrampsecurity.com/XGCA.crl00%Avira URL Cloudsafe
http://crl.certigna.fr/certignarootca.crl010%Avira URL Cloudsafe
http://www.cl.cam.ac.uk/~mgk25/iso-time.html0%VirustotalBrowse
https://wwww.certigna.fr/autorites/0%VirustotalBrowse
http://www.accv.es000%Avira URL Cloudsafe
https://garchieve.cloud/ds.exe100%Avira URL Cloudmalware
http://crl.xrampsecurity.com/XGCA.crl00%VirustotalBrowse
https://foss.heptapod.net/pypy/pypy/-/issues/35390%Avira URL Cloudsafe
http://crl.securetrust.com/STCA.crl0%VirustotalBrowse
http://crl.certigna.fr/certignarootca.crl010%VirustotalBrowse
https://foss.heptapod.net/pypy/pypy/-/issues/35390%VirustotalBrowse
https://garchieve.cloud/ds.exe13%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
garchieve.cloud
185.26.122.81
truefalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://google.com/yk2Eh24FDd.exe, 00000002.00000003.893776073.0000013B372FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893591620.0000013B372FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893355211.0000013B372F8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893198286.0000013B372F5000.00000004.00000020.00020000.00000000.sdmpfalse
    		high
    https://mahler:8092/site-updates.pyyk2Eh24FDd.exe, 00000002.00000003.893083179.0000013B373DA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889828900.0000013B37741000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37391000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    http://crl.securetrust.com/SGCA.crlyk2Eh24FDd.exe, 00000002.00000003.894050825.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895487367.0000013B3710D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894254913.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://.../back.jpegyk2Eh24FDd.exe, 00000002.00000002.896085621.0000013B3932C000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		low
    https://www.python.org/download/releases/2.3/mro/.yk2Eh24FDd.exe, 00000002.00000003.888249822.0000013B37092000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888216456.0000013B3706C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888229731.0000013B3706C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888205204.0000013B37092000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895344851.0000013B36C30000.00000004.00001000.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888229731.0000013B37079000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      https://httpbin.org/postyk2Eh24FDd.exe, 00000002.00000003.893545870.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894461354.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894808489.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895452271.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        http://crl.dhimyotis.com/certignarootca.crl1yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896037601.0000013B378AD000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892881926.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892630955.0000013B378A8000.00000004.00000020.00020000.00000000.sdmpfalse
        • 0%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        http://crl.dhimyotis.com/certignarootca.crl0yk2Eh24FDd.exe, 00000002.00000003.892622118.0000013B378AF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892808743.0000013B378B2000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896042317.0000013B378C4000.00000004.00000020.00020000.00000000.sdmpfalse
        • 0%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/Ousret/charset_normalizeryk2Eh24FDd.exe, 00000002.00000003.892661370.0000013B3772F000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892407595.0000013B3772A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892541617.0000013B3772E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889763275.0000013B3772A000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          http://www.firmaprofesional.com/cps0yk2Eh24FDd.exe, 00000002.00000003.893849955.0000013B373C3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894344049.0000013B373C8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892553194.0000013B378D3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893659060.0000013B373C1000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B37833000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892643427.0000013B37844000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B378C8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893222852.0000013B373AC000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892638944.0000013B3783C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892778385.0000013B3784C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378C8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892717778.0000013B3784A000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://crl.dhimyotis.com/certignarootca.crl3yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#yk2Eh24FDd.exe, 00000002.00000003.890078027.0000013B36C07000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893840907.0000013B370A7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888574536.0000013B36C0A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895339453.0000013B36C2C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888990504.0000013B3706C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893341030.0000013B3709E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895447778.0000013B370C0000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894481329.0000013B370B9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893426307.0000013B370A6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893885340.0000013B36C17000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888496108.0000013B36C12000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893305073.0000013B36C10000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893113441.0000013B36C0C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893408334.0000013B36C13000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889838353.0000013B36BFA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892706856.0000013B36C08000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894567627.0000013B370C0000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893902822.0000013B36C29000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://github.com/urllib3/urllib3/issues/2920yk2Eh24FDd.exe, 00000002.00000002.895834836.0000013B37560000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                http://crl.securetrust.com/SGCA.crl0yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892738935.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894067228.0000013B3743F000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B373E7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893237412.0000013B373F8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892988561.0000013B377F3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893646441.0000013B3743D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893254514.0000013B3743C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B377F3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894174151.0000013B377F4000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://yahoo.com/yk2Eh24FDd.exe, 00000002.00000002.895457428.0000013B370E6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893332432.0000013B376F5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893632698.0000013B370E5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893890780.0000013B370E6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893155563.0000013B376F5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893368555.0000013B370E3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893935146.0000013B376FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895876778.0000013B376FB000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894041725.0000013B376FB000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://crl.securetrust.com/STCA.crl0yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892738935.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894067228.0000013B3743F000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B373E7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893237412.0000013B373F8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893646441.0000013B3743D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893254514.0000013B3743C000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://tools.ietf.org/html/rfc2388#section-4.4yk2Eh24FDd.exe, 00000002.00000003.894503922.0000013B37269000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893659060.0000013B373C1000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893222852.0000013B373AC000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889483136.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37391000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6yk2Eh24FDd.exe, 00000002.00000003.893284702.0000013B37666000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893155563.0000013B37663000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893473242.0000013B3766D000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://cacerts.digicert.coyk2Eh24FDd.exe, 00000000.00000003.886405995.000001951DDB7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000000.00000003.886312865.000001951DDB7000.00000004.00000020.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://html.spec.whatwg.org/multipage/yk2Eh24FDd.exe, 00000002.00000003.893750726.0000013B376DF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893284702.0000013B376DF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893473242.0000013B376DF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893155563.0000013B376DF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894669082.0000013B376DF000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://www.quovadisglobal.com/cps0yk2Eh24FDd.exe, 00000002.00000003.892750726.0000013B37824000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B37815000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlyk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B3786B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892908963.0000013B3787A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892610920.0000013B37875000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsyk2Eh24FDd.exe, 00000002.00000002.895834836.0000013B37560000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0yk2Eh24FDd.exe, 00000002.00000003.892617996.0000013B3745A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B37453000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895810250.0000013B3745E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963yk2Eh24FDd.exe, 00000002.00000002.895834836.0000013B37560000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.iana.org/time-zones/repository/tz-link.htmlyk2Eh24FDd.exe, 00000002.00000003.889465811.0000013B373F2000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889789467.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889439716.0000013B373EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://requests.readthedocs.ioyk2Eh24FDd.exe, 00000002.00000003.893545870.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894461354.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894808489.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895452271.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896108019.0000013B39424000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://peps.python.org/pep-0205/yk2Eh24FDd.exe, 00000002.00000002.895372876.0000013B36E70000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          http://crl.dhimyotis.com/certignarootca.crlyk2Eh24FDd.exe, 00000002.00000003.892622118.0000013B378AF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892808743.0000013B378B2000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896037601.0000013B378AD000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892881926.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892630955.0000013B378A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • 0%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://curl.haxx.se/rfc/cookie_spec.htmlyk2Eh24FDd.exe, 00000002.00000003.889749049.0000013B37770000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895834836.0000013B37560000.00000004.00001000.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889772947.0000013B370FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://ocsp.accv.esyk2Eh24FDd.exe, 00000002.00000003.892908963.0000013B37883000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B37883000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896023167.0000013B37887000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893452382.0000013B37887000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B37883000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://crl.xrampsecurity.com/XGCA.crlYyk2Eh24FDd.exe, 00000002.00000003.894050825.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895487367.0000013B3710D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894254913.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://repository.swisssign.com/yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B37833000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892643427.0000013B37844000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892778385.0000013B37846000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892638944.0000013B3783C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892778385.0000013B3783F000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892717778.0000013B3784A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyyk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896067115.0000013B37A60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688yk2Eh24FDd.exe, 00000002.00000002.895344851.0000013B36CB8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://httpbin.org/getyk2Eh24FDd.exe, 00000002.00000002.896085621.0000013B39300000.00000004.00001000.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893378191.0000013B36BF7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894027187.0000013B36BFE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894174151.0000013B377F4000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892455487.0000013B37775000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://crl.securetrust.com/STCA.crlr;yk2Eh24FDd.exe, 00000002.00000003.894050825.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895487367.0000013B3710D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894254913.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • 0%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://crl.xrampsecurity.com/XGCA.crlyk2Eh24FDd.exe, 00000002.00000003.894050825.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895487367.0000013B3710D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894254913.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • 0%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxypyk2Eh24FDd.exe, 00000002.00000002.896067115.0000013B37A60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.python.orgyk2Eh24FDd.exe, 00000002.00000003.893545870.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894461354.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894808489.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895452271.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlTyk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B3786B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892908963.0000013B3787A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892610920.0000013B37875000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://crl.securetrust.com/SGCA.crlmyk2Eh24FDd.exe, 00000002.00000003.894050825.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895487367.0000013B3710D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894254913.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • 0%, Virustotal, Browse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.accv.es/legislacion_c.htm0Uyk2Eh24FDd.exe, 00000002.00000003.892617996.0000013B3745A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B37453000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895810250.0000013B3745E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://wwww.certigna.fr/autorites/0myk2Eh24FDd.exe, 00000002.00000003.892622118.0000013B378AF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892808743.0000013B378B2000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896042317.0000013B378C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • 0%, Virustotal, Browse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://ocsp.accv.es0yk2Eh24FDd.exe, 00000002.00000003.892617996.0000013B3745A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B37453000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895810250.0000013B3745E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.python.org/yk2Eh24FDd.exe, 00000002.00000003.893083179.0000013B373DA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889828900.0000013B37741000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37391000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readeryk2Eh24FDd.exe, 00000002.00000003.890078027.0000013B36C07000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893840907.0000013B370A7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888574536.0000013B36C0A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895339453.0000013B36C2C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888990504.0000013B3706C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893341030.0000013B3709E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895447778.0000013B370C0000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894481329.0000013B370B9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893426307.0000013B370A6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893885340.0000013B36C17000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888496108.0000013B36C12000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893305073.0000013B36C10000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893113441.0000013B36C0C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893408334.0000013B36C13000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889838353.0000013B36BFA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892706856.0000013B36C08000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894567627.0000013B370C0000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893902822.0000013B36C29000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://json.orgyk2Eh24FDd.exe, 00000002.00000003.894041725.0000013B376F6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893368555.0000013B370E3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893935146.0000013B376FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889809738.0000013B3743E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37428000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://httpbin.org/yk2Eh24FDd.exe, 00000002.00000003.893312550.0000013B3706C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://wwww.certigna.fr/autorites/yk2Eh24FDd.exe, 00000002.00000003.892622118.0000013B378AF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892808743.0000013B378B2000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • 0%, Virustotal, Browse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlyk2Eh24FDd.exe, 00000002.00000003.889465811.0000013B373D9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889541607.0000013B37661000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889449341.0000013B373D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • 0%, Virustotal, Browse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://twitter.com/yk2Eh24FDd.exe, 00000002.00000003.892407595.0000013B3772A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892541617.0000013B3772E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889763275.0000013B3772A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893312550.0000013B3706C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.iana.org/yk2Eh24FDd.exe, 00000002.00000003.889772947.0000013B3710E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889922237.0000013B3710B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.quovadisglobal.com/cpsyk2Eh24FDd.exe, 00000002.00000003.894528719.0000013B3713E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893323163.0000013B3712E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894419408.0000013B3713B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893485455.0000013B37132000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535yk2Eh24FDd.exe, 00000002.00000003.893284702.0000013B37666000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889772947.0000013B3710E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894050825.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893155563.0000013B37663000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893473242.0000013B3766D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889922237.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895487367.0000013B3710D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894254913.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syyk2Eh24FDd.exe, 00000002.00000003.890078027.0000013B36C07000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893840907.0000013B370A7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888574536.0000013B36C0A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895339453.0000013B36C2C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888990504.0000013B3706C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893341030.0000013B3709E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895447778.0000013B370C0000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894481329.0000013B370B9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893426307.0000013B370A6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893885340.0000013B36C17000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.888496108.0000013B36C12000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893305073.0000013B36C10000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893113441.0000013B36C0C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893408334.0000013B36C13000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889838353.0000013B36BFA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892706856.0000013B36C08000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894567627.0000013B370C0000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893902822.0000013B36C29000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://google.com/yk2Eh24FDd.exe, 00000002.00000002.895457428.0000013B370E6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893332432.0000013B376F5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893632698.0000013B370E5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893890780.0000013B370E6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893155563.0000013B376F5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893368555.0000013B370E3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892407595.0000013B3772A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893935146.0000013B376FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895876778.0000013B376FB000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892541617.0000013B3772E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894041725.0000013B376FB000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889763275.0000013B3772A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893312550.0000013B3706C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://google.com/mail/yk2Eh24FDd.exe, 00000002.00000003.892706856.0000013B36C08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.python.org/psf/license/yk2Eh24FDd.exe, 00000002.00000002.896588197.00007FFA05088000.00000004.00000001.01000000.00000004.sdmp, python311.dll.0.drfalse
                                                                                      		high
                                                                                      https://bugs.python.org/issue42195.yk2Eh24FDd.exe, 00000002.00000003.893776073.0000013B372FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889254615.0000013B373E6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893591620.0000013B372FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894935826.0000013B37308000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893355211.0000013B372F8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889525258.0000013B372CB000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889296788.0000013B372EF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895622372.0000013B37308000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893198286.0000013B372F5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894733306.0000013B37305000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://google.com/mail/yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892738935.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B373E7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893237412.0000013B373F8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889789467.0000013B37428000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893572862.0000013B3740F000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895786641.0000013B37418000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37428000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://crl.securetrust.com/STCA.crlyk2Eh24FDd.exe, 00000002.00000003.894050825.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893211247.0000013B3710B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895487367.0000013B3710D000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894254913.0000013B3710C000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • 0%, Virustotal, Browse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://wwwsearch.sf.net/):yk2Eh24FDd.exe, 00000002.00000003.893925729.0000013B373F9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892738935.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B373E7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893237412.0000013B373F8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889749049.0000013B37770000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894062474.0000013B373F9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889772947.0000013B370FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0yk2Eh24FDd.exe, 00000002.00000003.892908963.0000013B37883000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892617996.0000013B3745A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B37883000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896023167.0000013B37887000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B37453000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895810250.0000013B3745E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893452382.0000013B37887000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B37883000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.accv.es/legislacion_c.htmyk2Eh24FDd.exe, 00000002.00000003.893083179.0000013B373DA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893849955.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895731434.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894018622.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37391000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://tools.ietf.org/html/rfc6125#section-6.4.3yk2Eh24FDd.exe, 00000002.00000002.896085621.0000013B39300000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://crl.xrampsecurity.com/XGCA.crl0yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • 0%, Virustotal, Browse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://www.openssl.org/Hyk2Eh24FDd.exe, 00000000.00000003.886859642.000001951DDB9000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.897143416.00007FFA08A6B000.00000002.00000001.01000000.00000009.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                                    		high
                                                                                                    http://crl.certigna.fr/certignarootca.crl01yk2Eh24FDd.exe, 00000002.00000003.892622118.0000013B378AF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892808743.0000013B378B2000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896037601.0000013B378AD000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892881926.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896042317.0000013B378C4000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892630955.0000013B378A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • 0%, Virustotal, Browse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.cert.fnmt.es/dpcs/yk2Eh24FDd.exe, 00000002.00000003.892725713.0000013B3788E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892622118.0000013B378AF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892589388.0000013B37883000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892383084.0000013B378A8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892881926.0000013B3788F000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892712510.0000013B3788B000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892279361.0000013B37883000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://docs.python.org/3/library/socket.html#socket.socket.connect_exyk2Eh24FDd.exe, 00000002.00000002.896108019.0000013B39400000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://google.com/mailyk2Eh24FDd.exe, 00000002.00000002.895457428.0000013B370E6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893332432.0000013B376F5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893632698.0000013B370E5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893890780.0000013B370E6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893155563.0000013B376F5000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893368555.0000013B370E3000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893935146.0000013B376FA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895876778.0000013B376FB000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894041725.0000013B376FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.accv.es00yk2Eh24FDd.exe, 00000002.00000003.893083179.0000013B373DA000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893849955.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892617996.0000013B3745A000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895731434.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894018622.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B37453000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.895810250.0000013B3745E000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892677293.0000013B37391000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyyk2Eh24FDd.exe, 00000002.00000003.893902822.0000013B36C29000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmyk2Eh24FDd.exe, 00000002.00000003.889541607.0000013B37661000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889449341.0000013B373D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacyyk2Eh24FDd.exe, 00000002.00000002.896108019.0000013B39424000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://garchieve.cloud/ds.exeyk2Eh24FDd.exe, 00000002.00000002.895546316.0000013B37160000.00000004.00001000.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893276339.0000013B370D6000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000002.896168879.0000013B3951C000.00000004.00001000.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892518802.0000013B37072000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.893016313.0000013B370CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • 13%, Virustotal, Browse
                                                                                                                • Avira URL Cloud: malware
                                                                                                                		unknown
                                                                                                                https://peps.python.org/pep-0263/yk2Eh24FDd.exe, 00000002.00000002.896516389.00007FFA04FEB000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.drfalse
                                                                                                                  		high
                                                                                                                  https://foss.heptapod.net/pypy/pypy/-/issues/3539yk2Eh24FDd.exe, 00000002.00000002.895834836.0000013B37560000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  • 0%, Virustotal, Browse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.yk2Eh24FDd.exe, 00000002.00000003.893035802.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892738935.0000013B373E8000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.892482783.0000013B373E7000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889789467.0000013B373DE000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.889849551.0000013B37391000.00000004.00000020.00020000.00000000.sdmp, yk2Eh24FDd.exe, 00000002.00000003.894197011.0000013B373EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                    185.26.122.81
                                                                                                                    		garchieve.cloudRussian Federation
                                                                                                                    		62082HOSTLANDRUfalse

                                                                                                                    General Information

                                                                                                                    Joe Sandbox Version:38.0.0 Beryl
                                                                                                                    Analysis ID:1317500
                                                                                                                    Start date and time:2023-10-01 13:51:06 +02:00
                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                    Overall analysis duration:0h 5m 42s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Cookbook file name:default.jbs
                                                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                    Number of analysed new started processes analysed:3
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:0
                                                                                                                    Technologies:
                                                                                                                    • HCA enabled
                                                                                                                    • EGA enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Analysis stop reason:Timeout
                                                                                                                    Sample file name:yk2Eh24FDd.exe
                                                                                                                    Original Sample Name:a2ceac5a8509a11f58b58a09cf9302f8.exe
                                                                                                                    Detection:MAL
                                                                                                                    Classification:mal76.evad.winEXE@4/18@1/1
                                                                                                                    EGA Information:
                                                                                                                    • Successful, ratio: 100%
                                                                                                                    HCA Information:
                                                                                                                    • Successful, ratio: 68%
                                                                                                                    • Number of executed functions: 78
                                                                                                                    • Number of non-executed functions: 141
                                                                                                                    Cookbook Comments:
                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                    • Stop behavior analysis, all processes terminated

                                                                                                                    Warnings

                                                                                                                    • Not all processes where analyzed, report is missing behavior information

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    No simulations

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    No context

                                                                                                                    Domains

                                                                                                                    No context

                                                                                                                    ASNs

                                                                                                                    No context

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\VCRUNTIME140.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):109392
                                                                                                                    Entropy (8bit):6.641929675972235
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:GcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/woecbq8qZHg2zuCS+zuecL:GV3iC0h9q4v6XjKwoecbq8qBTq+1cL
                                                                                                                    MD5:4585A96CC4EEF6AAFD5E27EA09147DC6
                                                                                                                    SHA1:489CFFF1B19ABBEC98FDA26AC8958005E88DD0CB
                                                                                                                    SHA-256:A8F950B4357EC12CFCCDDC9094CCA56A3D5244B95E09EA6E9A746489F2D58736
                                                                                                                    SHA-512:D78260C66331FE3029D2CC1B41A5D002EC651F2E3BBF55076D65839B5E3C6297955AFD4D9AB8951FBDC9F929DBC65EB18B14B59BCE1F2994318564EB4920F286
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d..._#;..........." ...".....`......................................................=.....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\_bz2.pyd

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):84760
                                                                                                                    Entropy (8bit):6.570831353064175
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:PdQz7pZ3catNZTRGE51LOBK5bib8tsfYqpIPCV17SyQPx:VQz9Z5VOwiItsAqpIPCV1Gx
                                                                                                                    MD5:3859239CED9A45399B967EBCE5A6BA23
                                                                                                                    SHA1:6F8FF3DF90AC833C1EB69208DB462CDA8CA3F8D6
                                                                                                                    SHA-256:A4DD883257A7ACE84F96BCC6CD59E22D843D0DB080606DEFAE32923FC712C75A
                                                                                                                    SHA-512:030E5CE81E36BD55F69D55CBB8385820EB7C1F95342C1A32058F49ABEABB485B1C4A30877C07A56C9D909228E45A4196872E14DED4F87ADAA8B6AD97463E5C69
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A}...............d`.....J`......J`......J`......J`......J`.......`......Nd..........Z....`.......`.......`.......`......Rich............PE..d......d.........." ...".....^......L........................................P.......`....`.........................................p...H............0....... .. ......../...@..........T...........................p...@............................................text............................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\_decimal.pyd

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):253200
                                                                                                                    Entropy (8bit):6.559097478184273
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:7t9gXW32tb0yf6CgLp+E4YECs5wxvj9qWM53pLW1Apw9tBg2YAp:7ngXW3wgyCiE4texvGI4Ap
                                                                                                                    MD5:65B4AB77D6C6231C145D3E20E7073F51
                                                                                                                    SHA1:23D5CE68ED6AA8EAABE3366D2DD04E89D248328E
                                                                                                                    SHA-256:93EB9D1859EDCA1C29594491863BF3D72AF70B9A4240E0D9DD171F668F4F8614
                                                                                                                    SHA-512:28023446E5AC90E9E618673C879CA46F598A62FBB9E69EF925DB334AD9CB1544916CAF81E2ECDC26B75964DCEDBA4AD4DE1BA2C42FB838D0DF504D963FCF17EE
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nyR.............w.......s.......s.......s.......s.......s.......w.........._....s.......s.......s.......s.......s......Rich............PE..d......d.........." ...".v...<......L...............................................Rn....`..........................................T..P...`T...................&......./......P.......T...........................P...@............................................text....u.......v.................. ..`.rdata..<............z..............@..@.data....*...p...$...R..............@....pdata...&.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\_hashlib.pyd

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):65304
                                                                                                                    Entropy (8bit):6.222786912280051
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:6TO+CPN/pV8ETeERZX/fchw/IpBIPOIVQ7SygPx:mClZZow/IpBIPOIVQyx
                                                                                                                    MD5:4255C44DC64F11F32C961BF275AAB3A2
                                                                                                                    SHA1:C1631B2821A7E8A1783ECFE9A14DB453BE54C30A
                                                                                                                    SHA-256:E557873D5AD59FD6BD29D0F801AD0651DBB8D9AC21545DEFE508089E92A15E29
                                                                                                                    SHA-512:7D3A306755A123B246F31994CD812E7922943CDBBC9DB5A6E4D3372EA434A635FFD3945B5D2046DE669E7983EF2845BD007A441D09CFE05CF346523C12BDAD52
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F.u.'.&.'.&.'.&._,&.'.&.[.'.'.&.[.'.'.&.[.'.'.&.[.'.'.&._.'.'.&*[.'.'.&.'.&e'.&*[.'.'.&*[.'.'.&*[@&.'.&*[.'.'.&Rich.'.&........PE..d......d.........." ...".T...~......`?...............................................%....`.............................................P.......................,......../......\...0}..T............................{..@............p..(............................text...uR.......T.................. ..`.rdata...N...p...P...X..............@..@.data...8...........................@....pdata..,...........................@..@.rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\_lzma.pyd

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):158992
                                                                                                                    Entropy (8bit):6.8491146526380025
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:A4lirS97HrdVmEkGCm5hAznf49mNo2NOvJ02pIPZ1wBExN:VlirG0EkTVAYO2NQ3w
                                                                                                                    MD5:E5ABC3A72996F8FDE0BCF709E6577D9D
                                                                                                                    SHA1:15770BDCD06E171F0B868C803B8CF33A8581EDD3
                                                                                                                    SHA-256:1796038480754A680F33A4E37C8B5673CC86C49281A287DC0C5CAE984D0CB4BB
                                                                                                                    SHA-512:B347474DC071F2857E1E16965B43DB6518E35915B8168BDEFF1EAD4DFF710A1CC9F04CA0CED23A6DE40D717EEA375EEDB0BF3714DAF35DE6A77F071DB33DFAE6
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...D,..D,..D,...,..D,..E-..D,..A-..D,..@-..D,..G-..D,M.E-..D,..E-..D,..E,.D,M.I-..D,M.D-..D,M.,..D,M.F-..D,Rich..D,........PE..d...$..d.........." ...".b...........5....................................................`..........................................%..L...\%..x....p.......P.......>.../......8.......T...........................p...@............................................text....a.......b.................. ..`.rdata..............f..............@..@.data........@......................@....pdata.......P......................@..@.rsrc........p.......2..............@..@.reloc..8............<..............@..B................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\_queue.pyd

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):32528
                                                                                                                    Entropy (8bit):6.448063770045404
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:AuCvO+MZFryl9SDCP6rXv+mkWsniRq9IPQUkHQIYiSy1pCQqIPxh8E9VF0NykOBw:1+yF+6rX2mk599IPQUO5YiSyv3PxWEun
                                                                                                                    MD5:F00133F7758627A15F2D98C034CF1657
                                                                                                                    SHA1:2F5F54EDA4634052F5BE24C560154AF6647EEE05
                                                                                                                    SHA-256:35609869EDC57D806925EC52CCA9BC5A035E30D5F40549647D4DA6D7983F8659
                                                                                                                    SHA-512:1C77DD811D2184BEEDF3C553C3F4DA2144B75C6518543F98C630C59CD597FCBF6FD22CFBB0A7B9EA2FDB7983FF69D0D99E8201F4E84A0629BC5733AA09FFC201
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_X..1...1...1.......1...0...1...4...1...5...1...2...1.~.0...1...0...1...0...1.~.<...1.~.1...1.~.....1.~.3...1.Rich..1.........PE..d......d.........." ...".....8......................................................./....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data...x....P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\_socket.pyd

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):79640
                                                                                                                    Entropy (8bit):6.290841920161528
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:0JltpedXL+3ujz9/s+S+pzpMoiyivViaE9IPLwj7SyZPx:07tp4i3ujz9/sT+pzqoavVpE9IPLwjHx
                                                                                                                    MD5:1EEA9568D6FDEF29B9963783827F5867
                                                                                                                    SHA1:A17760365094966220661AD87E57EFE09CD85B84
                                                                                                                    SHA-256:74181072392A3727049EA3681FE9E59516373809CED53E08F6DA7C496B76E117
                                                                                                                    SHA-512:D9443B70FCDC4D0EA1CB93A88325012D3F99DB88C36393A7DED6D04F590E582F7F1640D8B153FE3C5342FA93802A8374F03F6CD37DD40CDBB5ADE2E07FAD1E09
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RXY..97..97..97..A...97.YE6..97.YE2..97.YE3..97.YE4..97..E6..97..96..97.]A6..97..E:..97..E7..97..E...97..E5..97.Rich.97.................PE..d... ..d.........." ...".l...........%.......................................P......V.....`.............................................P............0....... ..x......../...@..........T...............................@............................................text...:k.......l.................. ..`.rdata...t.......v...p..............@..@.data...............................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\_ssl.pyd

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):161040
                                                                                                                    Entropy (8bit):6.029728458381984
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:LMaGbIQQbN9W3PiNGeA66l8rBk3xA87xfCA+nbUtFMsVjTNbEzc+pIPC7ODxd:LMaG0bN96oG1l8YA8ZMSR+E
                                                                                                                    MD5:208B0108172E59542260934A2E7CFA85
                                                                                                                    SHA1:1D7FFB1B1754B97448EB41E686C0C79194D2AB3A
                                                                                                                    SHA-256:5160500474EC95D4F3AF7E467CC70CB37BEC1D12545F0299AAB6D69CEA106C69
                                                                                                                    SHA-512:41ABF6DEAB0F6C048967CA6060C337067F9F8125529925971BE86681EC0D3592C72B9CC85DD8BDEE5DD3E4E69E3BB629710D2D641078D5618B4F55B8A60CC69D
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........p...p...p....8..p.......p.......p.......p.......p..N....p...p...q.......p..N....p..N....p..N.T..p..N....p..Rich.p..........................PE..d...'..d.........." ..."............l+..............................................NS....`.............................................d...t........`.......P.......F.../...p..8...0...T...............................@............................................text............................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P......."..............@..@.rsrc........`......................@..@.reloc..8....p.......8..............@..B................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\base_library.zip

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1847603
                                                                                                                    Entropy (8bit):5.576587358103163
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24576:mQR5pATu7xm4lUKdcubgAnyfbazZ0iwh9EpdYf9P3sLoThUdWQhuHHa:mQR5plxm+zJ5uUwQ5
                                                                                                                    MD5:E17CE7183E682DE459EEC1A5AC9CBBFF
                                                                                                                    SHA1:722968CA6EB123730EBC30FF2D498F9A5DAD4CC1
                                                                                                                    SHA-256:FF6A37C49EE4BB07A763866D4163126165038296C1FB7B730928297C25CFBE6D
                                                                                                                    SHA-512:FAB76B59DCD3570695FA260F56E277F8D714048F3D89F6E9F69EA700FCA7C097D0DB5F5294BEAB4E6409570408F1D680E8220851FEDEDB981ACB129A415358D1
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:PK..........!.h%..b...b......._collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\certifi\cacert.pem

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:ASCII text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):281617
                                                                                                                    Entropy (8bit):6.048201407322743
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:QW1H/M8fRR1mNplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5f:QWN/TR8NLWURrI55MWavdF0f
                                                                                                                    MD5:78D9DD608305A97773574D1C0FB10B61
                                                                                                                    SHA1:9E177F31A3622AD71C3D403422C9A980E563FE32
                                                                                                                    SHA-256:794D039FFDF277C047E26F2C7D58F81A5865D8A0EB7024A0FAC1164FEA4D27CF
                                                                                                                    SHA-512:0C2D08747712ED227B4992F6F8F3CC21168627A79E81C6E860EE2B5F711AF7F4387D3B71B390AA70A13661FC82806CC77AF8AB1E8A8DF82AD15E29E05FA911BF
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\charset_normalizer\md.cp311-win_amd64.pyd

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):10752
                                                                                                                    Entropy (8bit):4.666005138902942
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:KJdp72HzA5iJewkY0hQMsQJCUCLsZEA4elh3XQMtCF4ioUjQcX6g8cim1qeSju1:KJ72HzzjBbRYoe2oRcqgvimoe
                                                                                                                    MD5:28AF0FFB49CC20FE5AF9FE8EFA49D6F1
                                                                                                                    SHA1:2C17057C33382DDFFEA3CA589018CBA04C4E49D7
                                                                                                                    SHA-256:F1E26EF5D12C58D652B0B5437C355A14CD66606B2FBC00339497DD00243081E0
                                                                                                                    SHA-512:9AA99E17F20A5DD485AE43AC85842BD5270EBAB83A49E896975A8FA9F98FFC5F7585BEF84ED46BA55F40A25E224F2640E85CEBE5ACB9087CF46D178ECC8029F0
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2;.vZ..vZ..vZ..."..tZ...&..tZ..="..tZ...&..}Z...&..~Z...&..uZ..&..uZ..vZ..PZ..'..wZ..'..wZ..'v.wZ..'..wZ..RichvZ..................PE..d....Z.d.........." ...#.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):113152
                                                                                                                    Entropy (8bit):5.883508414366263
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:Oa+euGiytUbL3818SfqZpr0w2a5i5hBi0GmV4Ms7oTGKMl8g1d:OtezmbL38+SCZqw2aA8QV67oTGKw
                                                                                                                    MD5:6CDCA2FDE9DF198DA58955397033AF98
                                                                                                                    SHA1:E457C97721504D25F43B549D57E4538A62623168
                                                                                                                    SHA-256:A4A758EABD1B2B45F3C4699BDFEBC98F196DC691C0A3D5407E17FFFFFAFC5DF7
                                                                                                                    SHA-512:7B3C384BA9993D3192ED852191FF77BDCD3421CBC69FF636C6DEB8FE7248E066573B68D80A8F280AE0C1CB015F79967D46D910455D932EAEAC072C76D0757E92
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........KSjk%.jk%.jk%.c...bk%...$.hk%.!.$.hk%... .gk%...!.bk%...&.ik%...$.ik%.jk$..k%...-.kk%...%.kk%.....kk%...'.kk%.Richjk%.........PE..d....Z.d.........." ...#..................................................................`..........................................s..d....t..................................$....f...............................d..@............0...............................text............................... ..`.rdata..~U...0...V... ..............@..@.data...p8.......,...v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\libcrypto-1_1.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):3445016
                                                                                                                    Entropy (8bit):6.099467326309974
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:98304:+/+YgEQaGDoWS04ki7x+QRsZ51CPwDv3uFfJx:MLgEXGUZ37x+VZ51CPwDv3uFfJx
                                                                                                                    MD5:E94733523BCD9A1FB6AC47E10A267287
                                                                                                                    SHA1:94033B405386D04C75FFE6A424B9814B75C608AC
                                                                                                                    SHA-256:F20EB4EFD8647B5273FDAAFCEB8CCB2B8BA5329665878E01986CBFC1E6832C44
                                                                                                                    SHA-512:07DD0EB86498497E693DA0F9DD08DE5B7B09052A2D6754CFBC2AA260E7F56790E6C0A968875F7803CB735609B1E9B9C91A91B84913059C561BFFED5AB2CBB29F
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........).h.z.h.z.h.z..Oz.h.z...{.h.z...{.h.z...{.h.z...{.h.z.h.zjh.z...{.h.z=..{.h.z=..{.j.z=..{.h.z=.#z.h.z=..{.h.zRich.h.z........................PE..d.....wd.........." ..."..$...................................................5......o5...`..........................................y/..h...J4.@.....4.|....p2......b4../....4..O..P.,.8.............................,.@............@4..............................text...$.$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata..h....p2.......1.............@..@.idata..^#...@4..$....3.............@..@.00cfg..u....p4.......3.............@..@.rsrc...|.....4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\libssl-1_1.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):704792
                                                                                                                    Entropy (8bit):5.55753143710539
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:ihO7/rNKmrouK/POt6h+7ToRLgo479dQwwLOpWW/dQ0T9qwfU2lvzA:iis/POtrzbLp5dQ0T9qcU2lvzA
                                                                                                                    MD5:25BDE25D332383D1228B2E66A4CB9F3E
                                                                                                                    SHA1:CD5B9C3DD6AAB470D445E3956708A324E93A9160
                                                                                                                    SHA-256:C8F7237E7040A73C2BEA567ACC9CEC373AADD48654AAAC6122416E160F08CA13
                                                                                                                    SHA-512:CA2F2139BB456799C9F98EF8D89FD7C09D1972FA5DD8FC01B14B7AF00BF8D2C2175FB2C0C41E49A6DAF540E67943AAD338E33C1556FD6040EF06E0F25BFA88FA
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........q...q...q.....q..p...q..p...q..t...q..u...q..r...q.[.p...q...p.u.q.[.u...q.[.q...q.[.....q.[.s...q.Rich..q.........................PE..d.....wd.........." ...".D...T......<.....................................................`..........................................A...N..@U..........s........N......./......h.......8...............................@............@..@............................text....B.......D.................. ..`.rdata.../...`...0...H..............@..@.data...AM.......D...x..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............l..............@..@.rsrc...s............n..............@..@.reloc..q............v..............@..B................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\python311.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):5762840
                                                                                                                    Entropy (8bit):6.089392282930885
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:49152:73djosVvASxQKADxYBVD0NErnKqroleDkcWE/Q3pPITbwVFZL7VgVr42I1vJHH++:73ZOKRtlrJ7wfGrs1BHeM+2PocL2
                                                                                                                    MD5:5A5DD7CAD8028097842B0AFEF45BFBCF
                                                                                                                    SHA1:E247A2E460687C607253949C52AE2801FF35DC4A
                                                                                                                    SHA-256:A811C7516F531F1515D10743AE78004DD627EBA0DC2D3BC0D2E033B2722043CE
                                                                                                                    SHA-512:E6268E4FAD2CE3EF16B68298A57498E16F0262BF3531539AD013A66F72DF471569F94C6FCC48154B7C3049A3AD15CBFCBB6345DACB4F4ED7D528C74D589C9858
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.D.5.*.5.*.5.*.z.+.7.*.z...;.*.z./.9.*.z...=.*.z.).1.*.<../.*.~.+.>.*.5.+.P.*...'..*...*.4.*.....4.*...(.4.*.Rich5.*.........................PE..d......d.........." ...".X%..47.....\H........................................\.......X...`...........................................@......WA......p[.......V.d0....W../....[..C....).T.............................).@............p%..............................text...rV%......X%................. ..`.rdata.......p%......\%.............@..@.data.........A..L...hA.............@....pdata..d0....V..2....Q.............@..@PyRuntim......X.......S.............@....rsrc........p[......rV.............@..@.reloc...C....[..D...|V.............@..B........................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\select.pyd

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):30480
                                                                                                                    Entropy (8bit):6.578957517354568
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:N1ecReJKrHqDUI7A700EZ9IPQGNHQIYiSy1pCQn1tPxh8E9VF0NykfF:3eUeJGHqNbD9IPQGR5YiSyvnnPxWEuN
                                                                                                                    MD5:C97A587E19227D03A85E90A04D7937F6
                                                                                                                    SHA1:463703CF1CAC4E2297B442654FC6169B70CFB9BF
                                                                                                                    SHA-256:C4AA9A106381835CFB5F9BADFB9D77DF74338BC66E69183757A5A3774CCDACCF
                                                                                                                    SHA-512:97784363F3B0B794D2F9FD6A2C862D64910C71591006A34EEDFF989ECCA669AC245B3DFE68EAA6DA621209A3AB61D36E9118EBB4BE4C0E72CE80FAB7B43BDE12
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........tB.t'B.t'B.t'K..'@.t'..u&@.t'..q&N.t'..p&J.t'..w&F.t'..u&@.t'B.u'..t'..u&G.t'..y&C.t'..t&C.t'...'C.t'..v&C.t'RichB.t'................PE..d......d.........." ...".....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B........................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI72722\unicodedata.pyd

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1141016
                                                                                                                    Entropy (8bit):5.435086202175289
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:83kYbfjwR6nblonRiPDjRrO5184EPYPx++ZiLKGZ5KXyVH4eD1ol:8UYbMA0IDJcjEwPgPOG6Xyd461ol
                                                                                                                    MD5:AA13EE6770452AF73828B55AF5CD1A32
                                                                                                                    SHA1:C01ECE61C7623E36A834D8B3C660E7F28C91177E
                                                                                                                    SHA-256:8FBED20E9225FF82132E97B4FEFBB5DDBC10C062D9E3F920A6616AB27BB5B0FB
                                                                                                                    SHA-512:B2EEB9A7D4A32E91084FDAE302953AAC57388A5390F9404D8DFE5C4A8F66CA2AB73253CF5BA4CC55350D8306230DD1114A61E22C23F42FBCC5C0098046E97E0F
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................,...............,.....,.....,.y...,.....Rich..........PE..d......d.........." ...".@..........P*...............................................!....`.............................................X............`.......P..0....:.../...p.......]..T............................[..@............P..x............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data...H....0......................@....pdata..0....P.......&..............@..@.rsrc........`......................@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................

                                                                                                                    \Device\ConDrv

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):70
                                                                                                                    Entropy (8bit):4.317750788547594
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:t+6MJABFReNmI4HAuF5QEyn:w65MmI4g3
                                                                                                                    MD5:B53C8A6F15EB4AFBB3D9374D02066CCF
                                                                                                                    SHA1:20D8B0EAF54E73557BE4217DA6292E7ECFBC90F5
                                                                                                                    SHA-256:B3D786E60F79F4882BD8B79E5FFCBED434218DBC501A61E3D5319020A9121846
                                                                                                                    SHA-512:58E22CEA959628B9AFE637DBEA09269449195C97264E070D607ECCCDCC8D6C380303EA627F64F47961D0165B9A26423F9A5C44553022AE98CDE3BBA48E192782
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:[7332] Failed to execute script 'loader' due to unhandled exception!..

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                    Entropy (8bit):7.974408288448978
                                                                                                                    TrID:
                                                                                                                    • Win64 Executable Console (202006/5) 77.37%
                                                                                                                    • InstallShield setup (43055/19) 16.49%
                                                                                                                    • Win64 Executable (generic) (12005/4) 4.60%
                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                                                    • DOS Executable Generic (2002/1) 0.77%
                                                                                                                    File name:yk2Eh24FDd.exe
                                                                                                                    File size:7'697'557 bytes
                                                                                                                    MD5:a2ceac5a8509a11f58b58a09cf9302f8
                                                                                                                    SHA1:8d22ab1318281f5d39ad895013009f3cf06b18cc
                                                                                                                    SHA256:c6845e9f37437ffd4ee1bb170b696fcdc80f5c9c1fb1be3b75d0c48b87423b82
                                                                                                                    SHA512:49e2c1994871a09c20a9ae74efc840357a1ca3006365061ae63b297b9ec3493529504ac55d2c1469065cee9c2155e63e30d69950f431a1a7064a6dde2c1bd06e
                                                                                                                    SSDEEP:98304:AhzTBA4Pf1N2zIh3ET9Y9MxVMOPUh3PdWPEUrJY6AOxbHPS2zh/hQqF7CvSopJJW:AdC4FMIZETKwjPePdrQJ/BNOqpAYPv1
                                                                                                                    TLSH:B6763385B67009E5C8678378C482CC54F6767877FB78E28742B861AE1E73492A87FF11
                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................1.............-.............................................H.......H.......Rich...................

                                                                                                                    File Icon

                                                                                                                    Icon Hash:67180c344bc7731d

                                                                                                                    Static PE Info

                                                                                                                    General

                                                                                                                    Entrypoint:0x14000a6a0
                                                                                                                    Entrypoint Section:.text
                                                                                                                    Digitally signed:false
                                                                                                                    Imagebase:0x140000000
                                                                                                                    Subsystem:windows cui
                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                    Time Stamp:0x650AE3A9 [Wed Sep 20 12:20:57 2023 UTC]
                                                                                                                    TLS Callbacks:
                                                                                                                    CLR (.Net) Version:
                                                                                                                    OS Version Major:5
                                                                                                                    OS Version Minor:2
                                                                                                                    File Version Major:5
                                                                                                                    File Version Minor:2
                                                                                                                    Subsystem Version Major:5
                                                                                                                    Subsystem Version Minor:2
                                                                                                                    Import Hash:ba5546933531fafa869b1f86a4e2a959

                                                                                                                    Entrypoint Preview

                                                                                                                    Instruction
                                                                                                                    dec eax
                                                                                                                    sub esp, 28h
                                                                                                                    call 00007FF13CF0B53Ch
                                                                                                                    dec eax
                                                                                                                    add esp, 28h
                                                                                                                    jmp 00007FF13CF0B13Fh
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    dec eax
                                                                                                                    sub esp, 28h
                                                                                                                    call 00007FF13CF0BA84h
                                                                                                                    test eax, eax
                                                                                                                    je 00007FF13CF0B2F3h
                                                                                                                    dec eax
                                                                                                                    mov eax, dword ptr [00000030h]
                                                                                                                    dec eax
                                                                                                                    mov ecx, dword ptr [eax+08h]
                                                                                                                    jmp 00007FF13CF0B2D7h
                                                                                                                    dec eax
                                                                                                                    cmp ecx, eax
                                                                                                                    je 00007FF13CF0B2E6h
                                                                                                                    xor eax, eax
                                                                                                                    dec eax
                                                                                                                    cmpxchg dword ptr [00041E8Ch], ecx
                                                                                                                    jne 00007FF13CF0B2C0h
                                                                                                                    xor al, al
                                                                                                                    dec eax
                                                                                                                    add esp, 28h
                                                                                                                    ret
                                                                                                                    mov al, 01h
                                                                                                                    jmp 00007FF13CF0B2C9h
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    inc eax
                                                                                                                    push ebx
                                                                                                                    dec eax
                                                                                                                    sub esp, 20h
                                                                                                                    movzx eax, byte ptr [00041E77h]
                                                                                                                    test ecx, ecx
                                                                                                                    mov ebx, 00000001h
                                                                                                                    cmove eax, ebx
                                                                                                                    mov byte ptr [00041E67h], al
                                                                                                                    call 00007FF13CF0B883h
                                                                                                                    call 00007FF13CF0C9B2h
                                                                                                                    test al, al
                                                                                                                    jne 00007FF13CF0B2D6h
                                                                                                                    xor al, al
                                                                                                                    jmp 00007FF13CF0B2E6h
                                                                                                                    call 00007FF13CF19D91h
                                                                                                                    test al, al
                                                                                                                    jne 00007FF13CF0B2DBh
                                                                                                                    xor ecx, ecx
                                                                                                                    call 00007FF13CF0C9C2h
                                                                                                                    jmp 00007FF13CF0B2BCh
                                                                                                                    mov al, bl
                                                                                                                    dec eax
                                                                                                                    add esp, 20h
                                                                                                                    pop ebx
                                                                                                                    ret
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    inc eax
                                                                                                                    push ebx
                                                                                                                    dec eax
                                                                                                                    sub esp, 20h
                                                                                                                    cmp byte ptr [00041E2Ch], 00000000h
                                                                                                                    mov ebx, ecx
                                                                                                                    jne 00007FF13CF0B339h
                                                                                                                    cmp ecx, 01h
                                                                                                                    jnbe 00007FF13CF0B33Ch
                                                                                                                    call 00007FF13CF0B9EAh
                                                                                                                    test eax, eax
                                                                                                                    je 00007FF13CF0B2FAh

                                                                                                                    Data Directories

                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x3bb940x3c.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x1b333.rsrc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4e0000x20e8.pdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x6e0000x75c.reloc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x393500x1c.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x392100x140.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x350.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                    Sections

                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                    .text0x10000x288900x28a00False0.5562019230769231zlib compressed data6.489977853279916IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                    .rdata0x2a0000x1271a0x12800False0.5159549197635135data5.846244613590853IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                    .data0x3d0000x103f80xe00False0.13337053571428573DOS executable (block device driver \377\3)1.808915577448681IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .pdata0x4e0000x20e80x2200False0.4756433823529412data5.330974160786823IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                    _RDATA0x510000x15c0x200False0.392578125data2.795351059303424IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                    .rsrc0x520000x1b3330x1b400False0.19003547878440366data3.087443744527388IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                    .reloc0x6e0000x75c0x800False0.54296875data5.238892234772638IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                    Resources

                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                    RT_ICON0x521d80x266aPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.975696562944885
                                                                                                                    RT_ICON0x548440x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m0.06938365077487282
                                                                                                                    RT_ICON0x6506c0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m0.13692725555030705
                                                                                                                    RT_ICON0x692940x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m0.17302904564315352
                                                                                                                    RT_ICON0x6b83c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m0.23921200750469043
                                                                                                                    RT_ICON0x6c8e40x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m0.3874113475177305
                                                                                                                    RT_GROUP_ICON0x6cd4c0x5adata0.7666666666666667
                                                                                                                    RT_MANIFEST0x6cda80x58bXML 1.0 document, ASCII text, with CRLF line terminators0.44538407329105

                                                                                                                    Imports

                                                                                                                    DLLImport
                                                                                                                    KERNEL32.dllGetCommandLineW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, WriteConsoleW, GetProcAddress, GetModuleFileNameW, SetDllDirectoryW, FreeLibrary, GetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, HeapReAlloc, GetFileAttributesExW, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, SetEndOfFile
                                                                                                                    ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

                                                                                                                    Network Behavior

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Oct 1, 2023 13:51:56.993339062 CEST49802443192.168.2.3185.26.122.81
                                                                                                                    Oct 1, 2023 13:51:56.993387938 CEST44349802185.26.122.81192.168.2.3
                                                                                                                    Oct 1, 2023 13:51:56.993474007 CEST49802443192.168.2.3185.26.122.81
                                                                                                                    Oct 1, 2023 13:51:57.015842915 CEST49802443192.168.2.3185.26.122.81
                                                                                                                    Oct 1, 2023 13:51:57.015908957 CEST44349802185.26.122.81192.168.2.3
                                                                                                                    Oct 1, 2023 13:51:57.612090111 CEST44349802185.26.122.81192.168.2.3
                                                                                                                    Oct 1, 2023 13:51:57.612848997 CEST49802443192.168.2.3185.26.122.81
                                                                                                                    Oct 1, 2023 13:51:57.612905979 CEST44349802185.26.122.81192.168.2.3
                                                                                                                    Oct 1, 2023 13:51:57.615087986 CEST44349802185.26.122.81192.168.2.3
                                                                                                                    Oct 1, 2023 13:51:57.615169048 CEST49802443192.168.2.3185.26.122.81
                                                                                                                    Oct 1, 2023 13:51:57.615995884 CEST49802443192.168.2.3185.26.122.81
                                                                                                                    Oct 1, 2023 13:51:57.616162062 CEST49802443192.168.2.3185.26.122.81

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Oct 1, 2023 13:51:56.703579903 CEST5035753192.168.2.38.8.8.8
                                                                                                                    Oct 1, 2023 13:51:56.989780903 CEST53503578.8.8.8192.168.2.3

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                    Oct 1, 2023 13:51:56.703579903 CEST192.168.2.38.8.8.80x3898Standard query (0)garchieve.cloudA (IP address)IN (0x0001)false

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                    Oct 1, 2023 13:51:56.989780903 CEST8.8.8.8192.168.2.30x3898No error (0)garchieve.cloud185.26.122.81A (IP address)IN (0x0001)false

                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:13:51:53
                                                                                                                    Start date:01/10/2023
                                                                                                                    Path:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    Imagebase:0x7ff69c780000
                                                                                                                    File size:7'697'557 bytes
                                                                                                                    MD5 hash:A2CEAC5A8509A11F58B58A09CF9302F8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:1
                                                                                                                    Start time:13:51:53
                                                                                                                    Start date:01/10/2023
                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                    Imagebase:0x7ff7e86d0000
                                                                                                                    File size:625'664 bytes
                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:2
                                                                                                                    Start time:13:51:54
                                                                                                                    Start date:01/10/2023
                                                                                                                    Path:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                    Imagebase:0x7ff69c780000
                                                                                                                    File size:7'697'557 bytes
                                                                                                                    MD5 hash:A2CEAC5A8509A11F58B58A09CF9302F8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:13.6%
                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                      Signature Coverage:17.1%
                                                                                                                      Total number of Nodes:2000
                                                                                                                      Total number of Limit Nodes:83
                                                                                                                      execution_graph 18784 7ff69c79e95c 18785 7ff69c79eb4e 18784->18785 18787 7ff69c79e99e _isindst 18784->18787 18786 7ff69c796088 _set_fmode 11 API calls 18785->18786 18804 7ff69c79eb3e 18786->18804 18787->18785 18790 7ff69c79ea1e _isindst 18787->18790 18788 7ff69c78a100 _wfindfirst32i64 8 API calls 18789 7ff69c79eb69 18788->18789 18805 7ff69c7a5434 18790->18805 18795 7ff69c79eb7a 18796 7ff69c799f30 _wfindfirst32i64 17 API calls 18795->18796 18798 7ff69c79eb8e 18796->18798 18802 7ff69c79ea7b 18802->18804 18829 7ff69c7a5478 18802->18829 18804->18788 18806 7ff69c79ea3c 18805->18806 18807 7ff69c7a5443 18805->18807 18811 7ff69c7a4838 18806->18811 18836 7ff69c79f808 EnterCriticalSection 18807->18836 18812 7ff69c7a4841 18811->18812 18813 7ff69c79ea51 18811->18813 18814 7ff69c796088 _set_fmode 11 API calls 18812->18814 18813->18795 18817 7ff69c7a4868 18813->18817 18815 7ff69c7a4846 18814->18815 18816 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 18815->18816 18816->18813 18818 7ff69c7a4871 18817->18818 18819 7ff69c79ea62 18817->18819 18820 7ff69c796088 _set_fmode 11 API calls 18818->18820 18819->18795 18823 7ff69c7a4898 18819->18823 18821 7ff69c7a4876 18820->18821 18822 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 18821->18822 18822->18819 18824 7ff69c7a48a1 18823->18824 18825 7ff69c79ea73 18823->18825 18826 7ff69c796088 _set_fmode 11 API calls 18824->18826 18825->18795 18825->18802 18827 7ff69c7a48a6 18826->18827 18828 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 18827->18828 18828->18825 18837 7ff69c79f808 EnterCriticalSection 18829->18837 15037 7ff69c7896f0 15038 7ff69c78971e 15037->15038 15039 7ff69c789705 15037->15039 15039->15038 15042 7ff69c79cc2c 15039->15042 15043 7ff69c79cc77 15042->15043 15047 7ff69c79cc3b _set_fmode 15042->15047 15052 7ff69c796088 15043->15052 15045 7ff69c79cc5e RtlAllocateHeap 15046 7ff69c78977c 15045->15046 15045->15047 15047->15043 15047->15045 15049 7ff69c7a2730 15047->15049 15055 7ff69c7a2770 15049->15055 15061 7ff69c79a8f8 GetLastError 15052->15061 15054 7ff69c796091 15054->15046 15060 7ff69c79f808 EnterCriticalSection 15055->15060 15062 7ff69c79a939 FlsSetValue 15061->15062 15064 7ff69c79a91c 15061->15064 15063 7ff69c79a94b 15062->15063 15076 7ff69c79a929 SetLastError 15062->15076 15078 7ff69c79deb8 15063->15078 15064->15062 15064->15076 15068 7ff69c79a978 FlsSetValue 15071 7ff69c79a984 FlsSetValue 15068->15071 15072 7ff69c79a996 15068->15072 15069 7ff69c79a968 FlsSetValue 15070 7ff69c79a971 15069->15070 15085 7ff69c799f78 15070->15085 15071->15070 15091 7ff69c79a524 15072->15091 15076->15054 15083 7ff69c79dec9 _set_fmode 15078->15083 15079 7ff69c79df1a 15082 7ff69c796088 _set_fmode 10 API calls 15079->15082 15080 7ff69c79defe RtlAllocateHeap 15081 7ff69c79a95a 15080->15081 15080->15083 15081->15068 15081->15069 15082->15081 15083->15079 15083->15080 15084 7ff69c7a2730 _set_fmode 2 API calls 15083->15084 15084->15083 15086 7ff69c799f7d RtlReleasePrivilege 15085->15086 15087 7ff69c799fac 15085->15087 15086->15087 15088 7ff69c799f98 GetLastError 15086->15088 15087->15076 15089 7ff69c799fa5 __free_lconv_mon 15088->15089 15090 7ff69c796088 _set_fmode 9 API calls 15089->15090 15090->15087 15096 7ff69c79a3fc 15091->15096 15108 7ff69c79f808 EnterCriticalSection 15096->15108 19473 7ff69c7a0870 19484 7ff69c7a67e4 19473->19484 19485 7ff69c7a67f1 19484->19485 19486 7ff69c799f78 __free_lconv_mon 11 API calls 19485->19486 19487 7ff69c7a680d 19485->19487 19486->19485 19488 7ff69c799f78 __free_lconv_mon 11 API calls 19487->19488 19489 7ff69c7a0879 19487->19489 19488->19487 19490 7ff69c79f808 EnterCriticalSection 19489->19490 19272 7ff69c79a600 19273 7ff69c79a61a 19272->19273 19274 7ff69c79a605 19272->19274 19278 7ff69c79a620 19274->19278 19279 7ff69c79a66a 19278->19279 19280 7ff69c79a662 19278->19280 19282 7ff69c799f78 __free_lconv_mon 11 API calls 19279->19282 19281 7ff69c799f78 __free_lconv_mon 11 API calls 19280->19281 19281->19279 19283 7ff69c79a677 19282->19283 19284 7ff69c799f78 __free_lconv_mon 11 API calls 19283->19284 19285 7ff69c79a684 19284->19285 19286 7ff69c799f78 __free_lconv_mon 11 API calls 19285->19286 19287 7ff69c79a691 19286->19287 19288 7ff69c799f78 __free_lconv_mon 11 API calls 19287->19288 19289 7ff69c79a69e 19288->19289 19290 7ff69c799f78 __free_lconv_mon 11 API calls 19289->19290 19291 7ff69c79a6ab 19290->19291 19292 7ff69c799f78 __free_lconv_mon 11 API calls 19291->19292 19293 7ff69c79a6b8 19292->19293 19294 7ff69c799f78 __free_lconv_mon 11 API calls 19293->19294 19295 7ff69c79a6c5 19294->19295 19296 7ff69c799f78 __free_lconv_mon 11 API calls 19295->19296 19297 7ff69c79a6d5 19296->19297 19298 7ff69c799f78 __free_lconv_mon 11 API calls 19297->19298 19299 7ff69c79a6e5 19298->19299 19304 7ff69c79a4c4 19299->19304 19318 7ff69c79f808 EnterCriticalSection 19304->19318 15263 7ff69c796878 15264 7ff69c7968df 15263->15264 15265 7ff69c7968a6 15263->15265 15264->15265 15266 7ff69c7968e4 FindFirstFileExW 15264->15266 15267 7ff69c796088 _set_fmode 11 API calls 15265->15267 15268 7ff69c796906 GetLastError 15266->15268 15269 7ff69c79694d 15266->15269 15270 7ff69c7968ab 15267->15270 15272 7ff69c796911 15268->15272 15273 7ff69c79693d 15268->15273 15323 7ff69c796ae8 15269->15323 15274 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 15270->15274 15272->15273 15279 7ff69c79691b 15272->15279 15280 7ff69c79692d 15272->15280 15276 7ff69c796088 _set_fmode 11 API calls 15273->15276 15275 7ff69c7968b6 15274->15275 15281 7ff69c78a100 _wfindfirst32i64 8 API calls 15275->15281 15276->15275 15278 7ff69c796ae8 _wfindfirst32i64 10 API calls 15282 7ff69c796973 15278->15282 15279->15273 15283 7ff69c796920 15279->15283 15284 7ff69c796088 _set_fmode 11 API calls 15280->15284 15285 7ff69c7968ca 15281->15285 15286 7ff69c796ae8 _wfindfirst32i64 10 API calls 15282->15286 15287 7ff69c796088 _set_fmode 11 API calls 15283->15287 15284->15275 15288 7ff69c796981 15286->15288 15287->15275 15330 7ff69c79f9a4 15288->15330 15291 7ff69c7969ab 15292 7ff69c799f30 _wfindfirst32i64 17 API calls 15291->15292 15293 7ff69c7969bf 15292->15293 15294 7ff69c7969e9 15293->15294 15297 7ff69c796a28 FindNextFileW 15293->15297 15295 7ff69c796088 _set_fmode 11 API calls 15294->15295 15296 7ff69c7969ee 15295->15296 15298 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 15296->15298 15299 7ff69c796a37 GetLastError 15297->15299 15300 7ff69c796a78 15297->15300 15315 7ff69c7969f9 15298->15315 15302 7ff69c796a42 15299->15302 15303 7ff69c796a6b 15299->15303 15301 7ff69c796ae8 _wfindfirst32i64 10 API calls 15300->15301 15305 7ff69c796a90 15301->15305 15302->15303 15308 7ff69c796a5e 15302->15308 15309 7ff69c796a4c 15302->15309 15304 7ff69c796088 _set_fmode 11 API calls 15303->15304 15304->15315 15307 7ff69c796ae8 _wfindfirst32i64 10 API calls 15305->15307 15306 7ff69c78a100 _wfindfirst32i64 8 API calls 15311 7ff69c796a0c 15306->15311 15312 7ff69c796a9e 15307->15312 15310 7ff69c796088 _set_fmode 11 API calls 15308->15310 15309->15303 15313 7ff69c796a51 15309->15313 15310->15315 15316 7ff69c796ae8 _wfindfirst32i64 10 API calls 15312->15316 15314 7ff69c796088 _set_fmode 11 API calls 15313->15314 15314->15315 15315->15306 15317 7ff69c796aac 15316->15317 15318 7ff69c79f9a4 _wfindfirst32i64 37 API calls 15317->15318 15319 7ff69c796aca 15318->15319 15319->15315 15320 7ff69c796ad2 15319->15320 15321 7ff69c799f30 _wfindfirst32i64 17 API calls 15320->15321 15322 7ff69c796ae6 15321->15322 15324 7ff69c796b00 15323->15324 15325 7ff69c796b06 FileTimeToSystemTime 15323->15325 15324->15325 15327 7ff69c796b2b 15324->15327 15326 7ff69c796b15 SystemTimeToTzSpecificLocalTime 15325->15326 15325->15327 15326->15327 15328 7ff69c78a100 _wfindfirst32i64 8 API calls 15327->15328 15329 7ff69c796965 15328->15329 15329->15278 15331 7ff69c79f9bb 15330->15331 15332 7ff69c79f9b1 15330->15332 15333 7ff69c796088 _set_fmode 11 API calls 15331->15333 15332->15331 15337 7ff69c79f9d7 15332->15337 15334 7ff69c79f9c3 15333->15334 15335 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 15334->15335 15336 7ff69c79699f 15335->15336 15336->15275 15336->15291 15337->15336 15338 7ff69c796088 _set_fmode 11 API calls 15337->15338 15338->15334 19499 7ff69c7a9577 19500 7ff69c7a9587 19499->19500 19503 7ff69c794398 LeaveCriticalSection 19500->19503 19348 7ff69c7a96fd 19351 7ff69c794398 LeaveCriticalSection 19348->19351 19551 7ff69c7a9792 19552 7ff69c7a97a1 19551->19552 19553 7ff69c7a97ab 19551->19553 19555 7ff69c79f868 LeaveCriticalSection 19552->19555 15339 7ff69c79fa88 15340 7ff69c79faac 15339->15340 15343 7ff69c79fabc 15339->15343 15341 7ff69c796088 _set_fmode 11 API calls 15340->15341 15342 7ff69c79fab1 15341->15342 15344 7ff69c79fd9c 15343->15344 15345 7ff69c79fade 15343->15345 15346 7ff69c796088 _set_fmode 11 API calls 15344->15346 15347 7ff69c79faff 15345->15347 15494 7ff69c7a0144 15345->15494 15348 7ff69c79fda1 15346->15348 15351 7ff69c79fb71 15347->15351 15353 7ff69c79fb25 15347->15353 15357 7ff69c79fb65 15347->15357 15349 7ff69c799f78 __free_lconv_mon 11 API calls 15348->15349 15349->15342 15355 7ff69c79deb8 _set_fmode 11 API calls 15351->15355 15368 7ff69c79fb34 15351->15368 15352 7ff69c79fc1e 15364 7ff69c79fc3b 15352->15364 15369 7ff69c79fc8d 15352->15369 15509 7ff69c79867c 15353->15509 15358 7ff69c79fb87 15355->15358 15357->15352 15357->15368 15515 7ff69c7a652c 15357->15515 15361 7ff69c799f78 __free_lconv_mon 11 API calls 15358->15361 15360 7ff69c799f78 __free_lconv_mon 11 API calls 15360->15342 15365 7ff69c79fb95 15361->15365 15362 7ff69c79fb2f 15366 7ff69c796088 _set_fmode 11 API calls 15362->15366 15363 7ff69c79fb4d 15363->15357 15371 7ff69c7a0144 45 API calls 15363->15371 15367 7ff69c799f78 __free_lconv_mon 11 API calls 15364->15367 15365->15357 15365->15368 15373 7ff69c79deb8 _set_fmode 11 API calls 15365->15373 15366->15368 15370 7ff69c79fc44 15367->15370 15368->15360 15369->15368 15372 7ff69c7a257c 40 API calls 15369->15372 15380 7ff69c79fc49 15370->15380 15551 7ff69c7a257c 15370->15551 15371->15357 15374 7ff69c79fcca 15372->15374 15376 7ff69c79fbb7 15373->15376 15377 7ff69c799f78 __free_lconv_mon 11 API calls 15374->15377 15381 7ff69c799f78 __free_lconv_mon 11 API calls 15376->15381 15382 7ff69c79fcd4 15377->15382 15378 7ff69c79fc75 15383 7ff69c799f78 __free_lconv_mon 11 API calls 15378->15383 15379 7ff69c79fd90 15384 7ff69c799f78 __free_lconv_mon 11 API calls 15379->15384 15380->15379 15385 7ff69c79deb8 _set_fmode 11 API calls 15380->15385 15381->15357 15382->15368 15382->15380 15383->15380 15384->15342 15386 7ff69c79fd18 15385->15386 15387 7ff69c79fd20 15386->15387 15388 7ff69c79fd29 15386->15388 15389 7ff69c799f78 __free_lconv_mon 11 API calls 15387->15389 15470 7ff69c79930c 15388->15470 15391 7ff69c79fd27 15389->15391 15396 7ff69c799f78 __free_lconv_mon 11 API calls 15391->15396 15393 7ff69c79fd40 15560 7ff69c7a6644 15393->15560 15394 7ff69c79fdcb 15395 7ff69c799f30 _wfindfirst32i64 17 API calls 15394->15395 15398 7ff69c79fddf 15395->15398 15396->15342 15402 7ff69c79fe08 15398->15402 15408 7ff69c79fe18 15398->15408 15400 7ff69c79fd67 15403 7ff69c796088 _set_fmode 11 API calls 15400->15403 15401 7ff69c79fd88 15405 7ff69c799f78 __free_lconv_mon 11 API calls 15401->15405 15404 7ff69c796088 _set_fmode 11 API calls 15402->15404 15406 7ff69c79fd6c 15403->15406 15432 7ff69c79fe0d 15404->15432 15405->15379 15407 7ff69c799f78 __free_lconv_mon 11 API calls 15406->15407 15407->15391 15409 7ff69c7a00fb 15408->15409 15410 7ff69c79fe3a 15408->15410 15411 7ff69c796088 _set_fmode 11 API calls 15409->15411 15412 7ff69c79fe57 15410->15412 15479 7ff69c7a022c 15410->15479 15413 7ff69c7a0100 15411->15413 15416 7ff69c79fecb 15412->15416 15418 7ff69c79fe7f 15412->15418 15422 7ff69c79febf 15412->15422 15414 7ff69c799f78 __free_lconv_mon 11 API calls 15413->15414 15414->15432 15420 7ff69c79fef3 15416->15420 15423 7ff69c79deb8 _set_fmode 11 API calls 15416->15423 15438 7ff69c79fe8e 15416->15438 15417 7ff69c79ff7e 15431 7ff69c79ff9b 15417->15431 15439 7ff69c79ffee 15417->15439 15579 7ff69c7986b8 15418->15579 15420->15422 15425 7ff69c79deb8 _set_fmode 11 API calls 15420->15425 15420->15438 15422->15417 15422->15438 15585 7ff69c7a63ec 15422->15585 15427 7ff69c79fee5 15423->15427 15430 7ff69c79ff15 15425->15430 15426 7ff69c799f78 __free_lconv_mon 11 API calls 15426->15432 15433 7ff69c799f78 __free_lconv_mon 11 API calls 15427->15433 15428 7ff69c79fea7 15428->15422 15437 7ff69c7a022c 45 API calls 15428->15437 15429 7ff69c79fe89 15434 7ff69c796088 _set_fmode 11 API calls 15429->15434 15435 7ff69c799f78 __free_lconv_mon 11 API calls 15430->15435 15436 7ff69c799f78 __free_lconv_mon 11 API calls 15431->15436 15433->15420 15434->15438 15435->15422 15440 7ff69c79ffa4 15436->15440 15437->15422 15438->15426 15439->15438 15441 7ff69c7a257c 40 API calls 15439->15441 15443 7ff69c7a257c 40 API calls 15440->15443 15447 7ff69c79ffaa 15440->15447 15442 7ff69c7a002c 15441->15442 15444 7ff69c799f78 __free_lconv_mon 11 API calls 15442->15444 15448 7ff69c79ffd6 15443->15448 15445 7ff69c7a0036 15444->15445 15445->15438 15445->15447 15446 7ff69c7a00ef 15450 7ff69c799f78 __free_lconv_mon 11 API calls 15446->15450 15447->15446 15451 7ff69c79deb8 _set_fmode 11 API calls 15447->15451 15449 7ff69c799f78 __free_lconv_mon 11 API calls 15448->15449 15449->15447 15450->15432 15452 7ff69c7a007b 15451->15452 15453 7ff69c7a0083 15452->15453 15454 7ff69c7a008c 15452->15454 15455 7ff69c799f78 __free_lconv_mon 11 API calls 15453->15455 15456 7ff69c79f9a4 _wfindfirst32i64 37 API calls 15454->15456 15457 7ff69c7a008a 15455->15457 15458 7ff69c7a009a 15456->15458 15464 7ff69c799f78 __free_lconv_mon 11 API calls 15457->15464 15459 7ff69c7a012f 15458->15459 15460 7ff69c7a00a2 SetEnvironmentVariableW 15458->15460 15463 7ff69c799f30 _wfindfirst32i64 17 API calls 15459->15463 15461 7ff69c7a00e7 15460->15461 15462 7ff69c7a00c6 15460->15462 15467 7ff69c799f78 __free_lconv_mon 11 API calls 15461->15467 15465 7ff69c796088 _set_fmode 11 API calls 15462->15465 15466 7ff69c7a0143 15463->15466 15464->15432 15468 7ff69c7a00cb 15465->15468 15467->15446 15469 7ff69c799f78 __free_lconv_mon 11 API calls 15468->15469 15469->15457 15471 7ff69c799323 15470->15471 15472 7ff69c799319 15470->15472 15473 7ff69c796088 _set_fmode 11 API calls 15471->15473 15472->15471 15475 7ff69c79933e 15472->15475 15478 7ff69c79932a 15473->15478 15474 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 15476 7ff69c799336 15474->15476 15475->15476 15477 7ff69c796088 _set_fmode 11 API calls 15475->15477 15476->15393 15476->15394 15477->15478 15478->15474 15480 7ff69c7a024f 15479->15480 15481 7ff69c7a026c 15479->15481 15480->15412 15482 7ff69c79deb8 _set_fmode 11 API calls 15481->15482 15488 7ff69c7a0290 15482->15488 15483 7ff69c7a02f1 15485 7ff69c799f78 __free_lconv_mon 11 API calls 15483->15485 15484 7ff69c79936c __GetCurrentState 45 API calls 15486 7ff69c7a031a 15484->15486 15485->15480 15487 7ff69c79deb8 _set_fmode 11 API calls 15487->15488 15488->15483 15488->15487 15489 7ff69c799f78 __free_lconv_mon 11 API calls 15488->15489 15490 7ff69c79f9a4 _wfindfirst32i64 37 API calls 15488->15490 15491 7ff69c7a0300 15488->15491 15493 7ff69c7a0314 15488->15493 15489->15488 15490->15488 15492 7ff69c799f30 _wfindfirst32i64 17 API calls 15491->15492 15492->15493 15493->15484 15495 7ff69c7a0161 15494->15495 15496 7ff69c7a0179 15494->15496 15495->15347 15497 7ff69c79deb8 _set_fmode 11 API calls 15496->15497 15504 7ff69c7a019d 15497->15504 15498 7ff69c7a0222 15500 7ff69c79936c __GetCurrentState 45 API calls 15498->15500 15499 7ff69c7a01fe 15502 7ff69c799f78 __free_lconv_mon 11 API calls 15499->15502 15501 7ff69c7a0228 15500->15501 15502->15495 15503 7ff69c79deb8 _set_fmode 11 API calls 15503->15504 15504->15498 15504->15499 15504->15503 15505 7ff69c799f78 __free_lconv_mon 11 API calls 15504->15505 15506 7ff69c79930c __std_exception_copy 37 API calls 15504->15506 15507 7ff69c7a020d 15504->15507 15505->15504 15506->15504 15508 7ff69c799f30 _wfindfirst32i64 17 API calls 15507->15508 15508->15498 15510 7ff69c79868c 15509->15510 15513 7ff69c798695 15509->15513 15510->15513 15609 7ff69c798154 15510->15609 15513->15362 15513->15363 15516 7ff69c7a6539 15515->15516 15517 7ff69c7a56dc 15515->15517 15519 7ff69c794a84 45 API calls 15516->15519 15518 7ff69c7a56e9 15517->15518 15523 7ff69c7a571f 15517->15523 15521 7ff69c796088 _set_fmode 11 API calls 15518->15521 15535 7ff69c7a5690 15518->15535 15520 7ff69c7a656d 15519->15520 15524 7ff69c7a6572 15520->15524 15528 7ff69c7a6583 15520->15528 15531 7ff69c7a659a 15520->15531 15525 7ff69c7a56f3 15521->15525 15522 7ff69c7a5749 15526 7ff69c796088 _set_fmode 11 API calls 15522->15526 15523->15522 15527 7ff69c7a576e 15523->15527 15524->15357 15529 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 15525->15529 15530 7ff69c7a574e 15526->15530 15536 7ff69c794a84 45 API calls 15527->15536 15542 7ff69c7a5759 15527->15542 15532 7ff69c796088 _set_fmode 11 API calls 15528->15532 15533 7ff69c7a56fe 15529->15533 15534 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 15530->15534 15538 7ff69c7a65a4 15531->15538 15539 7ff69c7a65b6 15531->15539 15537 7ff69c7a6588 15532->15537 15533->15357 15534->15542 15535->15357 15536->15542 15543 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 15537->15543 15544 7ff69c796088 _set_fmode 11 API calls 15538->15544 15540 7ff69c7a65de 15539->15540 15541 7ff69c7a65c7 15539->15541 15904 7ff69c7a8408 15540->15904 15895 7ff69c7a572c 15541->15895 15542->15357 15543->15524 15547 7ff69c7a65a9 15544->15547 15549 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 15547->15549 15549->15524 15550 7ff69c796088 _set_fmode 11 API calls 15550->15524 15552 7ff69c7a259e 15551->15552 15553 7ff69c7a25bb 15551->15553 15552->15553 15555 7ff69c7a25ac 15552->15555 15554 7ff69c7a25c5 15553->15554 15944 7ff69c7a7038 15553->15944 15951 7ff69c79fa0c 15554->15951 15557 7ff69c796088 _set_fmode 11 API calls 15555->15557 15559 7ff69c7a25b1 memcpy_s 15557->15559 15559->15378 15561 7ff69c794a84 45 API calls 15560->15561 15562 7ff69c7a66aa 15561->15562 15563 7ff69c7a66b8 15562->15563 15963 7ff69c79e144 15562->15963 15966 7ff69c79456c 15563->15966 15567 7ff69c7a67a4 15570 7ff69c7a67b5 15567->15570 15571 7ff69c799f78 __free_lconv_mon 11 API calls 15567->15571 15568 7ff69c794a84 45 API calls 15569 7ff69c7a6727 15568->15569 15573 7ff69c79e144 5 API calls 15569->15573 15575 7ff69c7a6730 15569->15575 15572 7ff69c79fd63 15570->15572 15574 7ff69c799f78 __free_lconv_mon 11 API calls 15570->15574 15571->15570 15572->15400 15572->15401 15573->15575 15574->15572 15576 7ff69c79456c 14 API calls 15575->15576 15577 7ff69c7a678b 15576->15577 15577->15567 15578 7ff69c7a6793 SetEnvironmentVariableW 15577->15578 15578->15567 15580 7ff69c7986c8 15579->15580 15584 7ff69c7986d1 15579->15584 15580->15584 15993 7ff69c7981c8 15580->15993 15584->15428 15584->15429 15586 7ff69c7a63f9 15585->15586 15590 7ff69c7a6426 15585->15590 15587 7ff69c7a63fe 15586->15587 15586->15590 15588 7ff69c796088 _set_fmode 11 API calls 15587->15588 15589 7ff69c7a6403 15588->15589 15592 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 15589->15592 15591 7ff69c7a646a 15590->15591 15593 7ff69c7a6489 15590->15593 15607 7ff69c7a645e __crtLCMapStringW 15590->15607 15594 7ff69c796088 _set_fmode 11 API calls 15591->15594 15595 7ff69c7a640e 15592->15595 15596 7ff69c7a6493 15593->15596 15597 7ff69c7a64a5 15593->15597 15598 7ff69c7a646f 15594->15598 15595->15422 15599 7ff69c796088 _set_fmode 11 API calls 15596->15599 15600 7ff69c794a84 45 API calls 15597->15600 15601 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 15598->15601 15602 7ff69c7a6498 15599->15602 15603 7ff69c7a64b2 15600->15603 15601->15607 15604 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 15602->15604 15603->15607 16040 7ff69c7a7fc4 15603->16040 15604->15607 15607->15422 15608 7ff69c796088 _set_fmode 11 API calls 15608->15607 15610 7ff69c79816d 15609->15610 15623 7ff69c798169 15609->15623 15632 7ff69c7a17b0 15610->15632 15615 7ff69c79817f 15617 7ff69c799f78 __free_lconv_mon 11 API calls 15615->15617 15616 7ff69c79818b 15658 7ff69c798238 15616->15658 15617->15623 15620 7ff69c799f78 __free_lconv_mon 11 API calls 15621 7ff69c7981b2 15620->15621 15622 7ff69c799f78 __free_lconv_mon 11 API calls 15621->15622 15622->15623 15623->15513 15624 7ff69c7984a8 15623->15624 15625 7ff69c7984ea 15624->15625 15626 7ff69c7984d1 15624->15626 15625->15626 15627 7ff69c79deb8 _set_fmode 11 API calls 15625->15627 15628 7ff69c79857a 15625->15628 15629 7ff69c79f138 WideCharToMultiByte 15625->15629 15631 7ff69c799f78 __free_lconv_mon 11 API calls 15625->15631 15626->15513 15627->15625 15630 7ff69c799f78 __free_lconv_mon 11 API calls 15628->15630 15629->15625 15630->15626 15631->15625 15633 7ff69c798172 15632->15633 15634 7ff69c7a17bd 15632->15634 15638 7ff69c7a1aec GetEnvironmentStringsW 15633->15638 15677 7ff69c79a854 15634->15677 15639 7ff69c798177 15638->15639 15641 7ff69c7a1b1c 15638->15641 15639->15615 15639->15616 15640 7ff69c79f138 WideCharToMultiByte 15642 7ff69c7a1b6d 15640->15642 15641->15640 15643 7ff69c7a1b74 FreeEnvironmentStringsW 15642->15643 15644 7ff69c79cc2c _fread_nolock 12 API calls 15642->15644 15643->15639 15645 7ff69c7a1b87 15644->15645 15646 7ff69c7a1b8f 15645->15646 15647 7ff69c7a1b98 15645->15647 15648 7ff69c799f78 __free_lconv_mon 11 API calls 15646->15648 15649 7ff69c79f138 WideCharToMultiByte 15647->15649 15650 7ff69c7a1b96 15648->15650 15651 7ff69c7a1bbb 15649->15651 15650->15643 15652 7ff69c7a1bbf 15651->15652 15653 7ff69c7a1bc9 15651->15653 15654 7ff69c799f78 __free_lconv_mon 11 API calls 15652->15654 15655 7ff69c799f78 __free_lconv_mon 11 API calls 15653->15655 15656 7ff69c7a1bc7 FreeEnvironmentStringsW 15654->15656 15655->15656 15656->15639 15659 7ff69c79825d 15658->15659 15660 7ff69c79deb8 _set_fmode 11 API calls 15659->15660 15672 7ff69c798293 15660->15672 15661 7ff69c79829b 15662 7ff69c799f78 __free_lconv_mon 11 API calls 15661->15662 15663 7ff69c798193 15662->15663 15663->15620 15664 7ff69c79830e 15665 7ff69c799f78 __free_lconv_mon 11 API calls 15664->15665 15665->15663 15666 7ff69c79deb8 _set_fmode 11 API calls 15666->15672 15667 7ff69c7982fd 15889 7ff69c798464 15667->15889 15668 7ff69c79930c __std_exception_copy 37 API calls 15668->15672 15671 7ff69c798333 15674 7ff69c799f30 _wfindfirst32i64 17 API calls 15671->15674 15672->15661 15672->15664 15672->15666 15672->15667 15672->15668 15672->15671 15675 7ff69c799f78 __free_lconv_mon 11 API calls 15672->15675 15673 7ff69c799f78 __free_lconv_mon 11 API calls 15673->15661 15676 7ff69c798346 15674->15676 15675->15672 15678 7ff69c79a880 FlsSetValue 15677->15678 15679 7ff69c79a865 FlsGetValue 15677->15679 15680 7ff69c79a872 15678->15680 15682 7ff69c79a88d 15678->15682 15679->15680 15681 7ff69c79a87a 15679->15681 15683 7ff69c79936c __GetCurrentState 45 API calls 15680->15683 15685 7ff69c79a878 15680->15685 15681->15678 15684 7ff69c79deb8 _set_fmode 11 API calls 15682->15684 15686 7ff69c79a8f5 15683->15686 15687 7ff69c79a89c 15684->15687 15697 7ff69c7a1484 15685->15697 15688 7ff69c79a8ba FlsSetValue 15687->15688 15689 7ff69c79a8aa FlsSetValue 15687->15689 15691 7ff69c79a8c6 FlsSetValue 15688->15691 15692 7ff69c79a8d8 15688->15692 15690 7ff69c79a8b3 15689->15690 15693 7ff69c799f78 __free_lconv_mon 11 API calls 15690->15693 15691->15690 15694 7ff69c79a524 _set_fmode 11 API calls 15692->15694 15693->15680 15695 7ff69c79a8e0 15694->15695 15696 7ff69c799f78 __free_lconv_mon 11 API calls 15695->15696 15696->15685 15720 7ff69c7a16f4 15697->15720 15699 7ff69c7a14b9 15735 7ff69c7a1184 15699->15735 15702 7ff69c79cc2c _fread_nolock 12 API calls 15703 7ff69c7a14e7 15702->15703 15704 7ff69c7a14ef 15703->15704 15705 7ff69c7a14fe 15703->15705 15706 7ff69c799f78 __free_lconv_mon 11 API calls 15704->15706 15742 7ff69c7a182c 15705->15742 15707 7ff69c7a14d6 15706->15707 15707->15633 15710 7ff69c7a15fa 15711 7ff69c796088 _set_fmode 11 API calls 15710->15711 15712 7ff69c7a15ff 15711->15712 15715 7ff69c799f78 __free_lconv_mon 11 API calls 15712->15715 15713 7ff69c7a1655 15714 7ff69c7a16bc 15713->15714 15753 7ff69c7a0fb4 15713->15753 15719 7ff69c799f78 __free_lconv_mon 11 API calls 15714->15719 15715->15707 15716 7ff69c7a1614 15716->15713 15717 7ff69c799f78 __free_lconv_mon 11 API calls 15716->15717 15717->15713 15719->15707 15721 7ff69c7a1717 15720->15721 15722 7ff69c7a1721 15721->15722 15768 7ff69c79f808 EnterCriticalSection 15721->15768 15724 7ff69c7a1793 15722->15724 15727 7ff69c79936c __GetCurrentState 45 API calls 15722->15727 15724->15699 15728 7ff69c7a17ab 15727->15728 15730 7ff69c7a1802 15728->15730 15732 7ff69c79a854 50 API calls 15728->15732 15730->15699 15733 7ff69c7a17ec 15732->15733 15734 7ff69c7a1484 65 API calls 15733->15734 15734->15730 15769 7ff69c794a84 15735->15769 15738 7ff69c7a11a4 GetOEMCP 15740 7ff69c7a11cb 15738->15740 15739 7ff69c7a11b6 15739->15740 15741 7ff69c7a11bb GetACP 15739->15741 15740->15702 15740->15707 15741->15740 15743 7ff69c7a1184 47 API calls 15742->15743 15744 7ff69c7a1859 15743->15744 15745 7ff69c7a19af 15744->15745 15746 7ff69c7a1896 IsValidCodePage 15744->15746 15752 7ff69c7a18b0 memcpy_s 15744->15752 15747 7ff69c78a100 _wfindfirst32i64 8 API calls 15745->15747 15746->15745 15748 7ff69c7a18a7 15746->15748 15749 7ff69c7a15f1 15747->15749 15750 7ff69c7a18d6 GetCPInfo 15748->15750 15748->15752 15749->15710 15749->15716 15750->15745 15750->15752 15801 7ff69c7a129c 15752->15801 15888 7ff69c79f808 EnterCriticalSection 15753->15888 15770 7ff69c794aa3 15769->15770 15771 7ff69c794aa8 15769->15771 15770->15738 15770->15739 15771->15770 15772 7ff69c79a780 __GetCurrentState 45 API calls 15771->15772 15773 7ff69c794ac3 15772->15773 15777 7ff69c79cc8c 15773->15777 15778 7ff69c79cca1 15777->15778 15780 7ff69c794ae6 15777->15780 15778->15780 15785 7ff69c7a24a4 15778->15785 15781 7ff69c79ccf8 15780->15781 15782 7ff69c79cd0d 15781->15782 15784 7ff69c79cd20 15781->15784 15782->15784 15798 7ff69c7a1810 15782->15798 15784->15770 15786 7ff69c79a780 __GetCurrentState 45 API calls 15785->15786 15787 7ff69c7a24b3 15786->15787 15788 7ff69c7a24fe 15787->15788 15797 7ff69c79f808 EnterCriticalSection 15787->15797 15788->15780 15799 7ff69c79a780 __GetCurrentState 45 API calls 15798->15799 15800 7ff69c7a1819 15799->15800 15802 7ff69c7a12d9 GetCPInfo 15801->15802 15803 7ff69c7a13cf 15801->15803 15802->15803 15808 7ff69c7a12ec 15802->15808 15804 7ff69c78a100 _wfindfirst32i64 8 API calls 15803->15804 15805 7ff69c7a146e 15804->15805 15805->15745 15812 7ff69c7a1fe0 15808->15812 15813 7ff69c794a84 45 API calls 15812->15813 15814 7ff69c7a2022 15813->15814 15832 7ff69c79e870 15814->15832 15834 7ff69c79e879 MultiByteToWideChar 15832->15834 15890 7ff69c798305 15889->15890 15891 7ff69c798469 15889->15891 15890->15673 15892 7ff69c798492 15891->15892 15893 7ff69c799f78 __free_lconv_mon 11 API calls 15891->15893 15894 7ff69c799f78 __free_lconv_mon 11 API calls 15892->15894 15893->15891 15894->15890 15896 7ff69c7a5760 15895->15896 15897 7ff69c7a5749 15895->15897 15896->15897 15899 7ff69c7a576e 15896->15899 15898 7ff69c796088 _set_fmode 11 API calls 15897->15898 15900 7ff69c7a574e 15898->15900 15902 7ff69c794a84 45 API calls 15899->15902 15903 7ff69c7a5759 15899->15903 15901 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 15900->15901 15901->15903 15902->15903 15903->15524 15905 7ff69c794a84 45 API calls 15904->15905 15906 7ff69c7a842d 15905->15906 15909 7ff69c7a8084 15906->15909 15911 7ff69c7a80d2 15909->15911 15910 7ff69c78a100 _wfindfirst32i64 8 API calls 15912 7ff69c7a6605 15910->15912 15913 7ff69c7a8159 15911->15913 15915 7ff69c7a8144 GetCPInfo 15911->15915 15918 7ff69c7a815d 15911->15918 15912->15524 15912->15550 15914 7ff69c79e870 _fread_nolock MultiByteToWideChar 15913->15914 15913->15918 15916 7ff69c7a81f1 15914->15916 15915->15913 15915->15918 15917 7ff69c79cc2c _fread_nolock 12 API calls 15916->15917 15916->15918 15919 7ff69c7a8228 15916->15919 15917->15919 15918->15910 15919->15918 15920 7ff69c79e870 _fread_nolock MultiByteToWideChar 15919->15920 15921 7ff69c7a8296 15920->15921 15922 7ff69c7a8378 15921->15922 15923 7ff69c79e870 _fread_nolock MultiByteToWideChar 15921->15923 15922->15918 15924 7ff69c799f78 __free_lconv_mon 11 API calls 15922->15924 15925 7ff69c7a82bc 15923->15925 15924->15918 15925->15922 15926 7ff69c79cc2c _fread_nolock 12 API calls 15925->15926 15927 7ff69c7a82e9 15925->15927 15926->15927 15927->15922 15928 7ff69c79e870 _fread_nolock MultiByteToWideChar 15927->15928 15929 7ff69c7a8360 15928->15929 15930 7ff69c7a8380 15929->15930 15931 7ff69c7a8366 15929->15931 15938 7ff69c79e188 15930->15938 15931->15922 15933 7ff69c799f78 __free_lconv_mon 11 API calls 15931->15933 15933->15922 15935 7ff69c7a83bf 15935->15918 15937 7ff69c799f78 __free_lconv_mon 11 API calls 15935->15937 15936 7ff69c799f78 __free_lconv_mon 11 API calls 15936->15935 15937->15918 15939 7ff69c79df30 __crtLCMapStringW 5 API calls 15938->15939 15940 7ff69c79e1c6 15939->15940 15941 7ff69c79e1ce 15940->15941 15942 7ff69c79e3f0 __crtLCMapStringW 5 API calls 15940->15942 15941->15935 15941->15936 15943 7ff69c79e237 CompareStringW 15942->15943 15943->15941 15945 7ff69c7a7041 15944->15945 15946 7ff69c7a705a HeapSize 15944->15946 15947 7ff69c796088 _set_fmode 11 API calls 15945->15947 15948 7ff69c7a7046 15947->15948 15949 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 15948->15949 15950 7ff69c7a7051 15949->15950 15950->15554 15952 7ff69c79fa21 15951->15952 15953 7ff69c79fa2b 15951->15953 15954 7ff69c79cc2c _fread_nolock 12 API calls 15952->15954 15955 7ff69c79fa30 15953->15955 15961 7ff69c79fa37 _set_fmode 15953->15961 15959 7ff69c79fa29 15954->15959 15956 7ff69c799f78 __free_lconv_mon 11 API calls 15955->15956 15956->15959 15957 7ff69c79fa6a HeapReAlloc 15957->15959 15957->15961 15958 7ff69c79fa3d 15960 7ff69c796088 _set_fmode 11 API calls 15958->15960 15959->15559 15960->15959 15961->15957 15961->15958 15962 7ff69c7a2730 _set_fmode 2 API calls 15961->15962 15962->15961 15964 7ff69c79df30 __crtLCMapStringW 5 API calls 15963->15964 15965 7ff69c79e164 15964->15965 15965->15563 15967 7ff69c794596 15966->15967 15968 7ff69c7945ba 15966->15968 15971 7ff69c7945a5 15967->15971 15973 7ff69c799f78 __free_lconv_mon 11 API calls 15967->15973 15969 7ff69c7945bf 15968->15969 15970 7ff69c794614 15968->15970 15969->15971 15974 7ff69c7945d4 15969->15974 15975 7ff69c799f78 __free_lconv_mon 11 API calls 15969->15975 15972 7ff69c79e870 _fread_nolock MultiByteToWideChar 15970->15972 15971->15567 15971->15568 15980 7ff69c794630 15972->15980 15973->15971 15976 7ff69c79cc2c _fread_nolock 12 API calls 15974->15976 15975->15974 15976->15971 15977 7ff69c794637 GetLastError 15988 7ff69c795ffc 15977->15988 15980->15977 15983 7ff69c799f78 __free_lconv_mon 11 API calls 15980->15983 15986 7ff69c794665 15980->15986 15987 7ff69c794672 15980->15987 15981 7ff69c79e870 _fread_nolock MultiByteToWideChar 15985 7ff69c7946b6 15981->15985 15982 7ff69c796088 _set_fmode 11 API calls 15982->15971 15983->15986 15984 7ff69c79cc2c _fread_nolock 12 API calls 15984->15987 15985->15971 15985->15977 15986->15984 15987->15971 15987->15981 15989 7ff69c79a8f8 _set_fmode 11 API calls 15988->15989 15990 7ff69c796009 __free_lconv_mon 15989->15990 15991 7ff69c79a8f8 _set_fmode 11 API calls 15990->15991 15992 7ff69c794644 15991->15992 15992->15982 15994 7ff69c7981e1 15993->15994 15995 7ff69c7981dd 15993->15995 16014 7ff69c7a1bfc GetEnvironmentStringsW 15994->16014 15995->15584 16006 7ff69c798588 15995->16006 15998 7ff69c7981ee 16000 7ff69c799f78 __free_lconv_mon 11 API calls 15998->16000 15999 7ff69c7981fa 16021 7ff69c798348 15999->16021 16000->15995 16003 7ff69c799f78 __free_lconv_mon 11 API calls 16004 7ff69c798221 16003->16004 16005 7ff69c799f78 __free_lconv_mon 11 API calls 16004->16005 16005->15995 16007 7ff69c7985ab 16006->16007 16012 7ff69c7985c2 16006->16012 16007->15584 16008 7ff69c79deb8 _set_fmode 11 API calls 16008->16012 16009 7ff69c798636 16011 7ff69c799f78 __free_lconv_mon 11 API calls 16009->16011 16010 7ff69c79e870 MultiByteToWideChar _fread_nolock 16010->16012 16011->16007 16012->16007 16012->16008 16012->16009 16012->16010 16013 7ff69c799f78 __free_lconv_mon 11 API calls 16012->16013 16013->16012 16015 7ff69c7981e6 16014->16015 16016 7ff69c7a1c20 16014->16016 16015->15998 16015->15999 16017 7ff69c79cc2c _fread_nolock 12 API calls 16016->16017 16018 7ff69c7a1c57 memcpy_s 16017->16018 16019 7ff69c799f78 __free_lconv_mon 11 API calls 16018->16019 16020 7ff69c7a1c77 FreeEnvironmentStringsW 16019->16020 16020->16015 16022 7ff69c798370 16021->16022 16023 7ff69c79deb8 _set_fmode 11 API calls 16022->16023 16024 7ff69c7983ab 16023->16024 16027 7ff69c79842d 16024->16027 16029 7ff69c79deb8 _set_fmode 11 API calls 16024->16029 16030 7ff69c79841c 16024->16030 16031 7ff69c79f9a4 _wfindfirst32i64 37 API calls 16024->16031 16034 7ff69c798450 16024->16034 16036 7ff69c799f78 __free_lconv_mon 11 API calls 16024->16036 16037 7ff69c7983b3 16024->16037 16025 7ff69c799f78 __free_lconv_mon 11 API calls 16026 7ff69c798202 16025->16026 16026->16003 16028 7ff69c799f78 __free_lconv_mon 11 API calls 16027->16028 16028->16026 16029->16024 16032 7ff69c798464 11 API calls 16030->16032 16031->16024 16033 7ff69c798424 16032->16033 16035 7ff69c799f78 __free_lconv_mon 11 API calls 16033->16035 16038 7ff69c799f30 _wfindfirst32i64 17 API calls 16034->16038 16035->16037 16036->16024 16037->16025 16039 7ff69c798462 16038->16039 16041 7ff69c7a7fed __crtLCMapStringW 16040->16041 16042 7ff69c7a64ee 16041->16042 16043 7ff69c79e188 6 API calls 16041->16043 16042->15607 16042->15608 16043->16042 15110 7ff69c7899a0 15111 7ff69c7899c3 15110->15111 15112 7ff69c7899df memcpy_s 15110->15112 15113 7ff69c79cc2c 12 API calls 15111->15113 15113->15112 19352 7ff69c7a0620 19370 7ff69c79f808 EnterCriticalSection 19352->19370 15114 7ff69c798919 15126 7ff69c799238 15114->15126 15131 7ff69c79a780 GetLastError 15126->15131 15132 7ff69c79a7c1 FlsSetValue 15131->15132 15133 7ff69c79a7a4 FlsGetValue 15131->15133 15135 7ff69c79a7d3 15132->15135 15151 7ff69c79a7b1 15132->15151 15134 7ff69c79a7bb 15133->15134 15133->15151 15134->15132 15137 7ff69c79deb8 _set_fmode 11 API calls 15135->15137 15136 7ff69c79a82d SetLastError 15138 7ff69c799241 15136->15138 15139 7ff69c79a84d 15136->15139 15140 7ff69c79a7e2 15137->15140 15153 7ff69c79936c 15138->15153 15141 7ff69c79936c __GetCurrentState 38 API calls 15139->15141 15142 7ff69c79a800 FlsSetValue 15140->15142 15143 7ff69c79a7f0 FlsSetValue 15140->15143 15146 7ff69c79a852 15141->15146 15144 7ff69c79a81e 15142->15144 15145 7ff69c79a80c FlsSetValue 15142->15145 15147 7ff69c79a7f9 15143->15147 15148 7ff69c79a524 _set_fmode 11 API calls 15144->15148 15145->15147 15149 7ff69c799f78 __free_lconv_mon 11 API calls 15147->15149 15150 7ff69c79a826 15148->15150 15149->15151 15152 7ff69c799f78 __free_lconv_mon 11 API calls 15150->15152 15151->15136 15152->15136 15162 7ff69c7a27f0 15153->15162 15196 7ff69c7a27a8 15162->15196 15201 7ff69c79f808 EnterCriticalSection 15196->15201 16044 7ff69c78a51c 16069 7ff69c78a6fc 16044->16069 16047 7ff69c78a673 16186 7ff69c78aa2c IsProcessorFeaturePresent 16047->16186 16048 7ff69c78a53d __scrt_acquire_startup_lock 16050 7ff69c78a67d 16048->16050 16051 7ff69c78a55b 16048->16051 16052 7ff69c78aa2c 7 API calls 16050->16052 16060 7ff69c78a59d __scrt_release_startup_lock 16051->16060 16077 7ff69c7987d4 16051->16077 16056 7ff69c78a688 __GetCurrentState 16052->16056 16055 7ff69c78a580 16058 7ff69c78a606 16087 7ff69c798738 16058->16087 16060->16058 16175 7ff69c798ae4 16060->16175 16062 7ff69c78a60b 16093 7ff69c781000 16062->16093 16066 7ff69c78a62f 16066->16056 16182 7ff69c78a890 16066->16182 16193 7ff69c78accc 16069->16193 16072 7ff69c78a535 16072->16047 16072->16048 16073 7ff69c78a72b 16195 7ff69c7991ec 16073->16195 16079 7ff69c7987e7 16077->16079 16078 7ff69c78a57c 16078->16055 16082 7ff69c798790 16078->16082 16079->16078 16240 7ff69c78a430 16079->16240 16257 7ff69c7941f0 16079->16257 16083 7ff69c7987c6 16082->16083 16084 7ff69c798795 16082->16084 16083->16060 16084->16083 16335 7ff69c78a500 16084->16335 16343 7ff69c794330 16084->16343 16088 7ff69c798748 16087->16088 16091 7ff69c79875d 16087->16091 16089 7ff69c7981c8 40 API calls 16088->16089 16088->16091 16090 7ff69c798766 16089->16090 16090->16091 16092 7ff69c798588 12 API calls 16090->16092 16091->16062 16092->16091 16094 7ff69c781011 16093->16094 16367 7ff69c7867c0 16094->16367 16096 7ff69c781023 16374 7ff69c794f7c 16096->16374 16098 7ff69c7827ab 16381 7ff69c781af0 16098->16381 16102 7ff69c78a100 _wfindfirst32i64 8 API calls 16103 7ff69c7828de 16102->16103 16180 7ff69c78ab80 GetModuleHandleW 16103->16180 16104 7ff69c7827c9 16167 7ff69c7828ca 16104->16167 16397 7ff69c782c50 16104->16397 16106 7ff69c7827fb 16106->16167 16400 7ff69c785af0 16106->16400 16108 7ff69c782817 16109 7ff69c782863 16108->16109 16110 7ff69c785af0 92 API calls 16108->16110 16415 7ff69c7860f0 16109->16415 16116 7ff69c782838 __std_exception_copy 16110->16116 16112 7ff69c782878 16419 7ff69c7819d0 16112->16419 16115 7ff69c78296d 16118 7ff69c782998 16115->16118 16527 7ff69c7824a0 16115->16527 16116->16109 16121 7ff69c7860f0 89 API calls 16116->16121 16117 7ff69c7819d0 121 API calls 16120 7ff69c7828ae 16117->16120 16129 7ff69c7829db 16118->16129 16531 7ff69c786db0 16118->16531 16124 7ff69c7828b2 16120->16124 16125 7ff69c7828f0 16120->16125 16121->16109 16123 7ff69c7829b8 16126 7ff69c7829bd 16123->16126 16127 7ff69c7829ce SetDllDirectoryW 16123->16127 16498 7ff69c781c50 16124->16498 16125->16115 16504 7ff69c782de0 16125->16504 16130 7ff69c781c50 86 API calls 16126->16130 16127->16129 16430 7ff69c784fa0 16129->16430 16130->16167 16135 7ff69c782a36 16143 7ff69c782af6 16135->16143 16149 7ff69c782a49 16135->16149 16136 7ff69c782912 16140 7ff69c781c50 86 API calls 16136->16140 16139 7ff69c782940 16139->16115 16142 7ff69c782945 16139->16142 16140->16167 16141 7ff69c7829f8 16141->16135 16555 7ff69c7847a0 16141->16555 16523 7ff69c78e60c 16142->16523 16434 7ff69c782330 16143->16434 16156 7ff69c782a95 16149->16156 16649 7ff69c781b30 16149->16649 16150 7ff69c782a0d 16575 7ff69c784730 16150->16575 16151 7ff69c782a2c 16154 7ff69c7849f0 FreeLibrary 16151->16154 16154->16135 16156->16167 16653 7ff69c7822d0 16156->16653 16157 7ff69c782a17 16157->16151 16159 7ff69c782a1b 16157->16159 16158 7ff69c782b2b 16160 7ff69c785af0 92 API calls 16158->16160 16643 7ff69c784df0 16159->16643 16165 7ff69c782b37 16160->16165 16163 7ff69c782ad1 16166 7ff69c7849f0 FreeLibrary 16163->16166 16165->16167 16451 7ff69c786130 16165->16451 16166->16167 16167->16102 16176 7ff69c798afb 16175->16176 16177 7ff69c798b1c 16175->16177 16176->16058 16178 7ff69c799238 45 API calls 16177->16178 16179 7ff69c798b21 16178->16179 16181 7ff69c78ab91 16180->16181 16181->16066 16183 7ff69c78a8a1 16182->16183 16184 7ff69c78a646 16183->16184 16185 7ff69c78be28 __scrt_initialize_crt 7 API calls 16183->16185 16184->16055 16185->16184 16187 7ff69c78aa52 _wfindfirst32i64 memcpy_s 16186->16187 16188 7ff69c78aa71 RtlCaptureContext RtlLookupFunctionEntry 16187->16188 16189 7ff69c78aa9a RtlVirtualUnwind 16188->16189 16190 7ff69c78aad6 memcpy_s 16188->16190 16189->16190 16191 7ff69c78ab08 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16190->16191 16192 7ff69c78ab5a _wfindfirst32i64 16191->16192 16192->16050 16194 7ff69c78a71e __scrt_dllmain_crt_thread_attach 16193->16194 16194->16072 16194->16073 16196 7ff69c7a264c 16195->16196 16197 7ff69c78a730 16196->16197 16198 7ff69c7a17b0 65 API calls 16196->16198 16200 7ff69c7a16f4 65 API calls 16196->16200 16207 7ff69c79bb50 16196->16207 16197->16072 16201 7ff69c78be28 16197->16201 16198->16196 16200->16196 16202 7ff69c78be30 16201->16202 16203 7ff69c78be3a 16201->16203 16219 7ff69c78c1a4 16202->16219 16203->16072 16218 7ff69c79f808 EnterCriticalSection 16207->16218 16220 7ff69c78be35 16219->16220 16221 7ff69c78c1b3 16219->16221 16223 7ff69c78c210 16220->16223 16227 7ff69c78c3e0 16221->16227 16224 7ff69c78c23b 16223->16224 16225 7ff69c78c21e DeleteCriticalSection 16224->16225 16226 7ff69c78c23f 16224->16226 16225->16224 16226->16203 16231 7ff69c78c248 16227->16231 16232 7ff69c78c28c __vcrt_InitializeCriticalSectionEx 16231->16232 16238 7ff69c78c362 TlsFree 16231->16238 16233 7ff69c78c2ba LoadLibraryExW 16232->16233 16234 7ff69c78c351 GetProcAddress 16232->16234 16232->16238 16239 7ff69c78c2fd LoadLibraryExW 16232->16239 16235 7ff69c78c331 16233->16235 16236 7ff69c78c2db GetLastError 16233->16236 16234->16238 16235->16234 16237 7ff69c78c348 FreeLibrary 16235->16237 16236->16232 16237->16234 16239->16232 16239->16235 16241 7ff69c78a440 16240->16241 16269 7ff69c79580c 16241->16269 16243 7ff69c78a44c 16275 7ff69c78a748 16243->16275 16245 7ff69c78aa2c 7 API calls 16246 7ff69c78a4e5 16245->16246 16246->16079 16247 7ff69c78a464 _RTC_Initialize 16255 7ff69c78a4b9 16247->16255 16280 7ff69c78a8f8 16247->16280 16249 7ff69c78a479 16283 7ff69c797fd0 16249->16283 16255->16245 16256 7ff69c78a4d5 16255->16256 16256->16079 16258 7ff69c79421a 16257->16258 16259 7ff69c79deb8 _set_fmode 11 API calls 16258->16259 16260 7ff69c794239 16259->16260 16261 7ff69c799f78 __free_lconv_mon 11 API calls 16260->16261 16262 7ff69c794247 16261->16262 16263 7ff69c79deb8 _set_fmode 11 API calls 16262->16263 16266 7ff69c794271 16262->16266 16265 7ff69c794263 16263->16265 16267 7ff69c799f78 __free_lconv_mon 11 API calls 16265->16267 16268 7ff69c79427a 16266->16268 16330 7ff69c79e294 16266->16330 16267->16266 16268->16079 16270 7ff69c79581d 16269->16270 16271 7ff69c795825 16270->16271 16272 7ff69c796088 _set_fmode 11 API calls 16270->16272 16271->16243 16273 7ff69c795834 16272->16273 16274 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 16273->16274 16274->16271 16276 7ff69c78a759 16275->16276 16279 7ff69c78a75e __scrt_release_startup_lock 16275->16279 16277 7ff69c78aa2c 7 API calls 16276->16277 16276->16279 16278 7ff69c78a7d2 16277->16278 16279->16247 16309 7ff69c78a8bc 16280->16309 16282 7ff69c78a901 16282->16249 16284 7ff69c78a485 16283->16284 16285 7ff69c797ff0 16283->16285 16284->16255 16308 7ff69c78a9cc InitializeSListHead 16284->16308 16286 7ff69c79800e GetModuleFileNameW 16285->16286 16287 7ff69c797ff8 16285->16287 16291 7ff69c798039 16286->16291 16288 7ff69c796088 _set_fmode 11 API calls 16287->16288 16289 7ff69c797ffd 16288->16289 16290 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 16289->16290 16290->16284 16324 7ff69c797f70 16291->16324 16294 7ff69c798081 16295 7ff69c796088 _set_fmode 11 API calls 16294->16295 16296 7ff69c798086 16295->16296 16299 7ff69c799f78 __free_lconv_mon 11 API calls 16296->16299 16297 7ff69c798099 16298 7ff69c7980bb 16297->16298 16302 7ff69c798100 16297->16302 16303 7ff69c7980e7 16297->16303 16301 7ff69c799f78 __free_lconv_mon 11 API calls 16298->16301 16300 7ff69c798094 16299->16300 16300->16284 16301->16284 16306 7ff69c799f78 __free_lconv_mon 11 API calls 16302->16306 16304 7ff69c799f78 __free_lconv_mon 11 API calls 16303->16304 16305 7ff69c7980f0 16304->16305 16307 7ff69c799f78 __free_lconv_mon 11 API calls 16305->16307 16306->16298 16307->16300 16310 7ff69c78a8d6 16309->16310 16311 7ff69c78a8cf 16309->16311 16313 7ff69c79904c 16310->16313 16311->16282 16316 7ff69c798c88 16313->16316 16323 7ff69c79f808 EnterCriticalSection 16316->16323 16325 7ff69c797f88 16324->16325 16326 7ff69c797fc0 16324->16326 16325->16326 16327 7ff69c79deb8 _set_fmode 11 API calls 16325->16327 16326->16294 16326->16297 16328 7ff69c797fb6 16327->16328 16329 7ff69c799f78 __free_lconv_mon 11 API calls 16328->16329 16329->16326 16331 7ff69c79df30 __crtLCMapStringW 5 API calls 16330->16331 16332 7ff69c79e2ca 16331->16332 16333 7ff69c79e2cf 16332->16333 16334 7ff69c79e2e9 InitializeCriticalSectionAndSpinCount 16332->16334 16333->16266 16334->16333 16352 7ff69c78abd4 SetUnhandledExceptionFilter 16335->16352 16344 7ff69c79433b 16343->16344 16353 7ff69c79e4c4 16344->16353 16366 7ff69c79f808 EnterCriticalSection 16353->16366 16369 7ff69c7867df 16367->16369 16368 7ff69c786830 WideCharToMultiByte 16368->16369 16371 7ff69c7868d8 16368->16371 16369->16368 16370 7ff69c786886 WideCharToMultiByte 16369->16370 16369->16371 16373 7ff69c7867e7 __std_exception_copy 16369->16373 16370->16369 16370->16371 16681 7ff69c781cb0 16371->16681 16373->16096 16377 7ff69c79ecc0 16374->16377 16375 7ff69c79ed13 16376 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 16375->16376 16378 7ff69c79ed3c 16376->16378 16377->16375 16379 7ff69c79ed66 16377->16379 16378->16098 16981 7ff69c79eb98 16379->16981 16382 7ff69c781b05 16381->16382 16383 7ff69c781b20 16382->16383 16989 7ff69c781c10 16382->16989 16383->16167 16385 7ff69c782cd0 16383->16385 17012 7ff69c78a130 16385->17012 16388 7ff69c782d0b 16390 7ff69c781cb0 86 API calls 16388->16390 16389 7ff69c782d22 17014 7ff69c786ec0 16389->17014 16392 7ff69c782d1e 16390->16392 16395 7ff69c78a100 _wfindfirst32i64 8 API calls 16392->16395 16394 7ff69c781c50 86 API calls 16394->16392 16396 7ff69c782d5f 16395->16396 16396->16104 16398 7ff69c781b30 49 API calls 16397->16398 16399 7ff69c782c6d 16398->16399 16399->16106 16401 7ff69c785afa 16400->16401 16402 7ff69c786db0 88 API calls 16401->16402 16403 7ff69c785b1c GetEnvironmentVariableW 16402->16403 16404 7ff69c785b86 16403->16404 16405 7ff69c785b34 ExpandEnvironmentStringsW 16403->16405 16407 7ff69c78a100 _wfindfirst32i64 8 API calls 16404->16407 16406 7ff69c786ec0 88 API calls 16405->16406 16408 7ff69c785b5c 16406->16408 16409 7ff69c785b98 16407->16409 16408->16404 16410 7ff69c785b66 16408->16410 16409->16108 17025 7ff69c79926c 16410->17025 16413 7ff69c78a100 _wfindfirst32i64 8 API calls 16414 7ff69c785b7e 16413->16414 16414->16108 16416 7ff69c786db0 88 API calls 16415->16416 16417 7ff69c786107 SetEnvironmentVariableW 16416->16417 16418 7ff69c78611f __std_exception_copy 16417->16418 16418->16112 16420 7ff69c781b30 49 API calls 16419->16420 16421 7ff69c781a00 16420->16421 16422 7ff69c781b30 49 API calls 16421->16422 16429 7ff69c781a7a 16421->16429 16423 7ff69c781a22 16422->16423 16424 7ff69c782c50 49 API calls 16423->16424 16423->16429 16425 7ff69c781a3b 16424->16425 16425->16425 17032 7ff69c7817b0 16425->17032 16428 7ff69c78e60c 74 API calls 16428->16429 16429->16115 16429->16117 16431 7ff69c784fb5 16430->16431 16432 7ff69c7829e0 16431->16432 16433 7ff69c781c10 86 API calls 16431->16433 16432->16135 16545 7ff69c784c40 16432->16545 16433->16432 16436 7ff69c7823e4 16434->16436 16443 7ff69c7823a3 16434->16443 16435 7ff69c782423 16438 7ff69c78a100 _wfindfirst32i64 8 API calls 16435->16438 16436->16435 16437 7ff69c781ab0 74 API calls 16436->16437 16437->16436 16439 7ff69c782435 16438->16439 16439->16167 16444 7ff69c786080 16439->16444 16443->16436 17105 7ff69c781440 16443->17105 17139 7ff69c781dc0 16443->17139 17194 7ff69c781780 16443->17194 16445 7ff69c786db0 88 API calls 16444->16445 16446 7ff69c78609f 16445->16446 16447 7ff69c786db0 88 API calls 16446->16447 16448 7ff69c7860af 16447->16448 16449 7ff69c796818 38 API calls 16448->16449 16450 7ff69c7860bd __std_exception_copy 16449->16450 16450->16158 16452 7ff69c786140 16451->16452 16453 7ff69c786db0 88 API calls 16452->16453 16454 7ff69c786171 SetConsoleCtrlHandler GetStartupInfoW 16453->16454 16455 7ff69c7861d2 16454->16455 17989 7ff69c7992e4 16455->17989 16499 7ff69c781c6e 16498->16499 16500 7ff69c781b90 78 API calls 16499->16500 16501 7ff69c781c8c 16500->16501 16502 7ff69c781d00 86 API calls 16501->16502 16503 7ff69c781c9b 16502->16503 16503->16167 16505 7ff69c782dec 16504->16505 16506 7ff69c786db0 88 API calls 16505->16506 16507 7ff69c782e17 16506->16507 16508 7ff69c786db0 88 API calls 16507->16508 16509 7ff69c782e2a 16508->16509 18045 7ff69c795538 16509->18045 16512 7ff69c78a100 _wfindfirst32i64 8 API calls 16513 7ff69c78290a 16512->16513 16513->16136 16514 7ff69c786360 16513->16514 16515 7ff69c786384 16514->16515 16516 7ff69c78ec94 73 API calls 16515->16516 16521 7ff69c78645b __std_exception_copy 16515->16521 16517 7ff69c78639e 16516->16517 16517->16521 18424 7ff69c797a9c 16517->18424 16519 7ff69c78ec94 73 API calls 16522 7ff69c7863b3 16519->16522 16520 7ff69c78e95c _fread_nolock 53 API calls 16520->16522 16521->16139 16522->16519 16522->16520 16522->16521 16524 7ff69c78e63c 16523->16524 18439 7ff69c78e3e8 16524->18439 16526 7ff69c78e655 16526->16136 16528 7ff69c7824b7 16527->16528 16529 7ff69c7824e0 16527->16529 16528->16529 16530 7ff69c781780 86 API calls 16528->16530 16529->16118 16530->16528 16532 7ff69c786e57 MultiByteToWideChar 16531->16532 16533 7ff69c786dd1 MultiByteToWideChar 16531->16533 16536 7ff69c786e7a 16532->16536 16537 7ff69c786e9f 16532->16537 16534 7ff69c786e1c 16533->16534 16535 7ff69c786df7 16533->16535 16534->16532 16542 7ff69c786e32 16534->16542 16538 7ff69c781cb0 86 API calls 16535->16538 16539 7ff69c781cb0 86 API calls 16536->16539 16537->16123 16540 7ff69c786e0a 16538->16540 16541 7ff69c786e8d 16539->16541 16540->16123 16541->16123 16543 7ff69c781cb0 86 API calls 16542->16543 16544 7ff69c786e45 16543->16544 16544->16123 16546 7ff69c784c64 16545->16546 16550 7ff69c784c91 16545->16550 16547 7ff69c784c8c 16546->16547 16548 7ff69c781780 86 API calls 16546->16548 16546->16550 16554 7ff69c784c87 __std_exception_copy memcpy_s 16546->16554 18450 7ff69c7812b0 16547->18450 16548->16546 16550->16554 18476 7ff69c782e60 16550->18476 16552 7ff69c784cf7 16553 7ff69c781c50 86 API calls 16552->16553 16552->16554 16553->16554 16554->16141 16561 7ff69c7847ba memcpy_s 16555->16561 16556 7ff69c7848df 16558 7ff69c782e60 49 API calls 16556->16558 16564 7ff69c784958 16558->16564 16559 7ff69c7848fb 16560 7ff69c781c50 86 API calls 16559->16560 16568 7ff69c7848f1 __std_exception_copy 16560->16568 16561->16556 16561->16559 16561->16561 16562 7ff69c782e60 49 API calls 16561->16562 16563 7ff69c7848c0 16561->16563 16572 7ff69c781440 158 API calls 16561->16572 16573 7ff69c7848e1 16561->16573 18479 7ff69c781650 16561->18479 16562->16561 16563->16556 16566 7ff69c782e60 49 API calls 16563->16566 16565 7ff69c782e60 49 API calls 16564->16565 16567 7ff69c784988 16565->16567 16566->16556 16571 7ff69c782e60 49 API calls 16567->16571 16569 7ff69c78a100 _wfindfirst32i64 8 API calls 16568->16569 16570 7ff69c782a09 16569->16570 16570->16150 16570->16151 16571->16568 16572->16561 16574 7ff69c781c50 86 API calls 16573->16574 16574->16568 18484 7ff69c786310 16575->18484 16577 7ff69c784742 16578 7ff69c786310 89 API calls 16577->16578 16579 7ff69c784755 16578->16579 16580 7ff69c78477a 16579->16580 16581 7ff69c78476d GetProcAddress 16579->16581 16582 7ff69c781c50 86 API calls 16580->16582 16585 7ff69c7850fc GetProcAddress 16581->16585 16586 7ff69c7850d9 16581->16586 16584 7ff69c784786 16582->16584 16584->16157 16585->16586 16587 7ff69c785121 GetProcAddress 16585->16587 16588 7ff69c781cb0 86 API calls 16586->16588 16587->16586 16589 7ff69c785146 GetProcAddress 16587->16589 16590 7ff69c7850ec 16588->16590 16589->16586 16591 7ff69c78516e GetProcAddress 16589->16591 16590->16157 16591->16586 16592 7ff69c785196 GetProcAddress 16591->16592 16592->16586 16593 7ff69c7851be GetProcAddress 16592->16593 16644 7ff69c784e14 16643->16644 16645 7ff69c781c50 86 API calls 16644->16645 16648 7ff69c782a2a 16644->16648 16648->16135 16650 7ff69c781b55 16649->16650 16651 7ff69c793c80 49 API calls 16650->16651 16652 7ff69c781b78 16651->16652 16652->16156 18488 7ff69c783ac0 16653->18488 16656 7ff69c78231d 16656->16163 16658 7ff69c7822f4 16658->16656 18544 7ff69c783840 16658->18544 16688 7ff69c781d00 16681->16688 16689 7ff69c781d10 16688->16689 16713 7ff69c793c80 16689->16713 16693 7ff69c781d70 16746 7ff69c781b90 16693->16746 16696 7ff69c78a100 _wfindfirst32i64 8 API calls 16697 7ff69c781cd7 GetLastError 16696->16697 16698 7ff69c786670 16697->16698 16699 7ff69c78667c 16698->16699 16700 7ff69c78669d FormatMessageW 16699->16700 16701 7ff69c786697 GetLastError 16699->16701 16702 7ff69c7866ec WideCharToMultiByte 16700->16702 16703 7ff69c7866d0 16700->16703 16701->16700 16705 7ff69c786726 16702->16705 16707 7ff69c7866e3 16702->16707 16704 7ff69c781cb0 83 API calls 16703->16704 16704->16707 16706 7ff69c781cb0 83 API calls 16705->16706 16706->16707 16708 7ff69c78a100 _wfindfirst32i64 8 API calls 16707->16708 16709 7ff69c781ce4 16708->16709 16710 7ff69c781be0 16709->16710 16711 7ff69c781d00 86 API calls 16710->16711 16712 7ff69c781c02 16711->16712 16712->16373 16716 7ff69c793cda 16713->16716 16714 7ff69c793cff 16715 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 16714->16715 16720 7ff69c793d29 16715->16720 16716->16714 16717 7ff69c793d3b 16716->16717 16750 7ff69c7916c4 16717->16750 16719 7ff69c793e18 16722 7ff69c799f78 __free_lconv_mon 11 API calls 16719->16722 16721 7ff69c78a100 _wfindfirst32i64 8 API calls 16720->16721 16723 7ff69c781d58 16721->16723 16722->16720 16731 7ff69c786bf0 MultiByteToWideChar 16723->16731 16725 7ff69c793e3c 16725->16719 16727 7ff69c793e46 16725->16727 16726 7ff69c793ded 16728 7ff69c799f78 __free_lconv_mon 11 API calls 16726->16728 16730 7ff69c799f78 __free_lconv_mon 11 API calls 16727->16730 16728->16720 16729 7ff69c793de4 16729->16719 16729->16726 16730->16720 16732 7ff69c786c39 16731->16732 16733 7ff69c786c53 16731->16733 16734 7ff69c781cb0 82 API calls 16732->16734 16735 7ff69c786c69 16733->16735 16736 7ff69c786c83 MultiByteToWideChar 16733->16736 16745 7ff69c786c4c __std_exception_copy 16734->16745 16739 7ff69c781cb0 82 API calls 16735->16739 16737 7ff69c786ca6 16736->16737 16738 7ff69c786cc0 WideCharToMultiByte 16736->16738 16740 7ff69c781cb0 82 API calls 16737->16740 16741 7ff69c786cf6 16738->16741 16743 7ff69c786ced 16738->16743 16739->16745 16740->16745 16742 7ff69c786d1b WideCharToMultiByte 16741->16742 16741->16743 16742->16743 16742->16745 16744 7ff69c781cb0 82 API calls 16743->16744 16744->16745 16745->16693 16747 7ff69c781bb6 16746->16747 16966 7ff69c793b5c 16747->16966 16749 7ff69c781bcc 16749->16696 16751 7ff69c791702 16750->16751 16752 7ff69c7916f2 16750->16752 16753 7ff69c79170b 16751->16753 16758 7ff69c791739 16751->16758 16756 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 16752->16756 16754 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 16753->16754 16755 7ff69c791731 16754->16755 16755->16719 16755->16725 16755->16726 16755->16729 16756->16755 16758->16752 16758->16755 16760 7ff69c7919e8 16758->16760 16764 7ff69c792614 16758->16764 16790 7ff69c791ea4 16758->16790 16820 7ff69c79120c 16758->16820 16823 7ff69c793830 16758->16823 16762 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 16760->16762 16762->16752 16765 7ff69c792656 16764->16765 16766 7ff69c7926c9 16764->16766 16767 7ff69c7926f3 16765->16767 16768 7ff69c79265c 16765->16768 16769 7ff69c7926ce 16766->16769 16770 7ff69c792723 16766->16770 16847 7ff69c790150 16767->16847 16776 7ff69c792661 16768->16776 16779 7ff69c792732 16768->16779 16771 7ff69c7926d0 16769->16771 16772 7ff69c792703 16769->16772 16770->16767 16770->16779 16788 7ff69c79268c 16770->16788 16773 7ff69c792671 16771->16773 16778 7ff69c7926df 16771->16778 16854 7ff69c78fd40 16772->16854 16789 7ff69c792761 16773->16789 16829 7ff69c792f78 16773->16829 16776->16773 16780 7ff69c7926a4 16776->16780 16776->16788 16778->16767 16782 7ff69c7926e4 16778->16782 16779->16789 16861 7ff69c790560 16779->16861 16780->16789 16839 7ff69c793434 16780->16839 16782->16789 16843 7ff69c7935cc 16782->16843 16784 7ff69c78a100 _wfindfirst32i64 8 API calls 16786 7ff69c7929f7 16784->16786 16786->16758 16788->16789 16868 7ff69c79db60 16788->16868 16789->16784 16791 7ff69c791eaf 16790->16791 16792 7ff69c791ec5 16790->16792 16793 7ff69c791f03 16791->16793 16794 7ff69c792656 16791->16794 16795 7ff69c7926c9 16791->16795 16792->16793 16796 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 16792->16796 16793->16758 16797 7ff69c7926f3 16794->16797 16799 7ff69c79265c 16794->16799 16798 7ff69c7926ce 16795->16798 16803 7ff69c792723 16795->16803 16796->16793 16804 7ff69c790150 38 API calls 16797->16804 16800 7ff69c7926d0 16798->16800 16801 7ff69c792703 16798->16801 16807 7ff69c792732 16799->16807 16808 7ff69c792661 16799->16808 16802 7ff69c792671 16800->16802 16809 7ff69c7926df 16800->16809 16805 7ff69c78fd40 38 API calls 16801->16805 16806 7ff69c792f78 47 API calls 16802->16806 16819 7ff69c792761 16802->16819 16803->16797 16803->16807 16818 7ff69c79268c 16803->16818 16804->16818 16805->16818 16806->16818 16811 7ff69c790560 38 API calls 16807->16811 16807->16819 16808->16802 16810 7ff69c7926a4 16808->16810 16808->16818 16809->16797 16812 7ff69c7926e4 16809->16812 16813 7ff69c793434 47 API calls 16810->16813 16810->16819 16811->16818 16815 7ff69c7935cc 37 API calls 16812->16815 16812->16819 16813->16818 16814 7ff69c78a100 _wfindfirst32i64 8 API calls 16816 7ff69c7929f7 16814->16816 16815->16818 16816->16758 16817 7ff69c79db60 47 API calls 16817->16818 16818->16817 16818->16819 16819->16814 16941 7ff69c78f314 16820->16941 16824 7ff69c793847 16823->16824 16958 7ff69c79ccc0 16824->16958 16830 7ff69c792f9a 16829->16830 16878 7ff69c78f180 16830->16878 16835 7ff69c793830 45 API calls 16837 7ff69c7930d7 16835->16837 16836 7ff69c793830 45 API calls 16838 7ff69c793160 16836->16838 16837->16836 16837->16837 16837->16838 16838->16788 16840 7ff69c79344c 16839->16840 16842 7ff69c7934b4 16839->16842 16841 7ff69c79db60 47 API calls 16840->16841 16840->16842 16841->16842 16842->16788 16846 7ff69c7935ed 16843->16846 16844 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 16845 7ff69c79361e 16844->16845 16845->16788 16846->16844 16846->16845 16848 7ff69c790183 16847->16848 16849 7ff69c7901b2 16848->16849 16851 7ff69c79026f 16848->16851 16850 7ff69c78f180 12 API calls 16849->16850 16853 7ff69c7901ef 16849->16853 16850->16853 16852 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 16851->16852 16852->16853 16853->16788 16856 7ff69c78fd73 16854->16856 16855 7ff69c78fda2 16857 7ff69c78f180 12 API calls 16855->16857 16860 7ff69c78fddf 16855->16860 16856->16855 16858 7ff69c78fe5f 16856->16858 16857->16860 16859 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 16858->16859 16859->16860 16860->16788 16862 7ff69c790593 16861->16862 16863 7ff69c7905c2 16862->16863 16866 7ff69c79067f 16862->16866 16864 7ff69c7905ff 16863->16864 16865 7ff69c78f180 12 API calls 16863->16865 16864->16788 16865->16864 16867 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 16866->16867 16867->16864 16869 7ff69c79db88 16868->16869 16870 7ff69c79dbcd 16869->16870 16872 7ff69c793830 45 API calls 16869->16872 16873 7ff69c79dbb6 memcpy_s 16869->16873 16875 7ff69c79db8d memcpy_s 16869->16875 16870->16873 16874 7ff69c79f138 WideCharToMultiByte 16870->16874 16870->16875 16871 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 16871->16875 16872->16870 16873->16871 16873->16875 16876 7ff69c79dca9 16874->16876 16875->16788 16876->16875 16877 7ff69c79dcbe GetLastError 16876->16877 16877->16873 16877->16875 16879 7ff69c78f1b7 16878->16879 16885 7ff69c78f1a6 16878->16885 16880 7ff69c79cc2c _fread_nolock 12 API calls 16879->16880 16879->16885 16881 7ff69c78f1e4 16880->16881 16882 7ff69c799f78 __free_lconv_mon 11 API calls 16881->16882 16884 7ff69c78f1f8 16881->16884 16882->16884 16883 7ff69c799f78 __free_lconv_mon 11 API calls 16883->16885 16884->16883 16886 7ff69c79d878 16885->16886 16887 7ff69c79d895 16886->16887 16888 7ff69c79d8c8 16886->16888 16889 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 16887->16889 16888->16887 16890 7ff69c79d8fa 16888->16890 16899 7ff69c7930b5 16889->16899 16895 7ff69c79da0d 16890->16895 16903 7ff69c79d942 16890->16903 16891 7ff69c79daff 16932 7ff69c79cd64 16891->16932 16893 7ff69c79dac5 16925 7ff69c79d0fc 16893->16925 16895->16891 16895->16893 16896 7ff69c79da94 16895->16896 16898 7ff69c79da57 16895->16898 16900 7ff69c79da4d 16895->16900 16918 7ff69c79d3dc 16896->16918 16908 7ff69c79d60c 16898->16908 16899->16835 16899->16837 16900->16893 16902 7ff69c79da52 16900->16902 16902->16896 16902->16898 16903->16899 16904 7ff69c79930c __std_exception_copy 37 API calls 16903->16904 16905 7ff69c79d9fa 16904->16905 16905->16899 16906 7ff69c799f30 _wfindfirst32i64 17 API calls 16905->16906 16907 7ff69c79db5c 16906->16907 16909 7ff69c7a324c 38 API calls 16908->16909 16910 7ff69c79d659 16909->16910 16911 7ff69c7a2c94 37 API calls 16910->16911 16912 7ff69c79d6b4 16911->16912 16913 7ff69c79d6b8 16912->16913 16914 7ff69c79d709 16912->16914 16915 7ff69c79d6d4 16912->16915 16913->16899 16916 7ff69c79d1f8 45 API calls 16914->16916 16917 7ff69c79d4b4 45 API calls 16915->16917 16916->16913 16917->16913 16919 7ff69c7a324c 38 API calls 16918->16919 16920 7ff69c79d426 16919->16920 16921 7ff69c7a2c94 37 API calls 16920->16921 16922 7ff69c79d476 16921->16922 16923 7ff69c79d47a 16922->16923 16924 7ff69c79d4b4 45 API calls 16922->16924 16923->16899 16924->16923 16926 7ff69c7a324c 38 API calls 16925->16926 16927 7ff69c79d147 16926->16927 16928 7ff69c7a2c94 37 API calls 16927->16928 16929 7ff69c79d19f 16928->16929 16930 7ff69c79d1a3 16929->16930 16931 7ff69c79d1f8 45 API calls 16929->16931 16930->16899 16931->16930 16933 7ff69c79cda9 16932->16933 16934 7ff69c79cddc 16932->16934 16935 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 16933->16935 16936 7ff69c79cdf4 16934->16936 16938 7ff69c79ce75 16934->16938 16940 7ff69c79cdd5 memcpy_s 16935->16940 16937 7ff69c79d0fc 46 API calls 16936->16937 16937->16940 16939 7ff69c793830 45 API calls 16938->16939 16938->16940 16939->16940 16940->16899 16942 7ff69c78f341 16941->16942 16943 7ff69c78f353 16941->16943 16944 7ff69c796088 _set_fmode 11 API calls 16942->16944 16945 7ff69c78f360 16943->16945 16949 7ff69c78f39d 16943->16949 16946 7ff69c78f346 16944->16946 16947 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 16945->16947 16948 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 16946->16948 16955 7ff69c78f351 16947->16955 16948->16955 16950 7ff69c78f446 16949->16950 16951 7ff69c796088 _set_fmode 11 API calls 16949->16951 16952 7ff69c796088 _set_fmode 11 API calls 16950->16952 16950->16955 16953 7ff69c78f43b 16951->16953 16954 7ff69c78f4f0 16952->16954 16956 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 16953->16956 16957 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 16954->16957 16955->16758 16956->16950 16957->16955 16959 7ff69c79ccd9 16958->16959 16961 7ff69c79386f 16958->16961 16960 7ff69c7a24a4 45 API calls 16959->16960 16959->16961 16960->16961 16962 7ff69c79cd2c 16961->16962 16963 7ff69c79cd45 16962->16963 16965 7ff69c79387f 16962->16965 16964 7ff69c7a1810 45 API calls 16963->16964 16963->16965 16964->16965 16965->16758 16968 7ff69c793b86 16966->16968 16967 7ff69c793bbe 16969 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 16967->16969 16968->16967 16970 7ff69c793bf1 16968->16970 16972 7ff69c793be7 16969->16972 16973 7ff69c78f140 16970->16973 16972->16749 16980 7ff69c79438c EnterCriticalSection 16973->16980 16988 7ff69c79438c EnterCriticalSection 16981->16988 16990 7ff69c781d00 86 API calls 16989->16990 16991 7ff69c781c37 16990->16991 16994 7ff69c7944e0 16991->16994 16995 7ff69c79450b 16994->16995 16998 7ff69c7943a4 16995->16998 17011 7ff69c796d50 EnterCriticalSection 16998->17011 17013 7ff69c782cdc GetModuleFileNameW 17012->17013 17013->16388 17013->16389 17015 7ff69c786ee4 WideCharToMultiByte 17014->17015 17016 7ff69c786f52 WideCharToMultiByte 17014->17016 17017 7ff69c786f25 17015->17017 17018 7ff69c786f0e 17015->17018 17019 7ff69c786f7f 17016->17019 17024 7ff69c782d35 17016->17024 17017->17016 17022 7ff69c786f3b 17017->17022 17020 7ff69c781cb0 86 API calls 17018->17020 17021 7ff69c781cb0 86 API calls 17019->17021 17020->17024 17021->17024 17023 7ff69c781cb0 86 API calls 17022->17023 17023->17024 17024->16392 17024->16394 17026 7ff69c799283 17025->17026 17029 7ff69c785b6e 17025->17029 17027 7ff69c79930c __std_exception_copy 37 API calls 17026->17027 17026->17029 17028 7ff69c7992b0 17027->17028 17028->17029 17030 7ff69c799f30 _wfindfirst32i64 17 API calls 17028->17030 17029->16413 17031 7ff69c7992e0 17030->17031 17033 7ff69c7817d4 17032->17033 17034 7ff69c7817e4 17032->17034 17035 7ff69c782de0 120 API calls 17033->17035 17036 7ff69c786360 83 API calls 17034->17036 17065 7ff69c781842 17034->17065 17035->17034 17037 7ff69c781815 17036->17037 17037->17065 17066 7ff69c78ec94 17037->17066 17039 7ff69c78182b 17041 7ff69c78184c 17039->17041 17042 7ff69c78182f 17039->17042 17040 7ff69c78a100 _wfindfirst32i64 8 API calls 17043 7ff69c7819c0 17040->17043 17070 7ff69c78e95c 17041->17070 17044 7ff69c781c10 86 API calls 17042->17044 17043->16428 17043->16429 17044->17065 17047 7ff69c78ec94 73 API calls 17049 7ff69c7818d1 17047->17049 17048 7ff69c781c10 86 API calls 17048->17065 17050 7ff69c7818e3 17049->17050 17051 7ff69c7818fe 17049->17051 17052 7ff69c781c10 86 API calls 17050->17052 17053 7ff69c78e95c _fread_nolock 53 API calls 17051->17053 17052->17065 17054 7ff69c781913 17053->17054 17055 7ff69c781867 17054->17055 17056 7ff69c781925 17054->17056 17055->17048 17073 7ff69c78e6d0 17056->17073 17059 7ff69c78193d 17060 7ff69c781c50 86 API calls 17059->17060 17060->17065 17061 7ff69c781993 17063 7ff69c78e60c 74 API calls 17061->17063 17061->17065 17062 7ff69c781950 17062->17061 17064 7ff69c781c50 86 API calls 17062->17064 17063->17065 17064->17061 17065->17040 17067 7ff69c78ecc4 17066->17067 17079 7ff69c78ea24 17067->17079 17069 7ff69c78ecdd 17069->17039 17091 7ff69c78e97c 17070->17091 17074 7ff69c78e6d9 17073->17074 17078 7ff69c781939 17073->17078 17075 7ff69c796088 _set_fmode 11 API calls 17074->17075 17076 7ff69c78e6de 17075->17076 17077 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 17076->17077 17077->17078 17078->17059 17078->17062 17080 7ff69c78ea8e 17079->17080 17081 7ff69c78ea4e 17079->17081 17080->17081 17082 7ff69c78ea9a 17080->17082 17083 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 17081->17083 17090 7ff69c79438c EnterCriticalSection 17082->17090 17089 7ff69c78ea75 17083->17089 17089->17069 17092 7ff69c781861 17091->17092 17093 7ff69c78e9a6 17091->17093 17092->17047 17092->17055 17093->17092 17094 7ff69c78e9f2 17093->17094 17095 7ff69c78e9b5 memcpy_s 17093->17095 17104 7ff69c79438c EnterCriticalSection 17094->17104 17097 7ff69c796088 _set_fmode 11 API calls 17095->17097 17099 7ff69c78e9ca 17097->17099 17102 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 17099->17102 17102->17092 17198 7ff69c785880 17105->17198 17107 7ff69c781454 17108 7ff69c781459 17107->17108 17207 7ff69c785ba0 17107->17207 17108->16443 17111 7ff69c7814a7 17114 7ff69c7814e0 17111->17114 17116 7ff69c782de0 120 API calls 17111->17116 17112 7ff69c781487 17113 7ff69c781c10 86 API calls 17112->17113 17133 7ff69c78149d 17113->17133 17115 7ff69c78ec94 73 API calls 17114->17115 17118 7ff69c7814f2 17115->17118 17117 7ff69c7814bf 17116->17117 17117->17114 17119 7ff69c7814c7 17117->17119 17120 7ff69c781516 17118->17120 17121 7ff69c7814f6 17118->17121 17122 7ff69c781c50 86 API calls 17119->17122 17124 7ff69c78151c 17120->17124 17125 7ff69c781534 17120->17125 17123 7ff69c781c10 86 API calls 17121->17123 17138 7ff69c7814d6 __std_exception_copy 17122->17138 17123->17138 17232 7ff69c781050 17124->17232 17127 7ff69c781556 17125->17127 17128 7ff69c781575 17125->17128 17129 7ff69c781c10 86 API calls 17127->17129 17134 7ff69c78e95c _fread_nolock 53 API calls 17128->17134 17135 7ff69c7815d5 17128->17135 17128->17138 17250 7ff69c78f09c 17128->17250 17129->17138 17130 7ff69c78e60c 74 API calls 17132 7ff69c781624 17130->17132 17131 7ff69c78e60c 74 API calls 17131->17133 17132->17131 17133->16443 17134->17128 17137 7ff69c781c10 86 API calls 17135->17137 17137->17138 17138->17130 17138->17132 17140 7ff69c781dd6 17139->17140 17141 7ff69c781b30 49 API calls 17140->17141 17143 7ff69c781e0b 17141->17143 17142 7ff69c782211 17143->17142 17144 7ff69c782c50 49 API calls 17143->17144 17145 7ff69c781e7f 17144->17145 17801 7ff69c782230 17145->17801 17148 7ff69c781efa 17150 7ff69c782230 75 API calls 17148->17150 17149 7ff69c781ec1 17151 7ff69c785880 127 API calls 17149->17151 17152 7ff69c781f4c 17150->17152 17153 7ff69c781ec9 17151->17153 17154 7ff69c781fb6 17152->17154 17155 7ff69c781f50 17152->17155 17156 7ff69c781eea 17153->17156 17809 7ff69c785760 17153->17809 17157 7ff69c782230 75 API calls 17154->17157 17158 7ff69c785880 127 API calls 17155->17158 17159 7ff69c781c50 86 API calls 17156->17159 17163 7ff69c781ef3 17156->17163 17161 7ff69c781fe2 17157->17161 17162 7ff69c781f58 17158->17162 17159->17163 17164 7ff69c782042 17161->17164 17165 7ff69c782230 75 API calls 17161->17165 17162->17156 17166 7ff69c785760 138 API calls 17162->17166 17168 7ff69c78a100 _wfindfirst32i64 8 API calls 17163->17168 17164->17142 17167 7ff69c785880 127 API calls 17164->17167 17169 7ff69c782012 17165->17169 17170 7ff69c781f75 17166->17170 17175 7ff69c782052 17167->17175 17171 7ff69c781fab 17168->17171 17169->17164 17173 7ff69c782230 75 API calls 17169->17173 17170->17156 17172 7ff69c7821f6 17170->17172 17171->16443 17177 7ff69c781c50 86 API calls 17172->17177 17173->17164 17174 7ff69c781af0 86 API calls 17175->17142 17175->17174 17187 7ff69c78216f 17175->17187 17195 7ff69c7817a1 17194->17195 17196 7ff69c781795 17194->17196 17195->16443 17197 7ff69c781c50 86 API calls 17196->17197 17197->17195 17199 7ff69c785892 17198->17199 17204 7ff69c7858c8 17198->17204 17254 7ff69c7816d0 17199->17254 17204->17107 17208 7ff69c785bb0 17207->17208 17209 7ff69c781b30 49 API calls 17208->17209 17210 7ff69c785be1 17209->17210 17211 7ff69c781b30 49 API calls 17210->17211 17225 7ff69c785dab 17210->17225 17214 7ff69c785c08 17211->17214 17212 7ff69c78a100 _wfindfirst32i64 8 API calls 17213 7ff69c78147f 17212->17213 17213->17111 17213->17112 17214->17225 17764 7ff69c795158 17214->17764 17216 7ff69c785c3d 17217 7ff69c785d19 17216->17217 17216->17225 17229 7ff69c795158 49 API calls 17216->17229 17230 7ff69c786db0 88 API calls 17216->17230 17231 7ff69c786a60 58 API calls 17216->17231 17218 7ff69c786db0 88 API calls 17217->17218 17219 7ff69c785d31 17218->17219 17220 7ff69c785dda 17219->17220 17224 7ff69c785af0 92 API calls 17219->17224 17228 7ff69c785d62 __std_exception_copy 17219->17228 17221 7ff69c782de0 120 API calls 17220->17221 17221->17225 17222 7ff69c785d9f 17226 7ff69c781c50 86 API calls 17222->17226 17223 7ff69c785dce 17227 7ff69c781c50 86 API calls 17223->17227 17224->17228 17225->17212 17226->17225 17227->17220 17228->17222 17228->17223 17229->17216 17230->17216 17231->17216 17233 7ff69c7810a6 17232->17233 17234 7ff69c7810ad 17233->17234 17235 7ff69c7810d3 17233->17235 17236 7ff69c781c50 86 API calls 17234->17236 17238 7ff69c7810ed 17235->17238 17239 7ff69c781109 17235->17239 17237 7ff69c7810c0 17236->17237 17237->17138 17240 7ff69c781c10 86 API calls 17238->17240 17241 7ff69c78111b 17239->17241 17242 7ff69c781137 memcpy_s 17239->17242 17245 7ff69c781104 __std_exception_copy 17240->17245 17243 7ff69c781c10 86 API calls 17241->17243 17244 7ff69c78e95c _fread_nolock 53 API calls 17242->17244 17242->17245 17246 7ff69c7811fe 17242->17246 17248 7ff69c78f09c 76 API calls 17242->17248 17249 7ff69c78e6d0 37 API calls 17242->17249 17243->17245 17244->17242 17245->17138 17248->17242 17249->17242 17251 7ff69c78f0cc 17250->17251 17786 7ff69c78edec 17251->17786 17253 7ff69c78f0ea 17253->17128 17256 7ff69c7816f5 17254->17256 17255 7ff69c781738 17258 7ff69c7858e0 17255->17258 17256->17255 17257 7ff69c781c50 86 API calls 17256->17257 17257->17255 17259 7ff69c7858f8 17258->17259 17260 7ff69c78596b 17259->17260 17261 7ff69c785918 17259->17261 17262 7ff69c785970 GetTempPathW GetCurrentProcessId 17260->17262 17263 7ff69c785af0 92 API calls 17261->17263 17297 7ff69c786610 17262->17297 17265 7ff69c785924 17263->17265 17321 7ff69c7855e0 17265->17321 17272 7ff69c78a100 _wfindfirst32i64 8 API calls 17274 7ff69c7858ad 17272->17274 17273 7ff69c78599e __std_exception_copy 17275 7ff69c785a46 17273->17275 17279 7ff69c7859d1 17273->17279 17301 7ff69c7974d0 17273->17301 17304 7ff69c786a60 17273->17304 17274->17204 17277 7ff69c786ec0 88 API calls 17275->17277 17282 7ff69c785a57 __std_exception_copy 17277->17282 17281 7ff69c786db0 88 API calls 17279->17281 17292 7ff69c785a0a __std_exception_copy 17279->17292 17283 7ff69c7859e7 17281->17283 17284 7ff69c786db0 88 API calls 17282->17284 17282->17292 17285 7ff69c7859ec 17283->17285 17286 7ff69c785a29 SetEnvironmentVariableW 17283->17286 17286->17292 17292->17272 17298 7ff69c786635 17297->17298 17355 7ff69c793ed4 17298->17355 17527 7ff69c7970fc 17301->17527 17305 7ff69c78a130 17304->17305 17306 7ff69c786a70 GetCurrentProcess OpenProcessToken 17305->17306 17322 7ff69c7855ec 17321->17322 17323 7ff69c786db0 88 API calls 17322->17323 17324 7ff69c78560e 17323->17324 17325 7ff69c785629 ExpandEnvironmentStringsW 17324->17325 17326 7ff69c785616 17324->17326 17328 7ff69c78564f __std_exception_copy 17325->17328 17327 7ff69c781c50 86 API calls 17326->17327 17334 7ff69c785622 17327->17334 17329 7ff69c785666 17328->17329 17330 7ff69c785653 17328->17330 17335 7ff69c785674 17329->17335 17336 7ff69c785680 17329->17336 17332 7ff69c781c50 86 API calls 17330->17332 17331 7ff69c78a100 _wfindfirst32i64 8 API calls 17333 7ff69c785748 17331->17333 17332->17334 17333->17292 17345 7ff69c796818 17333->17345 17334->17331 17657 7ff69c7960a8 17335->17657 17664 7ff69c7953b8 17336->17664 17339 7ff69c78567e 17340 7ff69c78569a 17339->17340 17343 7ff69c7856ad memcpy_s 17339->17343 17346 7ff69c796825 17345->17346 17347 7ff69c796838 17345->17347 17349 7ff69c796088 _set_fmode 11 API calls 17346->17349 17756 7ff69c79649c 17347->17756 17357 7ff69c793f2e 17355->17357 17356 7ff69c793f53 17358 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 17356->17358 17357->17356 17359 7ff69c793f8f 17357->17359 17361 7ff69c793f7d 17358->17361 17373 7ff69c791a44 17359->17373 17363 7ff69c78a100 _wfindfirst32i64 8 API calls 17361->17363 17362 7ff69c79403c 17368 7ff69c794070 17362->17368 17372 7ff69c794045 17362->17372 17366 7ff69c786654 17363->17366 17364 7ff69c799f78 __free_lconv_mon 11 API calls 17364->17361 17366->17273 17367 7ff69c794096 17367->17368 17369 7ff69c7940a0 17367->17369 17368->17364 17371 7ff69c799f78 __free_lconv_mon 11 API calls 17369->17371 17370 7ff69c799f78 __free_lconv_mon 11 API calls 17370->17361 17371->17361 17372->17370 17374 7ff69c791a82 17373->17374 17375 7ff69c791a72 17373->17375 17376 7ff69c791a8b 17374->17376 17382 7ff69c791ab9 17374->17382 17377 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 17375->17377 17378 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 17376->17378 17379 7ff69c791ab1 17377->17379 17378->17379 17379->17362 17379->17367 17379->17368 17379->17372 17382->17375 17382->17379 17384 7ff69c792a18 17382->17384 17417 7ff69c79202c 17382->17417 17454 7ff69c79129c 17382->17454 17385 7ff69c792a5a 17384->17385 17386 7ff69c792acb 17384->17386 17389 7ff69c792a60 17385->17389 17390 7ff69c792af5 17385->17390 17387 7ff69c792ad0 17386->17387 17388 7ff69c792b24 17386->17388 17393 7ff69c792b05 17387->17393 17400 7ff69c792ad2 17387->17400 17394 7ff69c792b33 17388->17394 17395 7ff69c792b3b 17388->17395 17396 7ff69c792b2e 17388->17396 17391 7ff69c792a94 17389->17391 17392 7ff69c792a65 17389->17392 17473 7ff69c790354 17390->17473 17391->17394 17401 7ff69c792a6b 17391->17401 17392->17395 17392->17401 17480 7ff69c78ff44 17393->17480 17415 7ff69c792b64 17394->17415 17491 7ff69c790764 17394->17491 17487 7ff69c793720 17395->17487 17396->17390 17396->17394 17405 7ff69c792a74 17400->17405 17406 7ff69c792ae1 17400->17406 17401->17405 17405->17415 17406->17390 17409 7ff69c78a100 _wfindfirst32i64 8 API calls 17415->17409 17418 7ff69c792050 17417->17418 17419 7ff69c79203a 17417->17419 17420 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 17418->17420 17423 7ff69c792090 17418->17423 17421 7ff69c792a5a 17419->17421 17422 7ff69c792acb 17419->17422 17419->17423 17420->17423 17426 7ff69c792a60 17421->17426 17427 7ff69c792af5 17421->17427 17424 7ff69c792ad0 17422->17424 17425 7ff69c792b24 17422->17425 17423->17382 17430 7ff69c792ad2 17424->17430 17431 7ff69c792b05 17424->17431 17432 7ff69c792b3b 17425->17432 17434 7ff69c792b2e 17425->17434 17439 7ff69c792b33 17425->17439 17428 7ff69c792a94 17426->17428 17429 7ff69c792a65 17426->17429 17436 7ff69c790354 38 API calls 17427->17436 17428->17439 17429->17432 17434->17427 17434->17439 17510 7ff69c78f5c8 17454->17510 17474 7ff69c790387 17473->17474 17511 7ff69c78f60f 17510->17511 17512 7ff69c78f5fd 17510->17512 17515 7ff69c78f61d 17511->17515 17519 7ff69c78f659 17511->17519 17513 7ff69c796088 _set_fmode 11 API calls 17512->17513 17514 7ff69c78f602 17513->17514 17517 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 17515->17517 17518 7ff69c78f9d5 17519->17518 17520 7ff69c796088 _set_fmode 11 API calls 17519->17520 17568 7ff69c7a0718 17527->17568 17658 7ff69c7960f9 17657->17658 17659 7ff69c7960c6 17657->17659 17658->17339 17659->17658 17660 7ff69c79f9a4 _wfindfirst32i64 37 API calls 17659->17660 17661 7ff69c7960f5 17660->17661 17661->17658 17665 7ff69c795442 17664->17665 17666 7ff69c7953d4 17664->17666 17701 7ff69c79f110 17665->17701 17666->17665 17667 7ff69c7953d9 17666->17667 17669 7ff69c79540e 17667->17669 17670 7ff69c7953f1 17667->17670 17684 7ff69c7951fc GetFullPathNameW 17669->17684 17676 7ff69c795188 GetFullPathNameW 17670->17676 17704 7ff69c79ef20 17701->17704 17765 7ff69c79a780 __GetCurrentState 45 API calls 17764->17765 17767 7ff69c79516d 17765->17767 17766 7ff69c79ef17 17773 7ff69c78a294 17766->17773 17767->17766 17772 7ff69c79ee36 17767->17772 17770 7ff69c78a100 _wfindfirst32i64 8 API calls 17771 7ff69c79ef0f 17770->17771 17771->17216 17772->17770 17776 7ff69c78a2a8 IsProcessorFeaturePresent 17773->17776 17777 7ff69c78a2bf 17776->17777 17782 7ff69c78a344 RtlCaptureContext RtlLookupFunctionEntry 17777->17782 17783 7ff69c78a374 RtlVirtualUnwind 17782->17783 17784 7ff69c78a2d3 17782->17784 17783->17784 17785 7ff69c78a180 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17784->17785 17787 7ff69c78ee39 17786->17787 17788 7ff69c78ee0c 17786->17788 17787->17253 17788->17787 17789 7ff69c78ee41 17788->17789 17790 7ff69c78ee16 17788->17790 17802 7ff69c782264 17801->17802 17803 7ff69c793c80 49 API calls 17802->17803 17804 7ff69c78228a 17803->17804 17805 7ff69c78229b 17804->17805 17833 7ff69c794e70 17804->17833 17807 7ff69c78a100 _wfindfirst32i64 8 API calls 17805->17807 17808 7ff69c781ebd 17807->17808 17808->17148 17808->17149 17810 7ff69c78576e 17809->17810 17811 7ff69c782de0 120 API calls 17810->17811 17812 7ff69c785795 17811->17812 17813 7ff69c785ba0 138 API calls 17812->17813 17814 7ff69c7857a3 17813->17814 17815 7ff69c785853 17814->17815 17816 7ff69c7857bd 17814->17816 17834 7ff69c794e99 17833->17834 17835 7ff69c794e8d 17833->17835 17837 7ff69c794a84 45 API calls 17834->17837 17850 7ff69c7946e8 17835->17850 17839 7ff69c794ec1 17837->17839 17838 7ff69c794e92 17838->17805 17840 7ff69c79e144 5 API calls 17839->17840 17842 7ff69c794ed1 17839->17842 17840->17842 17841 7ff69c79456c 14 API calls 17843 7ff69c794f29 17841->17843 17842->17841 17844 7ff69c794f41 17843->17844 17845 7ff69c794f2d 17843->17845 17846 7ff69c7946e8 69 API calls 17844->17846 17845->17838 17847 7ff69c799f78 __free_lconv_mon 11 API calls 17845->17847 17848 7ff69c794f4d 17846->17848 17847->17838 17848->17838 17849 7ff69c799f78 __free_lconv_mon 11 API calls 17848->17849 17849->17838 17851 7ff69c79471f 17850->17851 17852 7ff69c794702 17850->17852 17851->17852 17854 7ff69c794732 CreateFileW 17851->17854 17853 7ff69c796068 _fread_nolock 11 API calls 17852->17853 17855 7ff69c794707 17853->17855 17856 7ff69c794766 17854->17856 17857 7ff69c79479c 17854->17857 17859 7ff69c796088 _set_fmode 11 API calls 17855->17859 17875 7ff69c79483c GetFileType 17856->17875 17901 7ff69c794d60 17857->17901 17863 7ff69c79470f 17859->17863 17868 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 17863->17868 17864 7ff69c794791 CloseHandle 17869 7ff69c79471a 17864->17869 17865 7ff69c79477b CloseHandle 17865->17869 17866 7ff69c7947d0 17922 7ff69c794b20 17866->17922 17867 7ff69c7947a5 17870 7ff69c795ffc _fread_nolock 11 API calls 17867->17870 17868->17869 17869->17838 17876 7ff69c794947 17875->17876 17877 7ff69c79488a 17875->17877 17879 7ff69c79494f 17876->17879 17880 7ff69c794971 17876->17880 17878 7ff69c7948b6 GetFileInformationByHandle 17877->17878 17881 7ff69c794c5c 21 API calls 17877->17881 17882 7ff69c7948df 17878->17882 17883 7ff69c794962 GetLastError 17878->17883 17879->17883 17884 7ff69c794953 17879->17884 17885 7ff69c794994 PeekNamedPipe 17880->17885 17892 7ff69c794932 17880->17892 17886 7ff69c7948a4 17881->17886 17887 7ff69c794b20 51 API calls 17882->17887 17889 7ff69c795ffc _fread_nolock 11 API calls 17883->17889 17888 7ff69c796088 _set_fmode 11 API calls 17884->17888 17885->17892 17886->17878 17886->17892 17891 7ff69c7948ea 17887->17891 17888->17892 17889->17892 17890 7ff69c78a100 _wfindfirst32i64 8 API calls 17893 7ff69c794774 17890->17893 17939 7ff69c7949e4 17891->17939 17892->17890 17893->17864 17893->17865 17902 7ff69c794d96 17901->17902 17903 7ff69c796088 _set_fmode 11 API calls 17902->17903 17921 7ff69c794e2e __std_exception_copy 17902->17921 17905 7ff69c794da8 17903->17905 17904 7ff69c78a100 _wfindfirst32i64 8 API calls 17906 7ff69c7947a1 17904->17906 17907 7ff69c796088 _set_fmode 11 API calls 17905->17907 17906->17866 17906->17867 17908 7ff69c794db0 17907->17908 17909 7ff69c7953b8 45 API calls 17908->17909 17921->17904 17923 7ff69c794b48 17922->17923 17940 7ff69c794a00 17939->17940 17990 7ff69c7861da 17989->17990 17991 7ff69c7992ed 17989->17991 17995 7ff69c79705c 17990->17995 17992 7ff69c796088 _set_fmode 11 API calls 17991->17992 17993 7ff69c7992f2 17992->17993 17994 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 17993->17994 17994->17990 17996 7ff69c797065 17995->17996 17997 7ff69c79707a 17995->17997 17998 7ff69c796068 _fread_nolock 11 API calls 17996->17998 17999 7ff69c796068 _fread_nolock 11 API calls 17997->17999 18005 7ff69c797072 17997->18005 18046 7ff69c79546c 18045->18046 18047 7ff69c795492 18046->18047 18050 7ff69c7954c5 18046->18050 18048 7ff69c796088 _set_fmode 11 API calls 18047->18048 18049 7ff69c795497 18048->18049 18051 7ff69c799f10 _invalid_parameter_noinfo 37 API calls 18049->18051 18052 7ff69c7954d8 18050->18052 18053 7ff69c7954cb 18050->18053 18063 7ff69c782e39 18051->18063 18064 7ff69c79a258 18052->18064 18054 7ff69c796088 _set_fmode 11 API calls 18053->18054 18054->18063 18063->16512 18077 7ff69c79f808 EnterCriticalSection 18064->18077 18425 7ff69c797acc 18424->18425 18428 7ff69c7975a8 18425->18428 18427 7ff69c797ae5 18427->16522 18429 7ff69c7975f2 18428->18429 18430 7ff69c7975c3 18428->18430 18438 7ff69c79438c EnterCriticalSection 18429->18438 18431 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 18430->18431 18437 7ff69c7975e3 18431->18437 18437->18427 18440 7ff69c78e403 18439->18440 18442 7ff69c78e431 18439->18442 18441 7ff69c799e44 _invalid_parameter_noinfo 37 API calls 18440->18441 18443 7ff69c78e423 18441->18443 18442->18443 18449 7ff69c79438c EnterCriticalSection 18442->18449 18443->16526 18451 7ff69c7812f8 18450->18451 18452 7ff69c7812c6 18450->18452 18453 7ff69c78ec94 73 API calls 18451->18453 18454 7ff69c782de0 120 API calls 18452->18454 18455 7ff69c78130a 18453->18455 18456 7ff69c7812d6 18454->18456 18457 7ff69c78132f 18455->18457 18458 7ff69c78130e 18455->18458 18456->18451 18459 7ff69c7812de 18456->18459 18464 7ff69c781364 18457->18464 18465 7ff69c781344 18457->18465 18460 7ff69c781c10 86 API calls 18458->18460 18461 7ff69c781c50 86 API calls 18459->18461 18463 7ff69c781325 18460->18463 18462 7ff69c7812ee 18461->18462 18462->16550 18463->16550 18467 7ff69c781395 18464->18467 18468 7ff69c78137e 18464->18468 18466 7ff69c781c10 86 API calls 18465->18466 18474 7ff69c78135f __std_exception_copy 18466->18474 18471 7ff69c78e95c _fread_nolock 53 API calls 18467->18471 18473 7ff69c7813de 18467->18473 18467->18474 18469 7ff69c781050 94 API calls 18468->18469 18469->18474 18470 7ff69c781421 18470->16550 18471->18467 18472 7ff69c78e60c 74 API calls 18472->18470 18475 7ff69c781c10 86 API calls 18473->18475 18474->18470 18474->18472 18475->18474 18477 7ff69c781b30 49 API calls 18476->18477 18478 7ff69c782e90 18477->18478 18478->16552 18478->18478 18480 7ff69c7816aa 18479->18480 18481 7ff69c781666 18479->18481 18480->16561 18481->18480 18482 7ff69c781c50 86 API calls 18481->18482 18483 7ff69c7816be 18482->18483 18483->16561 18485 7ff69c786db0 88 API calls 18484->18485 18486 7ff69c786327 LoadLibraryExW 18485->18486 18487 7ff69c786344 __std_exception_copy 18486->18487 18487->16577 18489 7ff69c783ad0 18488->18489 18490 7ff69c781b30 49 API calls 18489->18490 18491 7ff69c783b02 18490->18491 18492 7ff69c783b2b 18491->18492 18493 7ff69c783b0b 18491->18493 18495 7ff69c783b82 18492->18495 18497 7ff69c782e60 49 API calls 18492->18497 18494 7ff69c781c50 86 API calls 18493->18494 18515 7ff69c783b21 18494->18515 18496 7ff69c782e60 49 API calls 18495->18496 18498 7ff69c783b9b 18496->18498 18499 7ff69c783b4c 18497->18499 18500 7ff69c783bb9 18498->18500 18503 7ff69c781c50 86 API calls 18498->18503 18501 7ff69c783b6a 18499->18501 18505 7ff69c781c50 86 API calls 18499->18505 18504 7ff69c786310 89 API calls 18500->18504 18559 7ff69c782d70 18501->18559 18502 7ff69c78a100 _wfindfirst32i64 8 API calls 18507 7ff69c7822de 18502->18507 18503->18500 18508 7ff69c783bc6 18504->18508 18505->18501 18507->16656 18516 7ff69c783e40 18507->18516 18510 7ff69c783bed 18508->18510 18511 7ff69c783bcb 18508->18511 18565 7ff69c782f20 GetProcAddress 18510->18565 18512 7ff69c781cb0 86 API calls 18511->18512 18512->18515 18514 7ff69c786310 89 API calls 18514->18495 18515->18502 18517 7ff69c785af0 92 API calls 18516->18517 18519 7ff69c783e55 18517->18519 18518 7ff69c783e70 18520 7ff69c786db0 88 API calls 18518->18520 18519->18518 18521 7ff69c781c50 86 API calls 18519->18521 18522 7ff69c783eb4 18520->18522 18521->18518 18523 7ff69c783eb9 18522->18523 18524 7ff69c783ed0 18522->18524 18525 7ff69c781c50 86 API calls 18523->18525 18527 7ff69c786db0 88 API calls 18524->18527 18526 7ff69c783ec5 18525->18526 18526->16658 18528 7ff69c783f05 18527->18528 18530 7ff69c781b30 49 API calls 18528->18530 18542 7ff69c783f0a __std_exception_copy 18528->18542 18529 7ff69c781c50 86 API calls 18531 7ff69c7840b1 18529->18531 18532 7ff69c783f87 18530->18532 18531->16658 18533 7ff69c783fb3 18532->18533 18534 7ff69c783f8e 18532->18534 18536 7ff69c786db0 88 API calls 18533->18536 18535 7ff69c781c50 86 API calls 18534->18535 18537 7ff69c783fa3 18535->18537 18538 7ff69c783fcc 18536->18538 18537->16658 18538->18542 18542->18529 18543 7ff69c78409a 18542->18543 18543->16658 18545 7ff69c783857 18544->18545 18545->18545 18546 7ff69c783880 18545->18546 18553 7ff69c783897 __std_exception_copy 18545->18553 18547 7ff69c781c50 86 API calls 18546->18547 18549 7ff69c78397b 18550 7ff69c7812b0 120 API calls 18550->18553 18551 7ff69c781780 86 API calls 18551->18553 18552 7ff69c781c50 86 API calls 18552->18553 18553->18549 18553->18550 18553->18551 18553->18552 18560 7ff69c782d7a 18559->18560 18561 7ff69c786db0 88 API calls 18560->18561 18562 7ff69c782da2 18561->18562 18563 7ff69c78a100 _wfindfirst32i64 8 API calls 18562->18563 18564 7ff69c782dca 18563->18564 18564->18495 18564->18514 18566 7ff69c782f6b GetProcAddress 18565->18566 18567 7ff69c782f48 18565->18567 18566->18567 18568 7ff69c782f90 GetProcAddress 18566->18568 18569 7ff69c781cb0 86 API calls 18567->18569 18568->18567 18570 7ff69c782fb5 GetProcAddress 18568->18570 18572 7ff69c782f5b 18569->18572 18570->18567 18571 7ff69c782fdd GetProcAddress 18570->18571 18571->18567 18573 7ff69c783005 GetProcAddress 18571->18573 18572->18515 18573->18567 18574 7ff69c78302d GetProcAddress 18573->18574 18575 7ff69c783049 18574->18575 18576 7ff69c783055 GetProcAddress 18574->18576 18575->18576 18577 7ff69c78307d GetProcAddress 18576->18577 18578 7ff69c783071 18576->18578 18579 7ff69c783099 18577->18579 18578->18577 18580 7ff69c7830ad GetProcAddress 18579->18580 18581 7ff69c7830d5 GetProcAddress 18579->18581 18580->18581 19584 7ff69c798bb0 19587 7ff69c798b30 19584->19587 19594 7ff69c79f808 EnterCriticalSection 19587->19594

                                                                                                                      Executed Functions

                                                                                                                      Function 00007FF69C7A4EA0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 135 7ff69c7a4ea0-7ff69c7a4edb call 7ff69c7a4828 call 7ff69c7a4830 call 7ff69c7a4898 142 7ff69c7a4ee1-7ff69c7a4eec call 7ff69c7a4838 135->142 143 7ff69c7a5105-7ff69c7a5151 call 7ff69c799f30 call 7ff69c7a4828 call 7ff69c7a4830 call 7ff69c7a4898 135->143 142->143 148 7ff69c7a4ef2-7ff69c7a4efc 142->148 169 7ff69c7a528f-7ff69c7a52fd call 7ff69c799f30 call 7ff69c7a0738 143->169 170 7ff69c7a5157-7ff69c7a5162 call 7ff69c7a4838 143->170 150 7ff69c7a4f1e-7ff69c7a4f22 148->150 151 7ff69c7a4efe-7ff69c7a4f01 148->151 154 7ff69c7a4f25-7ff69c7a4f2d 150->154 153 7ff69c7a4f04-7ff69c7a4f0f 151->153 156 7ff69c7a4f11-7ff69c7a4f18 153->156 157 7ff69c7a4f1a-7ff69c7a4f1c 153->157 154->154 158 7ff69c7a4f2f-7ff69c7a4f42 call 7ff69c79cc2c 154->158 156->153 156->157 157->150 160 7ff69c7a4f4b-7ff69c7a4f59 157->160 165 7ff69c7a4f44-7ff69c7a4f46 call 7ff69c799f78 158->165 166 7ff69c7a4f5a-7ff69c7a4f66 call 7ff69c799f78 158->166 165->160 176 7ff69c7a4f6d-7ff69c7a4f75 166->176 189 7ff69c7a52ff-7ff69c7a5306 169->189 190 7ff69c7a530b-7ff69c7a530e 169->190 170->169 178 7ff69c7a5168-7ff69c7a5173 call 7ff69c7a4868 170->178 176->176 179 7ff69c7a4f77-7ff69c7a4f88 call 7ff69c79f9a4 176->179 178->169 187 7ff69c7a5179-7ff69c7a519c call 7ff69c799f78 GetTimeZoneInformation 178->187 179->143 188 7ff69c7a4f8e-7ff69c7a4fe4 call 7ff69c78b880 * 4 call 7ff69c7a4dbc 179->188 204 7ff69c7a51a2-7ff69c7a51c3 187->204 205 7ff69c7a5264-7ff69c7a528e call 7ff69c7a4820 call 7ff69c7a4810 call 7ff69c7a4818 187->205 247 7ff69c7a4fe6-7ff69c7a4fea 188->247 195 7ff69c7a539b-7ff69c7a539e 189->195 192 7ff69c7a5310 190->192 193 7ff69c7a5345-7ff69c7a5358 call 7ff69c79cc2c 190->193 196 7ff69c7a5313 192->196 214 7ff69c7a5363-7ff69c7a537e call 7ff69c7a0738 193->214 215 7ff69c7a535a 193->215 195->196 197 7ff69c7a53a4-7ff69c7a53ac call 7ff69c7a4ea0 195->197 202 7ff69c7a5318-7ff69c7a5344 call 7ff69c799f78 call 7ff69c78a100 196->202 203 7ff69c7a5313 call 7ff69c7a511c 196->203 197->202 203->202 209 7ff69c7a51ce-7ff69c7a51d5 204->209 210 7ff69c7a51c5-7ff69c7a51cb 204->210 218 7ff69c7a51d7-7ff69c7a51df 209->218 219 7ff69c7a51e9 209->219 210->209 233 7ff69c7a5380-7ff69c7a5383 214->233 234 7ff69c7a5385-7ff69c7a5397 call 7ff69c799f78 214->234 216 7ff69c7a535c-7ff69c7a5361 call 7ff69c799f78 215->216 216->192 218->219 226 7ff69c7a51e1-7ff69c7a51e7 218->226 229 7ff69c7a51eb-7ff69c7a525f call 7ff69c78b880 * 4 call 7ff69c7a1cfc call 7ff69c7a53b4 * 2 219->229 226->229 229->205 233->216 234->195 249 7ff69c7a4ff0-7ff69c7a4ff4 247->249 250 7ff69c7a4fec 247->250 249->247 252 7ff69c7a4ff6-7ff69c7a501b call 7ff69c7a7ce4 249->252 250->249 258 7ff69c7a501e-7ff69c7a5022 252->258 260 7ff69c7a5031-7ff69c7a5035 258->260 261 7ff69c7a5024-7ff69c7a502f 258->261 260->258 261->260 263 7ff69c7a5037-7ff69c7a503b 261->263 266 7ff69c7a503d-7ff69c7a5065 call 7ff69c7a7ce4 263->266 267 7ff69c7a50bc-7ff69c7a50c0 263->267 274 7ff69c7a5083-7ff69c7a5087 266->274 275 7ff69c7a5067 266->275 268 7ff69c7a50c2-7ff69c7a50c4 267->268 269 7ff69c7a50c7-7ff69c7a50d4 267->269 268->269 271 7ff69c7a50ef-7ff69c7a50fe call 7ff69c7a4820 call 7ff69c7a4810 269->271 272 7ff69c7a50d6-7ff69c7a50ec call 7ff69c7a4dbc 269->272 271->143 272->271 274->267 280 7ff69c7a5089-7ff69c7a50a7 call 7ff69c7a7ce4 274->280 278 7ff69c7a506a-7ff69c7a5071 275->278 278->274 282 7ff69c7a5073-7ff69c7a5081 278->282 287 7ff69c7a50b3-7ff69c7a50ba 280->287 282->274 282->278 287->267 288 7ff69c7a50a9-7ff69c7a50ad 287->288 288->267 289 7ff69c7a50af 288->289 289->287
                                                                                                                      APIs
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A4EE5
                                                                                                                        • Part of subcall function 00007FF69C7A4838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69C7A484C
                                                                                                                        • Part of subcall function 00007FF69C799F78: RtlReleasePrivilege.NTDLL(?,?,?,00007FF69C7A1EC2,?,?,?,00007FF69C7A1EFF,?,?,00000000,00007FF69C7A23C5,?,?,00000000,00007FF69C7A22F7), ref: 00007FF69C799F8E
                                                                                                                        • Part of subcall function 00007FF69C799F78: GetLastError.KERNEL32(?,?,?,00007FF69C7A1EC2,?,?,?,00007FF69C7A1EFF,?,?,00000000,00007FF69C7A23C5,?,?,00000000,00007FF69C7A22F7), ref: 00007FF69C799F98
                                                                                                                        • Part of subcall function 00007FF69C799F30: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF69C799F0F,?,?,?,?,?,00007FF69C791A40), ref: 00007FF69C799F39
                                                                                                                        • Part of subcall function 00007FF69C799F30: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF69C799F0F,?,?,?,?,?,00007FF69C791A40), ref: 00007FF69C799F5E
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A4ED4
                                                                                                                        • Part of subcall function 00007FF69C7A4898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69C7A48AC
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A514A
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A515B
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A516C
                                                                                                                      • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69C7A53AC), ref: 00007FF69C7A5193
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureInformationLastPresentPrivilegeProcessProcessorReleaseTimeZone
                                                                                                                      • String ID: W. Europe Daylight Time$W. Europe Standard Time
                                                                                                                      • API String ID: 415722205-986674615
                                                                                                                      • Opcode ID: 8a4b09a4e3b3778e00d65fc404147d88cd969e53c7f440905e6ec2573d948e0b
                                                                                                                      • Instruction ID: 94b2b4dbc2c588013fae559ef3538e055f73162f6f021218e6d176f215c85c32
                                                                                                                      • Opcode Fuzzy Hash: 8a4b09a4e3b3778e00d65fc404147d88cd969e53c7f440905e6ec2573d948e0b
                                                                                                                      • Instruction Fuzzy Hash: A9D1BC22E0864386EB74AF26E8905B96771FF947A4F459076EA0DCBB95DF3CE441C380
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7858E0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetTempPathW.KERNEL32(?,00000000,?,00007FF69C7858AD), ref: 00007FF69C78597A
                                                                                                                      • GetCurrentProcessId.KERNEL32(?,00007FF69C7858AD), ref: 00007FF69C785980
                                                                                                                        • Part of subcall function 00007FF69C785AF0: GetEnvironmentVariableW.KERNEL32(00007FF69C782817,?,?,?,?,?,?), ref: 00007FF69C785B2A
                                                                                                                        • Part of subcall function 00007FF69C785AF0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF69C785B47
                                                                                                                        • Part of subcall function 00007FF69C796818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69C796831
                                                                                                                      • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF69C785A31
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Environment$Variable$CurrentExpandPathProcessStringsTemp_invalid_parameter_noinfo
                                                                                                                      • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                      • API String ID: 1556224225-1116378104
                                                                                                                      • Opcode ID: c805534fc36cce2f638f5d4b2e31efb0a3bdcbd638384fcea02245f06552b5c8
                                                                                                                      • Instruction ID: d196886341a172073c2c1c236493b01240bb6e7a1a32bf8cb622c584774ccf67
                                                                                                                      • Opcode Fuzzy Hash: c805534fc36cce2f638f5d4b2e31efb0a3bdcbd638384fcea02245f06552b5c8
                                                                                                                      • Instruction Fuzzy Hash: 92518120B0D64350FEB4A722A9D66FA52B1EF85BD0F8440B1EE0ECFB96ED2DE5014710
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A5DEC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 390 7ff69c7a5dec-7ff69c7a5e5f call 7ff69c7a5b20 393 7ff69c7a5e61-7ff69c7a5e6a call 7ff69c796068 390->393 394 7ff69c7a5e79-7ff69c7a5e83 call 7ff69c796e60 390->394 399 7ff69c7a5e6d-7ff69c7a5e74 call 7ff69c796088 393->399 400 7ff69c7a5e9e-7ff69c7a5f07 CreateFileW 394->400 401 7ff69c7a5e85-7ff69c7a5e9c call 7ff69c796068 call 7ff69c796088 394->401 414 7ff69c7a61ba-7ff69c7a61da 399->414 404 7ff69c7a5f84-7ff69c7a5f8f GetFileType 400->404 405 7ff69c7a5f09-7ff69c7a5f0f 400->405 401->399 407 7ff69c7a5f91-7ff69c7a5fcc GetLastError call 7ff69c795ffc CloseHandle 404->407 408 7ff69c7a5fe2-7ff69c7a5fe9 404->408 410 7ff69c7a5f51-7ff69c7a5f7f GetLastError call 7ff69c795ffc 405->410 411 7ff69c7a5f11-7ff69c7a5f15 405->411 407->399 425 7ff69c7a5fd2-7ff69c7a5fdd call 7ff69c796088 407->425 417 7ff69c7a5ff1-7ff69c7a5ff4 408->417 418 7ff69c7a5feb-7ff69c7a5fef 408->418 410->399 411->410 412 7ff69c7a5f17-7ff69c7a5f4f CreateFileW 411->412 412->404 412->410 422 7ff69c7a5ffa-7ff69c7a604f call 7ff69c796d78 417->422 423 7ff69c7a5ff6 417->423 418->422 428 7ff69c7a606e-7ff69c7a609f call 7ff69c7a58a0 422->428 429 7ff69c7a6051-7ff69c7a605d call 7ff69c7a5d28 422->429 423->422 425->399 436 7ff69c7a60a1-7ff69c7a60a3 428->436 437 7ff69c7a60a5-7ff69c7a60e7 428->437 429->428 435 7ff69c7a605f 429->435 438 7ff69c7a6061-7ff69c7a6069 call 7ff69c79a0f0 435->438 436->438 439 7ff69c7a6109-7ff69c7a6114 437->439 440 7ff69c7a60e9-7ff69c7a60ed 437->440 438->414 441 7ff69c7a61b8 439->441 442 7ff69c7a611a-7ff69c7a611e 439->442 440->439 444 7ff69c7a60ef-7ff69c7a6104 440->444 441->414 442->441 445 7ff69c7a6124-7ff69c7a6169 CloseHandle CreateFileW 442->445 444->439 447 7ff69c7a619e-7ff69c7a61b3 445->447 448 7ff69c7a616b-7ff69c7a6199 GetLastError call 7ff69c795ffc call 7ff69c796fa0 445->448 447->441 448->447
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1617910340-0
                                                                                                                      • Opcode ID: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                                                                      • Instruction ID: 224d1ec9a288d918637213cfccc396347cc15e4e708dd6438aa8410a037937d3
                                                                                                                      • Opcode Fuzzy Hash: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                                                                      • Instruction Fuzzy Hash: FBC1CF33B28A4286EB60CF69C4916AD3771FB88BA8F010275DE2E9B795DF38D555C300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A511C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 795 7ff69c7a511c-7ff69c7a5151 call 7ff69c7a4828 call 7ff69c7a4830 call 7ff69c7a4898 802 7ff69c7a528f-7ff69c7a52fd call 7ff69c799f30 call 7ff69c7a0738 795->802 803 7ff69c7a5157-7ff69c7a5162 call 7ff69c7a4838 795->803 815 7ff69c7a52ff-7ff69c7a5306 802->815 816 7ff69c7a530b-7ff69c7a530e 802->816 803->802 808 7ff69c7a5168-7ff69c7a5173 call 7ff69c7a4868 803->808 808->802 814 7ff69c7a5179-7ff69c7a519c call 7ff69c799f78 GetTimeZoneInformation 808->814 828 7ff69c7a51a2-7ff69c7a51c3 814->828 829 7ff69c7a5264-7ff69c7a528e call 7ff69c7a4820 call 7ff69c7a4810 call 7ff69c7a4818 814->829 820 7ff69c7a539b-7ff69c7a539e 815->820 818 7ff69c7a5310 816->818 819 7ff69c7a5345-7ff69c7a5358 call 7ff69c79cc2c 816->819 821 7ff69c7a5313 818->821 836 7ff69c7a5363-7ff69c7a537e call 7ff69c7a0738 819->836 837 7ff69c7a535a 819->837 820->821 822 7ff69c7a53a4-7ff69c7a53ac call 7ff69c7a4ea0 820->822 826 7ff69c7a5318-7ff69c7a5344 call 7ff69c799f78 call 7ff69c78a100 821->826 827 7ff69c7a5313 call 7ff69c7a511c 821->827 822->826 827->826 832 7ff69c7a51ce-7ff69c7a51d5 828->832 833 7ff69c7a51c5-7ff69c7a51cb 828->833 840 7ff69c7a51d7-7ff69c7a51df 832->840 841 7ff69c7a51e9 832->841 833->832 853 7ff69c7a5380-7ff69c7a5383 836->853 854 7ff69c7a5385-7ff69c7a5397 call 7ff69c799f78 836->854 838 7ff69c7a535c-7ff69c7a5361 call 7ff69c799f78 837->838 838->818 840->841 847 7ff69c7a51e1-7ff69c7a51e7 840->847 849 7ff69c7a51eb-7ff69c7a525f call 7ff69c78b880 * 4 call 7ff69c7a1cfc call 7ff69c7a53b4 * 2 841->849 847->849 849->829 853->838 854->820
                                                                                                                      APIs
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A514A
                                                                                                                        • Part of subcall function 00007FF69C7A4898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69C7A48AC
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A515B
                                                                                                                        • Part of subcall function 00007FF69C7A4838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69C7A484C
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A516C
                                                                                                                        • Part of subcall function 00007FF69C7A4868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69C7A487C
                                                                                                                        • Part of subcall function 00007FF69C799F78: RtlReleasePrivilege.NTDLL(?,?,?,00007FF69C7A1EC2,?,?,?,00007FF69C7A1EFF,?,?,00000000,00007FF69C7A23C5,?,?,00000000,00007FF69C7A22F7), ref: 00007FF69C799F8E
                                                                                                                        • Part of subcall function 00007FF69C799F78: GetLastError.KERNEL32(?,?,?,00007FF69C7A1EC2,?,?,?,00007FF69C7A1EFF,?,?,00000000,00007FF69C7A23C5,?,?,00000000,00007FF69C7A22F7), ref: 00007FF69C799F98
                                                                                                                      • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69C7A53AC), ref: 00007FF69C7A5193
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorInformationLastPrivilegeReleaseTimeZone
                                                                                                                      • String ID: W. Europe Daylight Time$W. Europe Standard Time
                                                                                                                      • API String ID: 1182710636-986674615
                                                                                                                      • Opcode ID: 745ef94ea7204a2bfbd30c29007a49fe20bc82f24fe0203fc347e73c8b1ad169
                                                                                                                      • Instruction ID: 4c83dacb6ee478b4b08c11c95099450572934786ceb763c1360aeede3d4f3588
                                                                                                                      • Opcode Fuzzy Hash: 745ef94ea7204a2bfbd30c29007a49fe20bc82f24fe0203fc347e73c8b1ad169
                                                                                                                      • Instruction Fuzzy Hash: 10516B32A1864386F774DF22E8915B9A770FB98794F4091B6EA4DCBB96DF3CE4008740
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7869E0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2295610775-0
                                                                                                                      • Opcode ID: 0b7e5a9930ef76a70c4e782aa580d8521c3892be20b9910ca6b4e20049941746
                                                                                                                      • Instruction ID: 36a4f95510f11c3536891b0ab823b94c135f2c2cde922938197791e2f12c1285
                                                                                                                      • Opcode Fuzzy Hash: 0b7e5a9930ef76a70c4e782aa580d8521c3892be20b9910ca6b4e20049941746
                                                                                                                      • Instruction Fuzzy Hash: EEF0AF32A2868286F7B08F60E498B6A73B0FB84734F004335E66D4A6D4DF3CD5098B00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78A500 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 59578552-0
                                                                                                                      • Opcode ID: 7df629cd6e8306008f9e3eed4a483e0b5c85b3676623f040b2ff8f91b3e11bfb
                                                                                                                      • Instruction ID: 16aedd7f86cc2d39ef9b1134720cb688e286a078edd205e0aa0474e92020e567
                                                                                                                      • Opcode Fuzzy Hash: 7df629cd6e8306008f9e3eed4a483e0b5c85b3676623f040b2ff8f91b3e11bfb
                                                                                                                      • Instruction Fuzzy Hash: DEE0EC60E4E10386FA78776908834BC14B1DF46720F6002F9E21ECE3C2CD5D65925662
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79FA88 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1010374628-0
                                                                                                                      • Opcode ID: 036bb9af6ac8c728884dbc430cc13962f440282e35d529492d92ee50b2a68dd9
                                                                                                                      • Instruction ID: b5f641f5bfc587fcef7e057c4b0a19abef03a9fe08fa59e4fb29dca6d3f13162
                                                                                                                      • Opcode Fuzzy Hash: 036bb9af6ac8c728884dbc430cc13962f440282e35d529492d92ee50b2a68dd9
                                                                                                                      • Instruction Fuzzy Hash: F9029E21B0EA4341FE75AB2294512BD66B5EF46BA0F548AB5ED5FCE3D2DE3DE4018300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7817B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _fread_nolock$_invalid_parameter_noinfo
                                                                                                                      • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                      • API String ID: 3405171723-4158440160
                                                                                                                      • Opcode ID: a8577f2b0f5138d1e9a61530b02b2def67acde6bae16485aa9c9731d45f8862e
                                                                                                                      • Instruction ID: 8d77f70883bd2c3e4f58d526c591f42f616ec5abfc1601d169aafcb5a81f10ac
                                                                                                                      • Opcode Fuzzy Hash: a8577f2b0f5138d1e9a61530b02b2def67acde6bae16485aa9c9731d45f8862e
                                                                                                                      • Instruction Fuzzy Hash: D6517E72A09A4386EB64CF25D49167837B0FF88BA8B518175DA0DCB399DF3CE540CB40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C781440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 53 7ff69c781440-7ff69c781457 call 7ff69c785880 56 7ff69c781459-7ff69c781461 53->56 57 7ff69c781462-7ff69c781485 call 7ff69c785ba0 53->57 60 7ff69c7814a7-7ff69c7814ad 57->60 61 7ff69c781487-7ff69c7814a2 call 7ff69c781c10 57->61 63 7ff69c7814e0-7ff69c7814f4 call 7ff69c78ec94 60->63 64 7ff69c7814af-7ff69c7814ba call 7ff69c782de0 60->64 70 7ff69c781635-7ff69c781647 61->70 72 7ff69c781516-7ff69c78151a 63->72 73 7ff69c7814f6-7ff69c781511 call 7ff69c781c10 63->73 68 7ff69c7814bf-7ff69c7814c5 64->68 68->63 71 7ff69c7814c7-7ff69c7814db call 7ff69c781c50 68->71 83 7ff69c781617-7ff69c78161d 71->83 76 7ff69c78151c-7ff69c781528 call 7ff69c781050 72->76 77 7ff69c781534-7ff69c781554 call 7ff69c79414c 72->77 73->83 84 7ff69c78152d-7ff69c78152f 76->84 85 7ff69c781556-7ff69c781570 call 7ff69c781c10 77->85 86 7ff69c781575-7ff69c78157b 77->86 87 7ff69c78162b-7ff69c78162e call 7ff69c78e60c 83->87 88 7ff69c78161f call 7ff69c78e60c 83->88 84->83 99 7ff69c78160d-7ff69c781612 85->99 90 7ff69c781605-7ff69c781608 call 7ff69c794138 86->90 91 7ff69c781581-7ff69c781586 86->91 98 7ff69c781633 87->98 97 7ff69c781624 88->97 90->99 96 7ff69c781590-7ff69c7815b2 call 7ff69c78e95c 91->96 102 7ff69c7815e5-7ff69c7815ec 96->102 103 7ff69c7815b4-7ff69c7815cc call 7ff69c78f09c 96->103 97->87 98->70 99->83 104 7ff69c7815f3-7ff69c7815fb call 7ff69c781c10 102->104 109 7ff69c7815d5-7ff69c7815e3 103->109 110 7ff69c7815ce-7ff69c7815d1 103->110 111 7ff69c781600 104->111 109->104 110->96 112 7ff69c7815d3 110->112 111->90 112->111
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                      • API String ID: 0-666925554
                                                                                                                      • Opcode ID: 4e0a35826aa6f3fa5dc5f123bf0974ca5c8b06e58b51345989ed84a13a3bc1f2
                                                                                                                      • Instruction ID: 4c94d35def0a009d1faccd2c0276ab7def22e32ed4fac8922470fc154cfa1be8
                                                                                                                      • Opcode Fuzzy Hash: 4e0a35826aa6f3fa5dc5f123bf0974ca5c8b06e58b51345989ed84a13a3bc1f2
                                                                                                                      • Instruction Fuzzy Hash: 18516961B0864382EA309B21E494AB963B0EF85BE4F4545B1DE5DCF6D6EE3CE6458700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786A60 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                      • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                      • API String ID: 4998090-2855260032
                                                                                                                      • Opcode ID: b20addadb41895b7fa1c15aeef00f11f72797e778cfaf2ff3fb401bf2cfc9c16
                                                                                                                      • Instruction ID: 9900d8a1313bdb661cd84358a3db4f2ca9bd4f79cdbb4d26980f259d1d7c0207
                                                                                                                      • Opcode Fuzzy Hash: b20addadb41895b7fa1c15aeef00f11f72797e778cfaf2ff3fb401bf2cfc9c16
                                                                                                                      • Instruction Fuzzy Hash: D341723161C78392EB609F61E4846AE7371FB84BA4F540271EA5E8BAD5EF3CD549CB00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786130 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                      • String ID: CreateProcessW$Error creating child process!
                                                                                                                      • API String ID: 2895956056-3524285272
                                                                                                                      • Opcode ID: d5693698e4819ce5d510509d5cda6c943b390b1bcdb6e918232fd1435297541c
                                                                                                                      • Instruction ID: 3d713bc600958b09d4470e4c85b7c3ca3e2fcb28bfdac1884dc0d2d8e854d9a4
                                                                                                                      • Opcode Fuzzy Hash: d5693698e4819ce5d510509d5cda6c943b390b1bcdb6e918232fd1435297541c
                                                                                                                      • Instruction Fuzzy Hash: D5411F31A08B8391EB309B65E4952AAB3B4FB94370F504775E6AD8BBD5DF7CD1488B00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C781000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 453 7ff69c781000-7ff69c7827b6 call 7ff69c78e3e0 call 7ff69c78e3d8 call 7ff69c7867c0 call 7ff69c78a130 call 7ff69c794310 call 7ff69c794f7c call 7ff69c781af0 469 7ff69c7827bc-7ff69c7827cb call 7ff69c782cd0 453->469 470 7ff69c7828ca 453->470 469->470 475 7ff69c7827d1-7ff69c7827e4 call 7ff69c782ba0 469->475 472 7ff69c7828cf-7ff69c7828ef call 7ff69c78a100 470->472 475->470 479 7ff69c7827ea-7ff69c7827fd call 7ff69c782c50 475->479 479->470 482 7ff69c782803-7ff69c78282a call 7ff69c785af0 479->482 485 7ff69c78286c-7ff69c782894 call 7ff69c7860f0 call 7ff69c7819d0 482->485 486 7ff69c78282c-7ff69c78283b call 7ff69c785af0 482->486 496 7ff69c78297d-7ff69c78298e 485->496 497 7ff69c78289a-7ff69c7828b0 call 7ff69c7819d0 485->497 486->485 492 7ff69c78283d-7ff69c782843 486->492 494 7ff69c782845-7ff69c78284d 492->494 495 7ff69c78284f-7ff69c782869 call 7ff69c794138 call 7ff69c7860f0 492->495 494->495 495->485 501 7ff69c7829a3-7ff69c7829bb call 7ff69c786db0 496->501 502 7ff69c782990-7ff69c78299a call 7ff69c7824a0 496->502 508 7ff69c7828b2-7ff69c7828c5 call 7ff69c781c50 497->508 509 7ff69c7828f0-7ff69c7828f3 497->509 512 7ff69c7829bd-7ff69c7829c9 call 7ff69c781c50 501->512 513 7ff69c7829ce-7ff69c7829d5 SetDllDirectoryW 501->513 516 7ff69c78299c 502->516 517 7ff69c7829db-7ff69c7829e8 call 7ff69c784fa0 502->517 508->470 509->496 515 7ff69c7828f9-7ff69c782910 call 7ff69c782de0 509->515 512->470 513->517 526 7ff69c782917-7ff69c782943 call 7ff69c786360 515->526 527 7ff69c782912-7ff69c782915 515->527 516->501 524 7ff69c7829ea-7ff69c7829fa call 7ff69c784c40 517->524 525 7ff69c782a36-7ff69c782a3b call 7ff69c784f20 517->525 524->525 541 7ff69c7829fc-7ff69c782a0b call 7ff69c7847a0 524->541 534 7ff69c782a40-7ff69c782a43 525->534 536 7ff69c78296d-7ff69c78297b 526->536 537 7ff69c782945-7ff69c78294d call 7ff69c78e60c 526->537 528 7ff69c782952-7ff69c782968 call 7ff69c781c50 527->528 528->470 539 7ff69c782a49-7ff69c782a56 534->539 540 7ff69c782af6-7ff69c782b05 call 7ff69c782330 534->540 536->502 537->528 543 7ff69c782a60-7ff69c782a6a 539->543 540->470 551 7ff69c782b0b-7ff69c782b42 call 7ff69c786080 call 7ff69c785af0 call 7ff69c784540 540->551 554 7ff69c782a0d-7ff69c782a19 call 7ff69c784730 541->554 555 7ff69c782a2c-7ff69c782a31 call 7ff69c7849f0 541->555 548 7ff69c782a6c-7ff69c782a71 543->548 549 7ff69c782a73-7ff69c782a75 543->549 548->543 548->549 552 7ff69c782a77-7ff69c782a9a call 7ff69c781b30 549->552 553 7ff69c782ac1-7ff69c782af1 call 7ff69c782490 call 7ff69c7822d0 call 7ff69c782480 call 7ff69c7849f0 call 7ff69c784f20 549->553 551->470 578 7ff69c782b48-7ff69c782b7d call 7ff69c782490 call 7ff69c786130 call 7ff69c7849f0 call 7ff69c784f20 551->578 552->470 565 7ff69c782aa0-7ff69c782aab 552->565 553->472 554->555 566 7ff69c782a1b-7ff69c782a2a call 7ff69c784df0 554->566 555->525 569 7ff69c782ab0-7ff69c782abf 565->569 566->534 569->553 569->569 591 7ff69c782b87-7ff69c782b8a call 7ff69c781ab0 578->591 592 7ff69c782b7f-7ff69c782b82 call 7ff69c785df0 578->592 595 7ff69c782b8f-7ff69c782b91 591->595 592->591 595->472
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00007FF69C782CD0: GetModuleFileNameW.KERNEL32(?,00007FF69C7827C9,?,?,?,?,?,?), ref: 00007FF69C782D01
                                                                                                                      • SetDllDirectoryW.KERNEL32 ref: 00007FF69C7829D5
                                                                                                                        • Part of subcall function 00007FF69C785AF0: GetEnvironmentVariableW.KERNEL32(00007FF69C782817,?,?,?,?,?,?), ref: 00007FF69C785B2A
                                                                                                                        • Part of subcall function 00007FF69C785AF0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF69C785B47
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                      • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                      • API String ID: 2344891160-3602715111
                                                                                                                      • Opcode ID: 6b19a1956d89f67b46d1eee0cd4af378636b72933b20719b9954fa989dfa1658
                                                                                                                      • Instruction ID: dccd3f9d12306bb1a1b2d877eb6ed93effe38c9263d7646459d2a6c4723daee0
                                                                                                                      • Opcode Fuzzy Hash: 6b19a1956d89f67b46d1eee0cd4af378636b72933b20719b9954fa989dfa1658
                                                                                                                      • Instruction Fuzzy Hash: BDC16121A1C68351EA74AB2294D1AFD17B1FF84795F4040B2EB4DCF69BEF2CE6058710
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C781050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 596 7ff69c781050-7ff69c7810ab call 7ff69c789990 599 7ff69c7810ad-7ff69c7810d2 call 7ff69c781c50 596->599 600 7ff69c7810d3-7ff69c7810eb call 7ff69c79414c 596->600 605 7ff69c7810ed-7ff69c781104 call 7ff69c781c10 600->605 606 7ff69c781109-7ff69c781119 call 7ff69c79414c 600->606 611 7ff69c78126c-7ff69c7812a0 call 7ff69c789670 call 7ff69c794138 * 2 605->611 612 7ff69c78111b-7ff69c781132 call 7ff69c781c10 606->612 613 7ff69c781137-7ff69c781147 606->613 612->611 615 7ff69c781150-7ff69c781175 call 7ff69c78e95c 613->615 623 7ff69c78117b-7ff69c781185 call 7ff69c78e6d0 615->623 624 7ff69c78125e 615->624 623->624 630 7ff69c78118b-7ff69c781197 623->630 626 7ff69c781264 624->626 626->611 631 7ff69c7811a0-7ff69c7811c8 call 7ff69c787de0 630->631 634 7ff69c7811ca-7ff69c7811cd 631->634 635 7ff69c781241-7ff69c78125c call 7ff69c781c50 631->635 636 7ff69c78123c 634->636 637 7ff69c7811cf-7ff69c7811d9 634->637 635->626 636->635 639 7ff69c7811db-7ff69c7811e8 call 7ff69c78f09c 637->639 640 7ff69c781203-7ff69c781206 637->640 646 7ff69c7811ed-7ff69c7811f0 639->646 643 7ff69c781219-7ff69c78121e 640->643 644 7ff69c781208-7ff69c781216 call 7ff69c78aec0 640->644 643->631 645 7ff69c781220-7ff69c781223 643->645 644->643 649 7ff69c781237-7ff69c78123a 645->649 650 7ff69c781225-7ff69c781228 645->650 651 7ff69c7811f2-7ff69c7811fc call 7ff69c78e6d0 646->651 652 7ff69c7811fe-7ff69c781201 646->652 649->626 650->635 653 7ff69c78122a-7ff69c781232 650->653 651->643 651->652 652->635 653->615
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                      • API String ID: 0-1655038675
                                                                                                                      • Opcode ID: aa9e8bd9b65644c4c8f066621b1f0372d9fc841d71ea1d85ecf7a39b1313ebe3
                                                                                                                      • Instruction ID: 821e8b18f56e07cfb33dce1a1626e61310f8f59bef54e17261961ebcf3bc8ab9
                                                                                                                      • Opcode Fuzzy Hash: aa9e8bd9b65644c4c8f066621b1f0372d9fc841d71ea1d85ecf7a39b1313ebe3
                                                                                                                      • Instruction Fuzzy Hash: 2751C022B0968386EA70DB51E890BBA62B0FB857A4F448171DF4DCB795EF3CE545C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79DF30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • FreeLibrary.KERNEL32(?,00000000,?,00007FF69C79E2CA,?,?,-00000018,00007FF69C79A383,?,?,?,00007FF69C79A27A,?,?,?,00007FF69C7954E2), ref: 00007FF69C79E0AC
                                                                                                                      • GetProcAddress.KERNEL32(?,00000000,?,00007FF69C79E2CA,?,?,-00000018,00007FF69C79A383,?,?,?,00007FF69C79A27A,?,?,?,00007FF69C7954E2), ref: 00007FF69C79E0B8
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                      • API String ID: 3013587201-537541572
                                                                                                                      • Opcode ID: 5d4014bca18f9f9ee9ee76f308e7221266f6712ab36b1d3e30b229e2872ef72f
                                                                                                                      • Instruction ID: ddd2d43c056958e1cfdf3b53fa8c71bbf445876b14765c2153b7eaaa7f031362
                                                                                                                      • Opcode Fuzzy Hash: 5d4014bca18f9f9ee9ee76f308e7221266f6712ab36b1d3e30b229e2872ef72f
                                                                                                                      • Instruction Fuzzy Hash: 7C41B022B1AA1381FA758B1AA8006B623B6FF49BE0F684575DD1DCF784EE3DE4458304
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79B08C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 682 7ff69c79b08c-7ff69c79b0b2 683 7ff69c79b0b4-7ff69c79b0c8 call 7ff69c796068 call 7ff69c796088 682->683 684 7ff69c79b0cd-7ff69c79b0d1 682->684 698 7ff69c79b4be 683->698 685 7ff69c79b4a7-7ff69c79b4b3 call 7ff69c796068 call 7ff69c796088 684->685 686 7ff69c79b0d7-7ff69c79b0de 684->686 705 7ff69c79b4b9 call 7ff69c799f10 685->705 686->685 689 7ff69c79b0e4-7ff69c79b112 686->689 689->685 692 7ff69c79b118-7ff69c79b11f 689->692 695 7ff69c79b121-7ff69c79b133 call 7ff69c796068 call 7ff69c796088 692->695 696 7ff69c79b138-7ff69c79b13b 692->696 695->705 701 7ff69c79b141-7ff69c79b147 696->701 702 7ff69c79b4a3-7ff69c79b4a5 696->702 703 7ff69c79b4c1-7ff69c79b4d8 698->703 701->702 706 7ff69c79b14d-7ff69c79b150 701->706 702->703 705->698 706->695 709 7ff69c79b152-7ff69c79b177 706->709 710 7ff69c79b179-7ff69c79b17b 709->710 711 7ff69c79b1aa-7ff69c79b1b1 709->711 713 7ff69c79b1a2-7ff69c79b1a8 710->713 714 7ff69c79b17d-7ff69c79b184 710->714 715 7ff69c79b1b3-7ff69c79b1db call 7ff69c79cc2c call 7ff69c799f78 * 2 711->715 716 7ff69c79b186-7ff69c79b19d call 7ff69c796068 call 7ff69c796088 call 7ff69c799f10 711->716 718 7ff69c79b228-7ff69c79b23f 713->718 714->713 714->716 743 7ff69c79b1f8-7ff69c79b223 call 7ff69c79b8b4 715->743 744 7ff69c79b1dd-7ff69c79b1f3 call 7ff69c796088 call 7ff69c796068 715->744 747 7ff69c79b330 716->747 721 7ff69c79b241-7ff69c79b249 718->721 722 7ff69c79b2ba-7ff69c79b2c4 call 7ff69c7a2abc 718->722 721->722 726 7ff69c79b24b-7ff69c79b24d 721->726 734 7ff69c79b34e 722->734 735 7ff69c79b2ca-7ff69c79b2df 722->735 726->722 730 7ff69c79b24f-7ff69c79b265 726->730 730->722 736 7ff69c79b267-7ff69c79b273 730->736 738 7ff69c79b353-7ff69c79b373 ReadFile 734->738 735->734 740 7ff69c79b2e1-7ff69c79b2f3 GetConsoleMode 735->740 736->722 741 7ff69c79b275-7ff69c79b277 736->741 745 7ff69c79b379-7ff69c79b381 738->745 746 7ff69c79b46d-7ff69c79b476 GetLastError 738->746 740->734 748 7ff69c79b2f5-7ff69c79b2fd 740->748 741->722 742 7ff69c79b279-7ff69c79b291 741->742 742->722 749 7ff69c79b293-7ff69c79b29f 742->749 743->718 744->747 745->746 751 7ff69c79b387 745->751 754 7ff69c79b493-7ff69c79b496 746->754 755 7ff69c79b478-7ff69c79b48e call 7ff69c796088 call 7ff69c796068 746->755 756 7ff69c79b333-7ff69c79b33d call 7ff69c799f78 747->756 748->738 753 7ff69c79b2ff-7ff69c79b321 ReadConsoleW 748->753 749->722 758 7ff69c79b2a1-7ff69c79b2a3 749->758 762 7ff69c79b38e-7ff69c79b3a3 751->762 764 7ff69c79b323 GetLastError 753->764 765 7ff69c79b342-7ff69c79b34c 753->765 759 7ff69c79b329-7ff69c79b32b call 7ff69c795ffc 754->759 760 7ff69c79b49c-7ff69c79b49e 754->760 755->747 756->703 758->722 768 7ff69c79b2a5-7ff69c79b2b5 758->768 759->747 760->756 762->756 770 7ff69c79b3a5-7ff69c79b3b0 762->770 764->759 765->762 768->722 775 7ff69c79b3b2-7ff69c79b3cb call 7ff69c79aca4 770->775 776 7ff69c79b3d7-7ff69c79b3df 770->776 782 7ff69c79b3d0-7ff69c79b3d2 775->782 779 7ff69c79b3e1-7ff69c79b3f3 776->779 780 7ff69c79b45b-7ff69c79b468 call 7ff69c79aae4 776->780 783 7ff69c79b44e-7ff69c79b456 779->783 784 7ff69c79b3f5 779->784 780->782 782->756 783->756 786 7ff69c79b3fa-7ff69c79b401 784->786 787 7ff69c79b403-7ff69c79b407 786->787 788 7ff69c79b43d-7ff69c79b448 786->788 789 7ff69c79b423 787->789 790 7ff69c79b409-7ff69c79b410 787->790 788->783 792 7ff69c79b429-7ff69c79b439 789->792 790->789 791 7ff69c79b412-7ff69c79b416 790->791 791->789 793 7ff69c79b418-7ff69c79b421 791->793 792->786 794 7ff69c79b43b 792->794 793->792 794->783
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: 608c8a7f5a1533207e340b94d6e73d6f91becddc89d490c6a112c6be2d8fb0b3
                                                                                                                      • Instruction ID: 82f7d6ac986babecf3a28d8c6614c612b2433f3acca0bba6fa0b3d8d3728bba1
                                                                                                                      • Opcode Fuzzy Hash: 608c8a7f5a1533207e340b94d6e73d6f91becddc89d490c6a112c6be2d8fb0b3
                                                                                                                      • Instruction Fuzzy Hash: 48C1E132A0CA8791EB709B1594402BE7BB1FB81BD0F5542B5DA4E8B7D1CF7DE8498701
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79C590 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 872 7ff69c79c590-7ff69c79c5b5 873 7ff69c79c883 872->873 874 7ff69c79c5bb-7ff69c79c5be 872->874 877 7ff69c79c885-7ff69c79c895 873->877 875 7ff69c79c5c0-7ff69c79c5f2 call 7ff69c799e44 874->875 876 7ff69c79c5f7-7ff69c79c623 874->876 875->877 879 7ff69c79c62e-7ff69c79c634 876->879 880 7ff69c79c625-7ff69c79c62c 876->880 882 7ff69c79c644-7ff69c79c659 call 7ff69c7a2abc 879->882 883 7ff69c79c636-7ff69c79c63f call 7ff69c79b950 879->883 880->875 880->879 887 7ff69c79c65f-7ff69c79c668 882->887 888 7ff69c79c773-7ff69c79c77c 882->888 883->882 887->888 891 7ff69c79c66e-7ff69c79c672 887->891 889 7ff69c79c77e-7ff69c79c784 888->889 890 7ff69c79c7d0-7ff69c79c7f5 WriteFile 888->890 894 7ff69c79c786-7ff69c79c789 889->894 895 7ff69c79c7bc-7ff69c79c7ce call 7ff69c79c048 889->895 892 7ff69c79c800 890->892 893 7ff69c79c7f7-7ff69c79c7fd GetLastError 890->893 896 7ff69c79c683-7ff69c79c68e 891->896 897 7ff69c79c674-7ff69c79c67c call 7ff69c793830 891->897 901 7ff69c79c803 892->901 893->892 902 7ff69c79c7a8-7ff69c79c7ba call 7ff69c79c268 894->902 903 7ff69c79c78b-7ff69c79c78e 894->903 916 7ff69c79c760-7ff69c79c767 895->916 898 7ff69c79c69f-7ff69c79c6b4 GetConsoleMode 896->898 899 7ff69c79c690-7ff69c79c699 896->899 897->896 906 7ff69c79c6ba-7ff69c79c6c0 898->906 907 7ff69c79c76c 898->907 899->888 899->898 909 7ff69c79c808 901->909 902->916 910 7ff69c79c814-7ff69c79c81e 903->910 911 7ff69c79c794-7ff69c79c7a6 call 7ff69c79c14c 903->911 914 7ff69c79c6c6-7ff69c79c6c9 906->914 915 7ff69c79c749-7ff69c79c75b call 7ff69c79bbd0 906->915 907->888 917 7ff69c79c80d 909->917 918 7ff69c79c820-7ff69c79c825 910->918 919 7ff69c79c87c-7ff69c79c881 910->919 911->916 921 7ff69c79c6d4-7ff69c79c6e2 914->921 922 7ff69c79c6cb-7ff69c79c6ce 914->922 915->916 916->909 917->910 924 7ff69c79c853-7ff69c79c85d 918->924 925 7ff69c79c827-7ff69c79c82a 918->925 919->877 929 7ff69c79c740-7ff69c79c744 921->929 930 7ff69c79c6e4 921->930 922->917 922->921 927 7ff69c79c85f-7ff69c79c862 924->927 928 7ff69c79c864-7ff69c79c873 924->928 931 7ff69c79c843-7ff69c79c84e call 7ff69c796044 925->931 932 7ff69c79c82c-7ff69c79c83b 925->932 927->873 927->928 928->919 929->901 934 7ff69c79c6e8-7ff69c79c6ff call 7ff69c7a2b88 930->934 931->924 932->931 938 7ff69c79c701-7ff69c79c70d 934->938 939 7ff69c79c737-7ff69c79c73d GetLastError 934->939 940 7ff69c79c70f-7ff69c79c721 call 7ff69c7a2b88 938->940 941 7ff69c79c72c-7ff69c79c733 938->941 939->929 940->939 945 7ff69c79c723-7ff69c79c72a 940->945 941->929 942 7ff69c79c735 941->942 942->934 945->941
                                                                                                                      APIs
                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF69C79C57B), ref: 00007FF69C79C6AC
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF69C79C57B), ref: 00007FF69C79C737
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ConsoleErrorLastMode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 953036326-0
                                                                                                                      • Opcode ID: 1ee269c4fb3492fdab786e16ea0be33da994e1b3a3006f3c14cd8905a42bf150
                                                                                                                      • Instruction ID: 59cdb746823a71318d7daa37a5addfb5433ed18be56a2a729413a28b3af76ac7
                                                                                                                      • Opcode Fuzzy Hash: 1ee269c4fb3492fdab786e16ea0be33da994e1b3a3006f3c14cd8905a42bf150
                                                                                                                      • Instruction Fuzzy Hash: 02919F72E1865385FB708F7A94506BD2BB0FB44B98F5441B9DE0EABA85DF38D486C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79E95C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _get_daylight$_isindst
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4170891091-0
                                                                                                                      • Opcode ID: 993f4cb53d01987759aa9ab87d439edc94425a62c6450610c4994d1423bcdf7f
                                                                                                                      • Instruction ID: 737130feb984716d3935bcb61e6769aca781d8bd6de67c4c855c3c4c4b24b1f4
                                                                                                                      • Opcode Fuzzy Hash: 993f4cb53d01987759aa9ab87d439edc94425a62c6450610c4994d1423bcdf7f
                                                                                                                      • Instruction Fuzzy Hash: 2B51D772F046138AFB38CF249955ABC67B1FB513A9F640175DD1E9AAE5EF38A401C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79483C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2780335769-0
                                                                                                                      • Opcode ID: 1291a0862dc251a0f1dda952d285f4a36c3dc69b0fb142e3468d3d288eb0a289
                                                                                                                      • Instruction ID: 0c03340af403493be60365e1ff8131f7c7eba15252cc720c37263a79877a728e
                                                                                                                      • Opcode Fuzzy Hash: 1291a0862dc251a0f1dda952d285f4a36c3dc69b0fb142e3468d3d288eb0a289
                                                                                                                      • Instruction Fuzzy Hash: 1A517A32E086428AFB60DF71D4513BD27B1EB48BA8F108175DE4D9B689DF38D4818764
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7946E8 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279662727-0
                                                                                                                      • Opcode ID: 58b178a13046118a9aa3eab3ad0445e857bf873c1952e3e12f7b4cc56e3b75ff
                                                                                                                      • Instruction ID: cf49d62348ff3ed73f3cbf8a1e0ac0fa283afe20461f1c60256934f32fd9f39a
                                                                                                                      • Opcode Fuzzy Hash: 58b178a13046118a9aa3eab3ad0445e857bf873c1952e3e12f7b4cc56e3b75ff
                                                                                                                      • Instruction Fuzzy Hash: 1441B032E1878387F7608B6195103797370FBA57A8F109374EA9C8BAD5DF6CA5A08B10
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78A51C Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3058843127-0
                                                                                                                      • Opcode ID: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                                                                      • Instruction ID: 57296c7966a48b1006b2ae3438622c904f6a462f58703f208bce464c2353b7a8
                                                                                                                      • Opcode Fuzzy Hash: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                                                                      • Instruction Fuzzy Hash: 12314C21E0820382FA70AB21D595BB923B1EF857A4F4444B5EB0DCF6DBDE2DEA45C741
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7989E8 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1703294689-0
                                                                                                                      • Opcode ID: fc68bfbf785dc4e8d02d30f22ac316467e06faf73d836825e3014864920bd8dd
                                                                                                                      • Instruction ID: 5873ebd940acabdcbc5f246bda28eb8570783bf62d6b64ebb9a4f0deb00f404b
                                                                                                                      • Opcode Fuzzy Hash: fc68bfbf785dc4e8d02d30f22ac316467e06faf73d836825e3014864920bd8dd
                                                                                                                      • Instruction Fuzzy Hash: 09D06C20B0874387EB686B71989517A6271EF88761F0414B8C84B8A393DE2DE94D4B40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78E6FC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: 91f838de0bf1c0634cfb639a0c406c35748c40ae1573d712d08faa75350ec251
                                                                                                                      • Instruction ID: 77079b79ee7cb0aa1a420dc90d3edc19bb35e13a0c6f427a574ddaecca71d599
                                                                                                                      • Opcode Fuzzy Hash: 91f838de0bf1c0634cfb639a0c406c35748c40ae1573d712d08faa75350ec251
                                                                                                                      • Instruction Fuzzy Hash: 2451E465B0964346FA789A369480A7A66A1FF40BF8F484774DF6C8B7C5CF3CE4018701
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79BA48 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileHandleType
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3000768030-0
                                                                                                                      • Opcode ID: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                                                                      • Instruction ID: f16c30cd9f4ed63bd4aca20e2b43580b8687b5fd84202613e040401e5da597ab
                                                                                                                      • Opcode Fuzzy Hash: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                                                                      • Instruction Fuzzy Hash: 56319822A18B4791DB748B1595905787A70FB56BB0F681379DB6E8B3E4CF38E4A1D300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78A430 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3548387204-0
                                                                                                                      • Opcode ID: e73ddc723508b0491e4b94715f99b78742a126c962af343d9941132424497e48
                                                                                                                      • Instruction ID: f86b569db9a177996d56ec784fabf0df6b610f7f71030429e8e2055340a477bf
                                                                                                                      • Opcode Fuzzy Hash: e73ddc723508b0491e4b94715f99b78742a126c962af343d9941132424497e48
                                                                                                                      • Instruction Fuzzy Hash: 29119B50E0C20342FA7477B554EAABC11B1DF94324F6504F4E71DCE6D3ED5CBA868262
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79A188 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF69C79A005,?,?,00000000,00007FF69C79A0BA), ref: 00007FF69C79A1F6
                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF69C79A005,?,?,00000000,00007FF69C79A0BA), ref: 00007FF69C79A200
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1687624791-0
                                                                                                                      • Opcode ID: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                                                                      • Instruction ID: 2fb58d43efea6c72195f22310c2517cd6bcfcbc33f3f0b2687635c73d0ac2bc9
                                                                                                                      • Opcode Fuzzy Hash: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                                                                      • Instruction Fuzzy Hash: B121C021F1964341FEB09766989427E22B2EF847F4F5842B5DA2ECF3C6DE6CE5458300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79B764 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF69C79B750,00000000,?,?,?,00007FF69C781023,00007FF69C79B859), ref: 00007FF69C79B7B0
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00007FF69C79B750,00000000,?,?,?,00007FF69C781023,00007FF69C79B859), ref: 00007FF69C79B7BA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorFileLastPointer
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2976181284-0
                                                                                                                      • Opcode ID: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                                                                      • Instruction ID: e10293e4a8896a1ee501131c98b0ed445d9ef08dfb9850f811b378431e1c1b8a
                                                                                                                      • Opcode Fuzzy Hash: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                                                                      • Instruction Fuzzy Hash: 5511CE62A18A8381DA708B3AA844069A371EB84BF4F545372EE7D8F7E9DE3CD0558700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A1BFC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF69C7981E6,?,?,00000000,00007FF69C7986DA,?,?,?,?,00007FF69C7A05A4,?,?,00000000), ref: 00007FF69C7A1C10
                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF69C7981E6,?,?,00000000,00007FF69C7986DA,?,?,?,?,00007FF69C7A05A4,?,?,00000000), ref: 00007FF69C7A1C7A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnvironmentStrings$Free
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3328510275-0
                                                                                                                      • Opcode ID: b3a062829872af6974a4aa4e10851de53fbbd47a60837950177de8e670e56adc
                                                                                                                      • Instruction ID: 4e310e3e1c4e9727a68570c3886d07c5278561f6ed65864b717cd315a49cf4a1
                                                                                                                      • Opcode Fuzzy Hash: b3a062829872af6974a4aa4e10851de53fbbd47a60837950177de8e670e56adc
                                                                                                                      • Instruction Fuzzy Hash: 4001C411E1876382FB34AB21740102A63B0EF94FF0B484670EF6E5BBC5DE2CE8428740
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7949E4 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69C7948F9), ref: 00007FF69C794A17
                                                                                                                      • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69C7948F9), ref: 00007FF69C794A2D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Time$System$FileLocalSpecific
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1707611234-0
                                                                                                                      • Opcode ID: 5359c6eadbc125880de5eb3a516e79e0ad43a75e61374d6be107f92d83a7530b
                                                                                                                      • Instruction ID: 27a24ac8956c5f068afd0e8e300bd53684ac6dc0a51fa59471f3f0dfad285aae
                                                                                                                      • Opcode Fuzzy Hash: 5359c6eadbc125880de5eb3a516e79e0ad43a75e61374d6be107f92d83a7530b
                                                                                                                      • Instruction Fuzzy Hash: 94119172A1C64381EB748B10A41107AF7B0FB817B5F500275F6ADC9AD8EF2CD154DB10
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C796AE8 Relevance: 3.0, APIs: 2, Instructions: 35timeCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69C796965), ref: 00007FF69C796B0B
                                                                                                                      • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF69C796965), ref: 00007FF69C796B21
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Time$System$FileLocalSpecific
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1707611234-0
                                                                                                                      • Opcode ID: 4979fb33e8de5b56483d857dcf3248564858e1df126649fde4a887e8262e5eb8
                                                                                                                      • Instruction ID: abd9d08624fa4e6485cbfe3dc89848776ae9c347481a3b0bb61520e263fe7aca
                                                                                                                      • Opcode Fuzzy Hash: 4979fb33e8de5b56483d857dcf3248564858e1df126649fde4a887e8262e5eb8
                                                                                                                      • Instruction Fuzzy Hash: 9301613291C65286E7B09B14E40127EB7B1FB86BB1F604375F6A9899D8EF3DD150DB00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C799F78 Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlReleasePrivilege.NTDLL(?,?,?,00007FF69C7A1EC2,?,?,?,00007FF69C7A1EFF,?,?,00000000,00007FF69C7A23C5,?,?,00000000,00007FF69C7A22F7), ref: 00007FF69C799F8E
                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF69C7A1EC2,?,?,?,00007FF69C7A1EFF,?,?,00000000,00007FF69C7A23C5,?,?,00000000,00007FF69C7A22F7), ref: 00007FF69C799F98
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastPrivilegeRelease
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1334314998-0
                                                                                                                      • Opcode ID: 38b70030576bf13f94cd83556ee530387765cecd0e7570bb2763cadcf4087263
                                                                                                                      • Instruction ID: dd4e2b473289604463ce43e0a5395a3128781d3b2b8161976eed6fc9e822160b
                                                                                                                      • Opcode Fuzzy Hash: 38b70030576bf13f94cd83556ee530387765cecd0e7570bb2763cadcf4087263
                                                                                                                      • Instruction Fuzzy Hash: 0BE08C50F0E20382FF38ABF298850795272DFD4B60F0440B4C80ECE391EE2CA9898710
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7970D4 Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DeleteErrorFileLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2018770650-0
                                                                                                                      • Opcode ID: d9df61864aacf0c38aa57b7a7eccc268b2766f97fd3960567bd6780660c5006e
                                                                                                                      • Instruction ID: 5a527e9eeece7eb5b9b57f4db599747afb209a34bb1e933803174f3e5eeb6550
                                                                                                                      • Opcode Fuzzy Hash: d9df61864aacf0c38aa57b7a7eccc268b2766f97fd3960567bd6780660c5006e
                                                                                                                      • Instruction Fuzzy Hash: 9ED01214F1C60382EB7827BA1C9607E26B0EF84730F5007F4D82EC82E0EE2CE2D90A11
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C796850 Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DirectoryErrorLastRemove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 377330604-0
                                                                                                                      • Opcode ID: f10b0acbf04ce372ff2bba8e22346aa2cd94a9581c077f1b6ddec38c1268e9e8
                                                                                                                      • Instruction ID: eb9a3b7da182040b8e06a30192daff1ffcd1f223ad4b5ea0a2e2014ac51c58a4
                                                                                                                      • Opcode Fuzzy Hash: f10b0acbf04ce372ff2bba8e22346aa2cd94a9581c077f1b6ddec38c1268e9e8
                                                                                                                      • Instruction Fuzzy Hash: 3CD0CA10E2D50382EAB427B218468BA10B0AF887B0F5007B4C42AC92E0EE2CE6990A01
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C785DF0 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide_findclose
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2772937645-0
                                                                                                                      • Opcode ID: 181f2765e85eb4e7ebd6c50f12fb6341e80b998725aa5779b2beb13a577095ea
                                                                                                                      • Instruction ID: 520b81e72f6339696a58c4f5e13cbe98861c01e1b9b8eafaf14e700ae21fa379
                                                                                                                      • Opcode Fuzzy Hash: 181f2765e85eb4e7ebd6c50f12fb6341e80b998725aa5779b2beb13a577095ea
                                                                                                                      • Instruction Fuzzy Hash: 12719F52E18AC681EB21CB2CC5452FD6370F7A9B4CF54E325DB9C56592EF28E2D9C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79B4DC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                                                                      • Instruction ID: 6ac459f898f31ba28a16c4a163367f3b276ca90eee18052156fe32bcdafe8981
                                                                                                                      • Opcode Fuzzy Hash: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                                                                      • Instruction Fuzzy Hash: 4D41CF3290864387FA34CB19A54127973B1EB56B90F140175DA8ECB7D5DF2CE402C751
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786360 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _fread_nolock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 840049012-0
                                                                                                                      • Opcode ID: c5b8a749951dd11599b57e68424ac9fc2a1e9001941f98bc707ba8da285eeb53
                                                                                                                      • Instruction ID: 3f16642c7eaa28435b0ec8cf981e1bc6e5da30afc51b50c35b9c1a2b6edca2b1
                                                                                                                      • Opcode Fuzzy Hash: c5b8a749951dd11599b57e68424ac9fc2a1e9001941f98bc707ba8da285eeb53
                                                                                                                      • Instruction Fuzzy Hash: 22219121B0869356FE249B126984BBEA661FF45BD4F884470EF1D8F786DF7CE145C204
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79AF6C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: 215bf1b77ccde561eed8eea60c34a1d65fc1379a1c4c4c23abd8e86c97fd8e23
                                                                                                                      • Instruction ID: a94c71545854c68a040015735cd57e5caeb0db96e116776c1f4964a5233ba451
                                                                                                                      • Opcode Fuzzy Hash: 215bf1b77ccde561eed8eea60c34a1d65fc1379a1c4c4c23abd8e86c97fd8e23
                                                                                                                      • Instruction Fuzzy Hash: BD31B362E18A0385F771AB59888237C3670EF40BA4F4102B5E91E8F3D2DF7DE9468721
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C798919 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3947729631-0
                                                                                                                      • Opcode ID: 7474e071a48ef7130f5acd4d7b35ddfbaeb0d66e7037ac086cf5d56d8c80b409
                                                                                                                      • Instruction ID: da286fac549de87f519e75b109a902cca3a68b314863ef092060162ec2d308e9
                                                                                                                      • Opcode Fuzzy Hash: 7474e071a48ef7130f5acd4d7b35ddfbaeb0d66e7037ac086cf5d56d8c80b409
                                                                                                                      • Instruction Fuzzy Hash: CA218C72A087078AEB349F64C4442FC3BB0EB44728F08567AD66D8AAC5DF38D584CB81
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C795538 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                                                                      • Instruction ID: c1267f9eebd40298a48cf2c00a48b15e95007572602a6086aa59a15a49852321
                                                                                                                      • Opcode Fuzzy Hash: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                                                                      • Instruction Fuzzy Hash: 5911B421A1C65381EAF09F51940127DA2B0FF85B80F4846B1EB8CDFB96CF7DE8015740
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A57DC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                                                                      • Instruction ID: 77f1bec3c38a44cfecf8555fa028dc14e5c6701cc8e3eec3d2e88d92d8eb8f97
                                                                                                                      • Opcode Fuzzy Hash: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                                                                      • Instruction Fuzzy Hash: 58215032A18A4386DBB58F29E44077976B0FBC4BA4F544274EA5D8B6D9DF3DD4058B00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78E97C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                                                                      • Instruction ID: c3631b770ee68b18c92ec6158e17cfa7c6bcfbea6c436f6bcf7668677e53edb7
                                                                                                                      • Opcode Fuzzy Hash: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                                                                      • Instruction Fuzzy Hash: 73010425B08B5380EA64DB629840479AAB1FF82FE0F0846B1DF5C9BBDACF7CD4018300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7964DC Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: ec6a8bbc8393b9a035b98e996b47f7bdc6c1af4ae5fba4cb41e2bad1113de79b
                                                                                                                      • Instruction ID: 5e9be2757628f222ba0662b366d52434d412ed05e0c1d4867abf0046065b0d41
                                                                                                                      • Opcode Fuzzy Hash: ec6a8bbc8393b9a035b98e996b47f7bdc6c1af4ae5fba4cb41e2bad1113de79b
                                                                                                                      • Instruction Fuzzy Hash: 7F018860E0D68381FEB0AB65664517956B0EF047E4F4807B5EA2ECE7DEEF3CE8418200
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79DEB8 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF69C79AA16,?,?,?,00007FF69C799BD3,?,?,00000000,00007FF69C799E6E), ref: 00007FF69C79DF0D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                                                                      • Instruction ID: ec4a589262f368598a7289b7c3861dd4c7e2b0e29f3890a793d9ececb0b7647b
                                                                                                                      • Opcode Fuzzy Hash: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                                                                      • Instruction Fuzzy Hash: 8AF09054B0920341FE789B6599523B452B5DFB8B80F4C44B0DA0ECE7D2EE2CE4824220
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79CC2C Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(?,?,?,00007FF69C78F1E4,?,?,?,00007FF69C7906F6,?,?,?,?,?,00007FF69C79275D), ref: 00007FF69C79CC6A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: b827a7ab023d1767f95784f6f7fefaf86c66ee15463514ccfd07e797832e7771
                                                                                                                      • Instruction ID: 192ba6ad6c442a97d726976aa7ff6d943de6c0ac2b6f454345e119d4d685d40e
                                                                                                                      • Opcode Fuzzy Hash: b827a7ab023d1767f95784f6f7fefaf86c66ee15463514ccfd07e797832e7771
                                                                                                                      • Instruction Fuzzy Hash: D2F08C50B0D24741FE7957BA595267516B0CF86BB0F0843B4DD2ECD3D2DE2DE4809210
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C794330 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalDeleteSection
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 166494926-0
                                                                                                                      • Opcode ID: 4fd120b73a629d883ca29666dc6e96e53ae8027157cfc4b2fbf2f388d8eb3ff1
                                                                                                                      • Instruction ID: a49cbbc3888d35b41a0a7b8f57dd1740ccce68a06a653eda2ab971770fe26db9
                                                                                                                      • Opcode Fuzzy Hash: 4fd120b73a629d883ca29666dc6e96e53ae8027157cfc4b2fbf2f388d8eb3ff1
                                                                                                                      • Instruction Fuzzy Hash: ACF0C055E4890341FF20AB75D99137813B1EF94754F4011B1DA1EDE3A29F1CA4948311
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C796818 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: d8ddd072cb9aeb27808c6bd09a31392064f42f391621abce153dcee42f6a1f6e
                                                                                                                      • Instruction ID: 706e2d629e3f544bef217625085b119c8f9f75ed6dca739c4a3a17c02ecd5c1d
                                                                                                                      • Opcode Fuzzy Hash: d8ddd072cb9aeb27808c6bd09a31392064f42f391621abce153dcee42f6a1f6e
                                                                                                                      • Instruction Fuzzy Hash: D2E0EC91E0820786F6B47BA945C39781130DF947C0F4441B4D9498E2C7DE1EA84A5621
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786490 Relevance: 1.3, APIs: 1, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DirectoryErrorLastRemove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 377330604-0
                                                                                                                      • Opcode ID: 084d7b594bcd28fb49fbeb931c26155fa6ca1cda91761dc2622677426efca5d5
                                                                                                                      • Instruction ID: aae826b10c06be30afc1ac259ef4f06aa33d63c213dc7d1e4557c5c8d0ecf113
                                                                                                                      • Opcode Fuzzy Hash: 084d7b594bcd28fb49fbeb931c26155fa6ca1cda91761dc2622677426efca5d5
                                                                                                                      • Instruction Fuzzy Hash: BA418416D1C7C691EA619B24D5412FC2370FBA5784F44A372EF8D86197EF28E2C8C310
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Non-executed Functions

                                                                                                                      Function 00007FF69C782F20 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C782F36
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C782F75
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C782F9A
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C782FBF
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C782FE7
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C78300F
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C783037
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C78305F
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C783087
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc
                                                                                                                      • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                      • API String ID: 190572456-3109299426
                                                                                                                      • Opcode ID: 3d8788b48c699204fb620db4b6681a167f3e5177f9efbc96361098fa63709e71
                                                                                                                      • Instruction ID: 812d85f795bf98af3192a6102106c999bc46628bc88f04f8d4020d2389525e95
                                                                                                                      • Opcode Fuzzy Hash: 3d8788b48c699204fb620db4b6681a167f3e5177f9efbc96361098fa63709e71
                                                                                                                      • Instruction Fuzzy Hash: 61429964A0EB0391FB759B19A89057523B1EF987A1F8451B5C94E8E3A8FFBCF548D300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A324C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                      • API String ID: 808467561-2761157908
                                                                                                                      • Opcode ID: 94a7ddbc9dfde8fb095d9bbce1265888f255539b2e0e0fd568165e141f3b5970
                                                                                                                      • Instruction ID: 0815fdf29cadba947432bede1df20a5d5b9870d47ea065aacb0c4fa8ba6e2cb7
                                                                                                                      • Opcode Fuzzy Hash: 94a7ddbc9dfde8fb095d9bbce1265888f255539b2e0e0fd568165e141f3b5970
                                                                                                                      • Instruction Fuzzy Hash: 97B2C172A182838BE7758F69D440BFD77B1FB98398F505175DA0D9BA84DF38EA008B50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786670 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLastError.KERNEL32(WideCharToMultiByte,00007FF69C781CE4,?,?,00000000,00007FF69C786904), ref: 00007FF69C786697
                                                                                                                      • FormatMessageW.KERNEL32 ref: 00007FF69C7866C6
                                                                                                                      • WideCharToMultiByte.KERNEL32 ref: 00007FF69C78671C
                                                                                                                        • Part of subcall function 00007FF69C781CB0: GetLastError.KERNEL32(?,?,00000000,00007FF69C786904,?,?,?,?,?,?,?,?,?,?,?,00007FF69C781023), ref: 00007FF69C781CD7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast$ByteCharFormatMessageMultiWide
                                                                                                                      • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                      • API String ID: 2383786077-2573406579
                                                                                                                      • Opcode ID: ee4750cad08e904e569e44cd6da303e01fcfffc44399732fd87d74f29f2688a4
                                                                                                                      • Instruction ID: 18b264645dd52d94773c5ad3a2bc2e2a7a92fdee265db8bb7fd4f4d4a40c4e20
                                                                                                                      • Opcode Fuzzy Hash: ee4750cad08e904e569e44cd6da303e01fcfffc44399732fd87d74f29f2688a4
                                                                                                                      • Instruction Fuzzy Hash: E1218331A0CA43A2FB709B15E89467623B5FF88394F840175E64DCA6A4EF3CD149C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78AA2C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3140674995-0
                                                                                                                      • Opcode ID: 414c3b7d1a52ef3ba5408d69683659119c26abb58edcf35ad0cee906abb0d3fb
                                                                                                                      • Instruction ID: dd58bc1270c9152811ac3a304d3db1bc54cc28a3ce67e3fa7f7a7bef6b996a07
                                                                                                                      • Opcode Fuzzy Hash: 414c3b7d1a52ef3ba5408d69683659119c26abb58edcf35ad0cee906abb0d3fb
                                                                                                                      • Instruction Fuzzy Hash: 43315E72609A8296EB709F60E8807ED7375FB84754F444039DB4E8BA94DF3CD648CB10
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C799C44 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1239891234-0
                                                                                                                      • Opcode ID: 5dfb057c3f1a11160ff10646ccc1b52b02cf652cbed9a545e94d4dbf2c44da7d
                                                                                                                      • Instruction ID: 141f4c855ec25e7530ae5a224d50e46508b5110c23623da87ba9947fa8bd2146
                                                                                                                      • Opcode Fuzzy Hash: 5dfb057c3f1a11160ff10646ccc1b52b02cf652cbed9a545e94d4dbf2c44da7d
                                                                                                                      • Instruction Fuzzy Hash: EB314132618B8296E770CF25E8806AE73B4FB847A4F540175EA9D87B54DF3CD655CB00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A0A34 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2227656907-0
                                                                                                                      • Opcode ID: ced153bd746da3696451066ca553fc750e98195ae426049d21287c39b66479d4
                                                                                                                      • Instruction ID: 527aff6bc488555b264279ba9a4ceb253eb778ea64495abcc813af2fd8193e8b
                                                                                                                      • Opcode Fuzzy Hash: ced153bd746da3696451066ca553fc750e98195ae426049d21287c39b66479d4
                                                                                                                      • Instruction Fuzzy Hash: 4BB1A222B1869381EB719B2599016B9A3B1EB84BF4F845971EA5F8FBC5DE3CE441C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A2DB0 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: memcpy_s
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1502251526-0
                                                                                                                      • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                      • Instruction ID: 9ae85177d94e30c32b2d265b8831f1abd247fcf630e5505b97124b48fb75ea10
                                                                                                                      • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                      • Instruction Fuzzy Hash: 74C1E272B1868687EB34CF5AA14466AB7A1F7C8B94F449135DB4E8B784DF3DE801CB40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A8BE8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionRaise_clrfp
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 15204871-0
                                                                                                                      • Opcode ID: ce95b3d84f14f29cd4e01f3d624d654ffebb0793079cdf733c9da6505e2ad06c
                                                                                                                      • Instruction ID: f5475c2de46dedebef232a9d3fbc01ef994a4f40469f9a0004293f7681c79eb1
                                                                                                                      • Opcode Fuzzy Hash: ce95b3d84f14f29cd4e01f3d624d654ffebb0793079cdf733c9da6505e2ad06c
                                                                                                                      • Instruction Fuzzy Hash: 50B14C73A04B8A8BEB25CF29C8463687BB0F784B58F588965DB5D8B7A4CF39D451C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C792A18 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $
                                                                                                                      • API String ID: 0-227171996
                                                                                                                      • Opcode ID: 12f3629fc0db3b94ce06ee7fe38b00bcc3d57b8cb20d1c91e47922b02d0d68b8
                                                                                                                      • Instruction ID: cf20bdde9b00159dab466b410005fb6dae61e2c465f1a8150db89ceb3bd9b1a4
                                                                                                                      • Opcode Fuzzy Hash: 12f3629fc0db3b94ce06ee7fe38b00bcc3d57b8cb20d1c91e47922b02d0d68b8
                                                                                                                      • Instruction Fuzzy Hash: 1AE19F32A0864782EB7CAF29805057973B0FF46B58F245275DE4E8B7A6DF39E852C740
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79D1F8 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: e+000$gfff
                                                                                                                      • API String ID: 0-3030954782
                                                                                                                      • Opcode ID: 7f3e0c3824b7b5cf876389fd48d0d53d421d0873473af5a4edca9f3cc5d4c2f0
                                                                                                                      • Instruction ID: 74893b49f54a108ddc362310515ad92142f0a326da6f6a5c5e2f063a237cecb6
                                                                                                                      • Opcode Fuzzy Hash: 7f3e0c3824b7b5cf876389fd48d0d53d421d0873473af5a4edca9f3cc5d4c2f0
                                                                                                                      • Instruction Fuzzy Hash: 1A515422B186C686F7348F35A801769BBA1E754B94F08C2B1CBAC8FBC5CE3DE4408701
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79CD64 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: gfffffff
                                                                                                                      • API String ID: 0-1523873471
                                                                                                                      • Opcode ID: 7cb6c3f32e91a926ccbf64ab8ba01f2a38c928c6639247976dccb01524fe6e1b
                                                                                                                      • Instruction ID: 77aedce48882875e91fc318e84e42ab1f11c85373a06ce8256fd702135b06fe5
                                                                                                                      • Opcode Fuzzy Hash: 7cb6c3f32e91a926ccbf64ab8ba01f2a38c928c6639247976dccb01524fe6e1b
                                                                                                                      • Instruction Fuzzy Hash: 6FA13563A0878646EF31CF29A0507A9BBA5EB64B84F048172DA4E8B785DE3DD506C701
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7970FC Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID: TMP
                                                                                                                      • API String ID: 3215553584-3125297090
                                                                                                                      • Opcode ID: 3a73e6dc2668fe775a8e7a753988208328cb32df439470867ce9a295c9724654
                                                                                                                      • Instruction ID: ad3d652806ca248a76d46a87209ab7b59c420802c5e418217d7ff5ec77022f29
                                                                                                                      • Opcode Fuzzy Hash: 3a73e6dc2668fe775a8e7a753988208328cb32df439470867ce9a295c9724654
                                                                                                                      • Instruction Fuzzy Hash: 6251A011F1864362FA74AB36592117E52B1EF95BD4F5884B5EE0ECF7D6EE3CE4424200
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A2620 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HeapProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 54951025-0
                                                                                                                      • Opcode ID: 5644672d7aec8b178d5bd48a95ace976e45fdc56d1edf0a539dccc581205543b
                                                                                                                      • Instruction ID: 156c470b3f5fe5537ff60c2818418977a439a938913cfd95a5f1cbe44a4fe74d
                                                                                                                      • Opcode Fuzzy Hash: 5644672d7aec8b178d5bd48a95ace976e45fdc56d1edf0a539dccc581205543b
                                                                                                                      • Instruction Fuzzy Hash: 95B09220E07B03C2EE282B21AC8262422B4FFA8B20F8940B8C00C84320DF2C61AA5B00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7921DC Relevance: .4, Instructions: 351COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7d7d821e27f440e8d5d3622ff09e7c05bc36f3fd6b9038f787498be69d76432a
                                                                                                                      • Instruction ID: 65b088b1ad14837cd27a5b660dee711d99c3d86229ad46e61134e179100ce1cf
                                                                                                                      • Opcode Fuzzy Hash: 7d7d821e27f440e8d5d3622ff09e7c05bc36f3fd6b9038f787498be69d76432a
                                                                                                                      • Instruction Fuzzy Hash: 22E1BF72A0864386EB7CAB28C55437C27B1EB45B58F1582B5CE1D8E7EACF39E841C741
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C792614 Relevance: .3, Instructions: 327COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c2f3b43ccd68eb767627d2655b116bae7479589a7f74a5058ab0c91b2e39ac12
                                                                                                                      • Instruction ID: de77ec544e154364115e2091241ee7ef5a9b3a779c86b22db179cea210bd7819
                                                                                                                      • Opcode Fuzzy Hash: c2f3b43ccd68eb767627d2655b116bae7479589a7f74a5058ab0c91b2e39ac12
                                                                                                                      • Instruction Fuzzy Hash: 48D1D026A0864386EB7CAF29845067D27B0FB05B58F2442B5CE0DABBD6CF3DE845C740
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C787420 Relevance: .3, Instructions: 287COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b723f182358e09e7314f6f73ac964ac7abcdc7414507ad18988289416ad7b41b
                                                                                                                      • Instruction ID: 1fda8b0ca55d1e1f4316c35d3215cb17f1839147586cc93df8246485063f189a
                                                                                                                      • Opcode Fuzzy Hash: b723f182358e09e7314f6f73ac964ac7abcdc7414507ad18988289416ad7b41b
                                                                                                                      • Instruction Fuzzy Hash: F6C1E5732241E04BE699EB29F46987A37E2F788309FD9403AEB8747785CA3DE414D750
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79132C Relevance: .2, Instructions: 250COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6c5c392cbfffe41992f0743bc4a0c2c3fe46246456b6811ff0c5dafdd99ec142
                                                                                                                      • Instruction ID: 44b6f06e7ceb25b5a1c3612752b6d2e422543f3167dba6763e7004b4071209f6
                                                                                                                      • Opcode Fuzzy Hash: 6c5c392cbfffe41992f0743bc4a0c2c3fe46246456b6811ff0c5dafdd99ec142
                                                                                                                      • Instruction Fuzzy Hash: A0B18D76A0864786EB748F39C05027D3BB4EB49B48F1951B5CA8ECB399CF39E860C751
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7916C4 Relevance: .2, Instructions: 241COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 85060b88648c64536cd03416e20448513b0a4375a109c0566769b76d71526d0c
                                                                                                                      • Instruction ID: 92144a9a1c9e251605022adf549f12c42e90a1e61ac87a763a0a255c4c39c41d
                                                                                                                      • Opcode Fuzzy Hash: 85060b88648c64536cd03416e20448513b0a4375a109c0566769b76d71526d0c
                                                                                                                      • Instruction Fuzzy Hash: 51B18C72A08B8686E7758F3AC05027C3BB4FB49B58F2801B5CA4E8B395CF39D861D745
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79D878 Relevance: .2, Instructions: 198COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 59ad0bfc87d4107bda453f5e7c9a116e1e97c6e992cf3a610b4e267b4cffcaca
                                                                                                                      • Instruction ID: 0899058e77ea7c9aff10a6d2964d6109d254218a50a396e94407e3df736af898
                                                                                                                      • Opcode Fuzzy Hash: 59ad0bfc87d4107bda453f5e7c9a116e1e97c6e992cf3a610b4e267b4cffcaca
                                                                                                                      • Instruction Fuzzy Hash: 6181E472A0C78286FB74CB299440379BAB1FB567D4F544275DA9D8BB99DF3DD4008B00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A58A0 Relevance: .2, Instructions: 183COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: 8dfee0b8021c5070d705f5e50186fe905afbb1e28c839da737e773f9c2d0648d
                                                                                                                      • Instruction ID: 910eb9f325deff6ff2a52da8e8fbe602297838e8ab006988cef4b8114521254f
                                                                                                                      • Opcode Fuzzy Hash: 8dfee0b8021c5070d705f5e50186fe905afbb1e28c839da737e773f9c2d0648d
                                                                                                                      • Instruction Fuzzy Hash: 1561C922F1CA9346F7B48A29849077D6AA1FFC0770F5842B9DA5ECE6C5DE7DE8448700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78FF44 Relevance: .1, Instructions: 146COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9a7d583fdacf7a8c68166448a21aae8e03012e85621840fd7aae1b2904462282
                                                                                                                      • Instruction ID: 6f0e2d8be0a12928f14ebdf3972eca7a79e6fc962183e4fb2a67635e3eac6f5c
                                                                                                                      • Opcode Fuzzy Hash: 9a7d583fdacf7a8c68166448a21aae8e03012e85621840fd7aae1b2904462282
                                                                                                                      • Instruction Fuzzy Hash: 12516236A28A5286E7348B29C04463C37B0EB49B68F644571DE4D9B794DF3AE853C740
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C790764 Relevance: .1, Instructions: 146COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e009b45869f76b4bc0fd62373217406c0429eee7efa8b33e1f678da67ddd1256
                                                                                                                      • Instruction ID: 341d0184c9933f8ce1a4031755a13e1e03e9cd070a02288bc8ecf6bac6211838
                                                                                                                      • Opcode Fuzzy Hash: e009b45869f76b4bc0fd62373217406c0429eee7efa8b33e1f678da67ddd1256
                                                                                                                      • Instruction Fuzzy Hash: 86516476A2965386EB348B29C04463D37B0EB59F68F644171CE4D9B795CF3AE843CB80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C790354 Relevance: .1, Instructions: 146COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 4e0632a4a7e014686f42235b66fbebb9a54d6c0d44d943c89546efb0de6bc1d6
                                                                                                                      • Instruction ID: 4646c840a68f15e3ea3d8addf785aa7cc8355e7e50402061d71334922176ba94
                                                                                                                      • Opcode Fuzzy Hash: 4e0632a4a7e014686f42235b66fbebb9a54d6c0d44d943c89546efb0de6bc1d6
                                                                                                                      • Instruction Fuzzy Hash: 5E518236A2865386E7348B29C08023D37B0EB59F68F644175CE8D9B7A5CF3AE853C740
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78FD40 Relevance: .1, Instructions: 145COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1122cbedd3da6cae4974dcedcaf2c480ad91f4dcca857e3bd784bf5366bd6c74
                                                                                                                      • Instruction ID: 2fd15edbe43f21ccd0bca1161fd2196b45a2a22d73ebba7a762e796f73f0fadf
                                                                                                                      • Opcode Fuzzy Hash: 1122cbedd3da6cae4974dcedcaf2c480ad91f4dcca857e3bd784bf5366bd6c74
                                                                                                                      • Instruction Fuzzy Hash: 97518F36A1865286E7348B29C094B7837B4EB49F58F244571CF4C9B795CF3AE843C790
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C790560 Relevance: .1, Instructions: 145COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bbc3e59ea296ef31dc5cb467e3ef236485a99d13d7a42ba6bd49c72ea64a61b5
                                                                                                                      • Instruction ID: 94bbd8fb29f10922a7ff892a042049ed93b57bd619b0f0b92bb7bddc089464eb
                                                                                                                      • Opcode Fuzzy Hash: bbc3e59ea296ef31dc5cb467e3ef236485a99d13d7a42ba6bd49c72ea64a61b5
                                                                                                                      • Instruction Fuzzy Hash: B6519E76A2865686E7748B29C04073937B1EB8CF68FA44171CE4D9B798CF3AE853C740
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C790150 Relevance: .1, Instructions: 145COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e8fed526c0ef6e22bd960d06d2221fad266d41c34a47db8c9ca14c01ed2528e2
                                                                                                                      • Instruction ID: a847df09eff91b010611059fddf484f271df8b076fc7ac48eebabd8a247280d7
                                                                                                                      • Opcode Fuzzy Hash: e8fed526c0ef6e22bd960d06d2221fad266d41c34a47db8c9ca14c01ed2528e2
                                                                                                                      • Instruction Fuzzy Hash: 02518536A2965286E7748B29D04033C37B1EB4DF98FA49171DE4D9B794CF3AE842C740
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C794FC0 Relevance: .1, Instructions: 138COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 7e13b74b0b529d91a8ac9ee6727b9f2d590474870fceb05c3e17ea5803dfc50d
                                                                                                                      • Instruction ID: e8152fd9f118113ba72546283510cd24f774b29ae6dc4b3966491de83794fb16
                                                                                                                      • Opcode Fuzzy Hash: 7e13b74b0b529d91a8ac9ee6727b9f2d590474870fceb05c3e17ea5803dfc50d
                                                                                                                      • Instruction Fuzzy Hash: D4418F5298966B04E9F68B2C05006B826B0EF62BE4D5863F4DDEA9F3C7DD1D6587C240
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C798D00 Relevance: .1, Instructions: 126COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastPrivilegeRelease
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1334314998-0
                                                                                                                      • Opcode ID: 71af8a295fdb51eaf04f4fd3d3cb7b5e4e2b88d375af3dc160b99af84fd8c420
                                                                                                                      • Instruction ID: 671d8a539828971b21fc5f403d2fdd15cc6e7d5e821e91d3a47c865d2481e238
                                                                                                                      • Opcode Fuzzy Hash: 71af8a295fdb51eaf04f4fd3d3cb7b5e4e2b88d375af3dc160b99af84fd8c420
                                                                                                                      • Instruction Fuzzy Hash: 4641E762B18A5682FF68CF2AD92416963A1F758FD0B059036EE0DCBB58EE3CD5468340
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7966C4 Relevance: .1, Instructions: 98COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ff02aa40d47e1f81f312e06ee07fce20c9eb6e0e746124aa9fd8eb4087d69ca8
                                                                                                                      • Instruction ID: 2550d6c627ec6b46fce138625bb71f8d2bf38900b740d25936f3a7d8532110a1
                                                                                                                      • Opcode Fuzzy Hash: ff02aa40d47e1f81f312e06ee07fce20c9eb6e0e746124aa9fd8eb4087d69ca8
                                                                                                                      • Instruction Fuzzy Hash: 1531A232B08B4342E7749F35A88013EA6E5EB85BE0F144279EA9E9BBD5DF3CD0124704
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A8A30 Relevance: .0, Instructions: 32COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0a7304cda62ef4e3fce1e8e531a8e9660a3231e70ec23179b9d25e44c0445acc
                                                                                                                      • Instruction ID: 7f209f8b2796ae81cd1bc912d91a62e136a2dd5469d4947e5a582a90c217be88
                                                                                                                      • Opcode Fuzzy Hash: 0a7304cda62ef4e3fce1e8e531a8e9660a3231e70ec23179b9d25e44c0445acc
                                                                                                                      • Instruction Fuzzy Hash: DCF068717682578BEBA88F6DA80262977E0F7983C0F808179E69DC7B04DA3C90508F04
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78ABD4 Relevance: .0, Instructions: 2COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 53f093bed3a5d0e4e42a94d80c7232e3ca8df1b9ab80f13d9c22a8443e6849f1
                                                                                                                      • Instruction ID: 68873c2a9a5e8f7d10c990db45b96e426ba7787f86126c2c19099b64a509d10f
                                                                                                                      • Opcode Fuzzy Hash: 53f093bed3a5d0e4e42a94d80c7232e3ca8df1b9ab80f13d9c22a8443e6849f1
                                                                                                                      • Instruction Fuzzy Hash: C9A0022590CC03E0E7A48B00E8A04302731FB94770F4401B1D14DC90B0FF3CEA44C740
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C784730 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                                                      • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                      • API String ID: 2238633743-1453502826
                                                                                                                      • Opcode ID: 387b05963c1573a630a89e02a7d3e5c8a0eed87054fdcdadb8995d5c72bb8a89
                                                                                                                      • Instruction ID: 1df2f5637ebe68a0ab7c2917195bc07d4f65725a065d493525a30e05c4177ee6
                                                                                                                      • Opcode Fuzzy Hash: 387b05963c1573a630a89e02a7d3e5c8a0eed87054fdcdadb8995d5c72bb8a89
                                                                                                                      • Instruction Fuzzy Hash: 39E1D664A4EB03A0FFB5DB15A89057523B9EF847A1F9450B1C90E8E3A4FF7CE6489350
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786BF0 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 113COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MultiByteToWideChar.KERNEL32 ref: 00007FF69C786C2C
                                                                                                                        • Part of subcall function 00007FF69C781CB0: GetLastError.KERNEL32(?,?,00000000,00007FF69C786904,?,?,?,?,?,?,?,?,?,?,?,00007FF69C781023), ref: 00007FF69C781CD7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharErrorLastMultiWide
                                                                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$WideCharToMultiByte$win32_utils_from_utf8$win32_wcs_to_mbs
                                                                                                                      • API String ID: 203985260-1562484376
                                                                                                                      • Opcode ID: 24354f061e70c83b80778191d9d517e6d9d5e39c5bc5dec168dd75a9d0a065a8
                                                                                                                      • Instruction ID: aab28ed93c1552d7963066554f37fca52049163a1e58b71a6c7a47888677505d
                                                                                                                      • Opcode Fuzzy Hash: 24354f061e70c83b80778191d9d517e6d9d5e39c5bc5dec168dd75a9d0a065a8
                                                                                                                      • Instruction Fuzzy Hash: 41419531A0CA4392EB30DB22AC8147A66B5EF84BE0F544575DA4DDFBA5EF3CE1018710
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78F5C8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID: f$f$p$p$f
                                                                                                                      • API String ID: 3215553584-1325933183
                                                                                                                      • Opcode ID: 5b8d5396a44c552a0cc4e48ad8092be8cf806d396b8c8f6251230df5f0eb9214
                                                                                                                      • Instruction ID: 3042a3751fd7459a79cad740adb2ca168590f3adbfbfb620ed28462de64a6650
                                                                                                                      • Opcode Fuzzy Hash: 5b8d5396a44c552a0cc4e48ad8092be8cf806d396b8c8f6251230df5f0eb9214
                                                                                                                      • Instruction Fuzzy Hash: 7D129462E0C14386FB309E25E094BBA7671FB40754F944976E799CB6C8DF7CE5808B11
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7812B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                      • API String ID: 0-3659356012
                                                                                                                      • Opcode ID: 9d753cb7f96214cbed4540da30f68d6f8b9d44b69294e30e398a7b5cbcf74c2e
                                                                                                                      • Instruction ID: cf0f05dade5f2648a4f1c2cefa7759d01a70907ee14d50197bb16ef99edaa0be
                                                                                                                      • Opcode Fuzzy Hash: 9d753cb7f96214cbed4540da30f68d6f8b9d44b69294e30e398a7b5cbcf74c2e
                                                                                                                      • Instruction Fuzzy Hash: E1414D22B4864382EA34DB11E890ABA63B0FF547E4F5544B2DF4D8BA55EE7CE546C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78CF90 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                      • String ID: csm$csm$csm
                                                                                                                      • API String ID: 849930591-393685449
                                                                                                                      • Opcode ID: c9717f7599358984fa081211ebe6d8e8a7f2fe77f13a54a703b9fcdffbee59eb
                                                                                                                      • Instruction ID: a89b70e430a07c297581378862369f3ef8d7a3d54256533101684abfb528ff45
                                                                                                                      • Opcode Fuzzy Hash: c9717f7599358984fa081211ebe6d8e8a7f2fe77f13a54a703b9fcdffbee59eb
                                                                                                                      • Instruction Fuzzy Hash: 73E16A72A087438AFB309B659480AAD77B0FB55B98F104175EF8D9BB95CF38E481C701
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7867C0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF69C781023), ref: 00007FF69C78685F
                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF69C781023), ref: 00007FF69C7868AF
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                      • API String ID: 626452242-27947307
                                                                                                                      • Opcode ID: 62ac63d0e8a5910879800c7233dfec92e9f432724891a402b77370daa559e4c0
                                                                                                                      • Instruction ID: 7f41e0e57442f04928d12c497a8012fe42e393c7feb885ae955c890bb6c2ae23
                                                                                                                      • Opcode Fuzzy Hash: 62ac63d0e8a5910879800c7233dfec92e9f432724891a402b77370daa559e4c0
                                                                                                                      • Instruction Fuzzy Hash: AC417E32A08B8396E730DF16B88056AABB5FB847A0F544175DB8D8BBA4DF3CD456C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786EC0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00007FF69C782D35,?,?,?,?,?,?), ref: 00007FF69C786F01
                                                                                                                        • Part of subcall function 00007FF69C781CB0: GetLastError.KERNEL32(?,?,00000000,00007FF69C786904,?,?,?,?,?,?,?,?,?,?,?,00007FF69C781023), ref: 00007FF69C781CD7
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00007FF69C782D35,?,?,?,?,?,?), ref: 00007FF69C786F75
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                      • API String ID: 1717984340-27947307
                                                                                                                      • Opcode ID: bccc3aab0e427ea9c9a6ee80111e62552434bf2b0e3259e72e7f9af67bfb429b
                                                                                                                      • Instruction ID: b8355c28e1d591ad2f1179950dda2ae31ae196e47da4995ad2f2be432c7e44dd
                                                                                                                      • Opcode Fuzzy Hash: bccc3aab0e427ea9c9a6ee80111e62552434bf2b0e3259e72e7f9af67bfb429b
                                                                                                                      • Instruction Fuzzy Hash: C8216921A18B43A5EB20DF16A881479BBB5EB84BA0F584275DB4DDB7A4EF3CE5158300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7993C4 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID: f$p$p
                                                                                                                      • API String ID: 3215553584-1995029353
                                                                                                                      • Opcode ID: d478605e8072a694eb9a9d804e4987f1596106984b5661be3eee2fb972e34d58
                                                                                                                      • Instruction ID: f7f7b326f2eaec01e09b2ef61e5e65ad4d6f14f7106e0c2a15c85462c032057a
                                                                                                                      • Opcode Fuzzy Hash: d478605e8072a694eb9a9d804e4987f1596106984b5661be3eee2fb972e34d58
                                                                                                                      • Instruction Fuzzy Hash: 70129262E0C14386FB349B16E1546BAB6B1FB80754F984175E69E8B7C8DF3DE580CB10
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786FB0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                      • API String ID: 626452242-876015163
                                                                                                                      • Opcode ID: 9a2000d638ba9330aa2b2ca835bf8ee0a186fc9e3077330833a313eafa4bc823
                                                                                                                      • Instruction ID: fa81b57c7693e4b0edbf879722dca2600d5b343967968af623eac293e9e248db
                                                                                                                      • Opcode Fuzzy Hash: 9a2000d638ba9330aa2b2ca835bf8ee0a186fc9e3077330833a313eafa4bc823
                                                                                                                      • Instruction Fuzzy Hash: B7416232A1CB4392E670DF15A89057A66B5FB84790F544175EF4E8BBA4EF3CD452C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7855E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00007FF69C786DB0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF69C786DEA
                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF69C78592F,?,00000000,?,TokenIntegrityLevel), ref: 00007FF69C78563F
                                                                                                                      Strings
                                                                                                                      • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF69C78569A
                                                                                                                      • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF69C785653
                                                                                                                      • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF69C785616
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                                                                      • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                      • API String ID: 2001182103-3498232454
                                                                                                                      • Opcode ID: aa564683267f47d688a8517bb88a9b0a9054f6e1f4b3a9048b672f302df95511
                                                                                                                      • Instruction ID: 0f727a603e48187ea96aa6adf0c5135f06e773f8889cf4704b9a31a6aaef1533
                                                                                                                      • Opcode Fuzzy Hash: aa564683267f47d688a8517bb88a9b0a9054f6e1f4b3a9048b672f302df95511
                                                                                                                      • Instruction Fuzzy Hash: 5131A151B1878391FE74E721A9957FA62B1EF987D0F8440B1DB0ECA7CAEE2CE1048700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78C248 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF69C78C4FA,?,?,?,00007FF69C78C1EC,?,?,00000001,00007FF69C78BE09), ref: 00007FF69C78C2CD
                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF69C78C4FA,?,?,?,00007FF69C78C1EC,?,?,00000001,00007FF69C78BE09), ref: 00007FF69C78C2DB
                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF69C78C4FA,?,?,?,00007FF69C78C1EC,?,?,00000001,00007FF69C78BE09), ref: 00007FF69C78C305
                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF69C78C4FA,?,?,?,00007FF69C78C1EC,?,?,00000001,00007FF69C78BE09), ref: 00007FF69C78C34B
                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF69C78C4FA,?,?,?,00007FF69C78C1EC,?,?,00000001,00007FF69C78BE09), ref: 00007FF69C78C357
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                      • String ID: api-ms-
                                                                                                                      • API String ID: 2559590344-2084034818
                                                                                                                      • Opcode ID: 9ce77a0163c425c367fd7c26c9c82fe5a817cd2dfec158d19dd861a4531b58f3
                                                                                                                      • Instruction ID: 695446846950c36980bdaa6a75cbe7a4dbe1d970861576f7db693a9b32d94da4
                                                                                                                      • Opcode Fuzzy Hash: 9ce77a0163c425c367fd7c26c9c82fe5a817cd2dfec158d19dd861a4531b58f3
                                                                                                                      • Instruction Fuzzy Hash: EE31A221A1AA4381EE729B03A88097933B4FF49BA0F594575DF1DCE794EF3CE4468701
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786DB0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF69C786DEA
                                                                                                                        • Part of subcall function 00007FF69C781CB0: GetLastError.KERNEL32(?,?,00000000,00007FF69C786904,?,?,?,?,?,?,?,?,?,?,?,00007FF69C781023), ref: 00007FF69C781CD7
                                                                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF69C786E70
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                      • API String ID: 1717984340-876015163
                                                                                                                      • Opcode ID: 82b1d417c516bcd422fb3b89dfbe3b357b651025a2290bf9ade8f268d1a1fe2d
                                                                                                                      • Instruction ID: 773d328be5bb8a7d1884ea5e4ce3dce83d5b03a8b501ceb34cddba7b2c6b0298
                                                                                                                      • Opcode Fuzzy Hash: 82b1d417c516bcd422fb3b89dfbe3b357b651025a2290bf9ade8f268d1a1fe2d
                                                                                                                      • Instruction Fuzzy Hash: EE219421B0CA4392EB60CB29F84016AA7B5FF847D4F584171DB4CDBBA9EF2DD5518700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79A780 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F,?,?,?,00007FF69C799473), ref: 00007FF69C79A78F
                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F,?,?,?,00007FF69C799473), ref: 00007FF69C79A7A4
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F,?,?,?,00007FF69C799473), ref: 00007FF69C79A7C5
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F,?,?,?,00007FF69C799473), ref: 00007FF69C79A7F2
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F,?,?,?,00007FF69C799473), ref: 00007FF69C79A803
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F,?,?,?,00007FF69C799473), ref: 00007FF69C79A814
                                                                                                                      • SetLastError.KERNEL32(?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F,?,?,?,00007FF69C799473), ref: 00007FF69C79A82F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2506987500-0
                                                                                                                      • Opcode ID: 69b8ad2768efc01d88fd7f8132853dff404c26667984aa111fd74584065afc1c
                                                                                                                      • Instruction ID: 945c0c4ba0a8070e4c1519bec8a0d23a0843dad74a1f7d14b573633526b7094f
                                                                                                                      • Opcode Fuzzy Hash: 69b8ad2768efc01d88fd7f8132853dff404c26667984aa111fd74584065afc1c
                                                                                                                      • Instruction Fuzzy Hash: 73214928E0A64342FA79A372554257A62B2DF447F0F1447B4E93ECFBCADE2CA5424601
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A70EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                      • String ID: CONOUT$
                                                                                                                      • API String ID: 3230265001-3130406586
                                                                                                                      • Opcode ID: 900c1da012dee1dfb60ea43974335527b3f6c3b56b4e810762f126343bdfd55c
                                                                                                                      • Instruction ID: 8105b47e434e6fdb60564a30745cad324afa14decacf60b70fa986c83ac4cbcd
                                                                                                                      • Opcode Fuzzy Hash: 900c1da012dee1dfb60ea43974335527b3f6c3b56b4e810762f126343bdfd55c
                                                                                                                      • Instruction Fuzzy Hash: DB116D22B18A4386F7608B52E85432A63B5FBD8BF4F044274EA5ECB794DF7CD9048B40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79A8F8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF69C796091,?,?,?,?,00007FF69C79DF1F,?,?,00000000,00007FF69C79AA16,?,?,?), ref: 00007FF69C79A907
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C796091,?,?,?,?,00007FF69C79DF1F,?,?,00000000,00007FF69C79AA16,?,?,?), ref: 00007FF69C79A93D
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C796091,?,?,?,?,00007FF69C79DF1F,?,?,00000000,00007FF69C79AA16,?,?,?), ref: 00007FF69C79A96A
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C796091,?,?,?,?,00007FF69C79DF1F,?,?,00000000,00007FF69C79AA16,?,?,?), ref: 00007FF69C79A97B
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C796091,?,?,?,?,00007FF69C79DF1F,?,?,00000000,00007FF69C79AA16,?,?,?), ref: 00007FF69C79A98C
                                                                                                                      • SetLastError.KERNEL32(?,?,?,00007FF69C796091,?,?,?,?,00007FF69C79DF1F,?,?,00000000,00007FF69C79AA16,?,?,?), ref: 00007FF69C79A9A7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2506987500-0
                                                                                                                      • Opcode ID: 9b225a077f4281318a7ef705813386e144cc6119260bee2e0aedcf55e065e7dc
                                                                                                                      • Instruction ID: 713c2e6ddee4a4ef0360ffd0b782da6083df769e1edc38ac99886e0f12bfc99e
                                                                                                                      • Opcode Fuzzy Hash: 9b225a077f4281318a7ef705813386e144cc6119260bee2e0aedcf55e065e7dc
                                                                                                                      • Instruction Fuzzy Hash: 0311A928B0E60342FA74A322958113E66B2EF857F0F1587B4E86ECF7DADE2CE5404201
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78BC08 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                      • String ID: csm$f
                                                                                                                      • API String ID: 2395640692-629598281
                                                                                                                      • Opcode ID: e4cc0f9b1589dd73a5d4f416534ce71b9b3e94dd2aede877d85d93aa73312820
                                                                                                                      • Instruction ID: 62379d6ededb6ceabdd41a0ae9d44b20d92b405c4e54963a93525878d07127d6
                                                                                                                      • Opcode Fuzzy Hash: e4cc0f9b1589dd73a5d4f416534ce71b9b3e94dd2aede877d85d93aa73312820
                                                                                                                      • Instruction Fuzzy Hash: C351A132A196039AEB34CF15E884E7937B5FB44B88F5481B0DB5E8B788DF38E8418710
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C798A40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                      • Opcode ID: 78a1a69aac29132cf000f84d0d5f993c26bceca4d1e4e1c3cfa2e89eec15c9a9
                                                                                                                      • Instruction ID: a7e096e0638b4bdddda5ab292ba089c14d9e4a3198cec82ed530b6cab724512f
                                                                                                                      • Opcode Fuzzy Hash: 78a1a69aac29132cf000f84d0d5f993c26bceca4d1e4e1c3cfa2e89eec15c9a9
                                                                                                                      • Instruction Fuzzy Hash: 5AF06D21A09B0382EB308B25E84437A6370FF897B1F544679CA6E8D2E4DF2DD588C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A8824 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _set_statfp
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1156100317-0
                                                                                                                      • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                      • Instruction ID: cf4ced90179fe206244ecb4af485f2d745637c581cb7d84b39cfa55a9ee04594
                                                                                                                      • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                      • Instruction Fuzzy Hash: 5E114F36E68A1307F77C112AD8453755571EFD83B4E8906B8E96ECE6DBCE2CE8414101
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79A9C0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF69C799BD3,?,?,00000000,00007FF69C799E6E,?,?,?,?,?,00007FF69C791A40), ref: 00007FF69C79A9DF
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C799BD3,?,?,00000000,00007FF69C799E6E,?,?,?,?,?,00007FF69C791A40), ref: 00007FF69C79A9FE
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C799BD3,?,?,00000000,00007FF69C799E6E,?,?,?,?,?,00007FF69C791A40), ref: 00007FF69C79AA26
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C799BD3,?,?,00000000,00007FF69C799E6E,?,?,?,?,?,00007FF69C791A40), ref: 00007FF69C79AA37
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C799BD3,?,?,00000000,00007FF69C799E6E,?,?,?,?,?,00007FF69C791A40), ref: 00007FF69C79AA48
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Value
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3702945584-0
                                                                                                                      • Opcode ID: 7e9f7daeefede5d6cf057412dd821cf39c29068a7a1c9ec5056b211d60d8f6b4
                                                                                                                      • Instruction ID: 305f24f514f4a299c2e7c2ff7f27e1bdd410e8d330957ab3a72e3a1861d191f2
                                                                                                                      • Opcode Fuzzy Hash: 7e9f7daeefede5d6cf057412dd821cf39c29068a7a1c9ec5056b211d60d8f6b4
                                                                                                                      • Instruction Fuzzy Hash: C2115124F09A0342FA7853655681179A272EF547F0F1493B4E83ECF7DADE2CF9414601
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79A854 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F), ref: 00007FF69C79A865
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F), ref: 00007FF69C79A884
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F), ref: 00007FF69C79A8AC
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F), ref: 00007FF69C79A8BD
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F), ref: 00007FF69C79A8CE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Value
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3702945584-0
                                                                                                                      • Opcode ID: beb9e1a05ea758e4ab17276de5b2837cba649d003c822ebdac11e23849688a82
                                                                                                                      • Instruction ID: dca853f33e46c2f1767b836e95d25298c5897d84791c604454bd6a15bb8f95d5
                                                                                                                      • Opcode Fuzzy Hash: beb9e1a05ea758e4ab17276de5b2837cba649d003c822ebdac11e23849688a82
                                                                                                                      • Instruction Fuzzy Hash: 42111B28F0A60741F9B96376445297A1272CF553B0F2847B4E93ECE3D6EE2CB5434242
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79F218 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                      • API String ID: 3215553584-1196891531
                                                                                                                      • Opcode ID: fa9c2c0b9e0b51f4f192ae3b8b8b95ed4a793ff286fdede4dba764f85164dfb1
                                                                                                                      • Instruction ID: f83ea21ae3553c48e6fb6f3936923fe905c08252f41daf9b75fedac02ccb37ab
                                                                                                                      • Opcode Fuzzy Hash: fa9c2c0b9e0b51f4f192ae3b8b8b95ed4a793ff286fdede4dba764f85164dfb1
                                                                                                                      • Instruction Fuzzy Hash: 82816B72E08A0389FBB48F29C15127C26B0EB11B88F5588B6DA0DDF695DF3DE9419705
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78D468 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CallEncodePointerTranslator
                                                                                                                      • String ID: MOC$RCC
                                                                                                                      • API String ID: 3544855599-2084237596
                                                                                                                      • Opcode ID: f09742bcba9082defbae069630545238114b431a0e4fd7be58dd8469a5d7fef1
                                                                                                                      • Instruction ID: 0a43572af28a39332c3394b6bf140601081d59775eb1873446e3fe2844cacbfc
                                                                                                                      • Opcode Fuzzy Hash: f09742bcba9082defbae069630545238114b431a0e4fd7be58dd8469a5d7fef1
                                                                                                                      • Instruction Fuzzy Hash: C0615A32A08A468AE720CF65E4807AD77B0FB54B8CF144266EF4D5BB99DF38E555C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78D7C4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                      • String ID: csm$csm
                                                                                                                      • API String ID: 3896166516-3733052814
                                                                                                                      • Opcode ID: a3990994d2fbb822c09bdc2a35b5fa2b647080e9aebb1a5b00e12dffe7bfe986
                                                                                                                      • Instruction ID: 775cd94c1199a2eebdf8c4f1b18ba06e30e2c7315be025dd9e30e1e7f40163f2
                                                                                                                      • Opcode Fuzzy Hash: a3990994d2fbb822c09bdc2a35b5fa2b647080e9aebb1a5b00e12dffe7bfe986
                                                                                                                      • Instruction Fuzzy Hash: ED517E329086838BFB748B169588B687BB1FB65B94F1441B6DB9CCBA95CF3CE450C701
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C782CD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleFileNameW.KERNEL32(?,00007FF69C7827C9,?,?,?,?,?,?), ref: 00007FF69C782D01
                                                                                                                        • Part of subcall function 00007FF69C781CB0: GetLastError.KERNEL32(?,?,00000000,00007FF69C786904,?,?,?,?,?,?,?,?,?,?,?,00007FF69C781023), ref: 00007FF69C781CD7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorFileLastModuleName
                                                                                                                      • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                      • API String ID: 2776309574-1977442011
                                                                                                                      • Opcode ID: 7987a5ce4ff3c8cba7d8c38c60f2d05ca27952d1a3ea66f3204455115dc1ef10
                                                                                                                      • Instruction ID: f28c9059042fa1a9d6186a5a71bb76328b74b9f945189be5c96326d450e6c853
                                                                                                                      • Opcode Fuzzy Hash: 7987a5ce4ff3c8cba7d8c38c60f2d05ca27952d1a3ea66f3204455115dc1ef10
                                                                                                                      • Instruction Fuzzy Hash: C1016761F1C64391FB719720D8967B51271EF587D5F4000B2DA4DCE696EE1CE3448B10
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79BBD0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2718003287-0
                                                                                                                      • Opcode ID: 47f9f7c1e3185106a498671fedee26090088e719dd8e44b73d57f810765c87d4
                                                                                                                      • Instruction ID: 51a4103cf263da92c7f758f83134d3bcc0b6961bc0a408c4ecfcdc82875dc75d
                                                                                                                      • Opcode Fuzzy Hash: 47f9f7c1e3185106a498671fedee26090088e719dd8e44b73d57f810765c87d4
                                                                                                                      • Instruction Fuzzy Hash: D1D1EF72B18A8289EB20CF69D4402AC37B5FB54BD8F104276DE5E9BBD9DE38D416C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A4DBC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                      • String ID: ?
                                                                                                                      • API String ID: 1286766494-1684325040
                                                                                                                      • Opcode ID: 55fd0cbe43bf2f4ac276119a4e0ada4332cbc82fa1edef180c984322427ce63b
                                                                                                                      • Instruction ID: 1b617bb377a2dc3fff536e46d37011f2a9a313a99b368312aa738e08aa9ec96b
                                                                                                                      • Opcode Fuzzy Hash: 55fd0cbe43bf2f4ac276119a4e0ada4332cbc82fa1edef180c984322427ce63b
                                                                                                                      • Instruction Fuzzy Hash: 91412222A0C28342FB758B26E40137AA674EBC0BB4F149275EE5C8BAD9DF3DD441C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C797FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF69C798002
                                                                                                                        • Part of subcall function 00007FF69C799F78: RtlReleasePrivilege.NTDLL(?,?,?,00007FF69C7A1EC2,?,?,?,00007FF69C7A1EFF,?,?,00000000,00007FF69C7A23C5,?,?,00000000,00007FF69C7A22F7), ref: 00007FF69C799F8E
                                                                                                                        • Part of subcall function 00007FF69C799F78: GetLastError.KERNEL32(?,?,?,00007FF69C7A1EC2,?,?,?,00007FF69C7A1EFF,?,?,00000000,00007FF69C7A23C5,?,?,00000000,00007FF69C7A22F7), ref: 00007FF69C799F98
                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF69C78A485), ref: 00007FF69C798020
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorFileLastModuleNamePrivilegeRelease_invalid_parameter_noinfo
                                                                                                                      • String ID: C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                      • API String ID: 1752791759-2036403294
                                                                                                                      • Opcode ID: 87397ab4d942c93eb7ecf5272dbc7224ab3e9c0a5ace0b49458789d652eb9e0d
                                                                                                                      • Instruction ID: 0e3a8ad85c4a4e9380b5d05808d319c8a59c0cd83370ab0029a33f79cec702ca
                                                                                                                      • Opcode Fuzzy Hash: 87397ab4d942c93eb7ecf5272dbc7224ab3e9c0a5ace0b49458789d652eb9e0d
                                                                                                                      • Instruction Fuzzy Hash: 4B415932A48B1386EB24DF25D8810BD67B5EB44BD4F54407AEA4E8BB95DF3DE4918340
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79C268 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                      • String ID: U
                                                                                                                      • API String ID: 442123175-4171548499
                                                                                                                      • Opcode ID: 3868b3aae24abb70b6c7ced641cfa87b6d54125405e373b4c87f7bfc476be08b
                                                                                                                      • Instruction ID: fc404df42f8aa4813edb3bb89244fb06482bb987749903460aeb9807dda4e120
                                                                                                                      • Opcode Fuzzy Hash: 3868b3aae24abb70b6c7ced641cfa87b6d54125405e373b4c87f7bfc476be08b
                                                                                                                      • Instruction Fuzzy Hash: 7A41A222A18A8285EB20CF65E8443AA77B0FB987D4F844031EE4DCB798EF7CD541C741
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79E588 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentDirectory
                                                                                                                      • String ID: :
                                                                                                                      • API String ID: 1611563598-336475711
                                                                                                                      • Opcode ID: 299dd2601fabda0eaedb6d74bbca1af16fe573635883c06f79dbd5a665f7b651
                                                                                                                      • Instruction ID: 1c2e76ce0d84e6c21405d13e9122dd3a0f837545243a7cece0117e8def877de5
                                                                                                                      • Opcode Fuzzy Hash: 299dd2601fabda0eaedb6d74bbca1af16fe573635883c06f79dbd5a665f7b651
                                                                                                                      • Instruction Fuzzy Hash: 3621BF72B0868381FB349B15D44426D73B2FB84B84F958075DA8D8B285DF7DE945CB41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78E310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                      • String ID: csm
                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                      • Opcode ID: ee4cd62d6736e0f26efa3482034fbaa09f2706f16dc7c85cfdea4997af4e44da
                                                                                                                      • Instruction ID: ae6b4de2b42d77a45cfe86a374d12460a18f4dd408a0674d8c4d58f0bc0f1dd4
                                                                                                                      • Opcode Fuzzy Hash: ee4cd62d6736e0f26efa3482034fbaa09f2706f16dc7c85cfdea4997af4e44da
                                                                                                                      • Instruction Fuzzy Hash: B5111C36618B4682EB618F15F84026977B5FB88BD4F188271EF8D4BB68DF3CD9518B00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79F08C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.898214735.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.898206735.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898225631.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898235134.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.898249058.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                      • String ID: :
                                                                                                                      • API String ID: 2595371189-336475711
                                                                                                                      • Opcode ID: 231bdef7d4e4c9a314d514652501e8a1bb3d1d6653b2e53c967e9d93a887682d
                                                                                                                      • Instruction ID: f4c1ec7cd04149ecc51985763bb67ae95f34708ef87abd5384c29ad01c512c73
                                                                                                                      • Opcode Fuzzy Hash: 231bdef7d4e4c9a314d514652501e8a1bb3d1d6653b2e53c967e9d93a887682d
                                                                                                                      • Instruction Fuzzy Hash: 37012172A1CA0386F730AF2494A227E23B0EF44748F80057AD64DCB281DF3CE644CB10
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:3.2%
                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                      Signature Coverage:0%
                                                                                                                      Total number of Nodes:893
                                                                                                                      Total number of Limit Nodes:20
                                                                                                                      execution_graph 52702 7ff69c7899a0 52703 7ff69c7899c3 52702->52703 52704 7ff69c7899df memcpy_s 52702->52704 52706 7ff69c79cc2c 52703->52706 52707 7ff69c79cc77 52706->52707 52711 7ff69c79cc3b _wfindfirst32i64 52706->52711 52714 7ff69c796088 11 API calls _wfindfirst32i64 52707->52714 52708 7ff69c79cc5e RtlAllocateHeap 52710 7ff69c79cc75 52708->52710 52708->52711 52710->52704 52711->52707 52711->52708 52713 7ff69c7a2730 EnterCriticalSection LeaveCriticalSection _wfindfirst32i64 52711->52713 52713->52711 52714->52710 52715 7ffa04912fbd 52716 7ffa04aac7d0 52715->52716 52717 7ffa04aac7f9 52716->52717 52718 7ffa04aac85e 52716->52718 52720 7ffa04aac811 52717->52720 52721 7ffa04aac839 malloc 52717->52721 52719 7ffa04aac863 52718->52719 52724 7ffa04aac8bf 52718->52724 52722 7ffa04aac8a4 free 52719->52722 52723 7ffa04aac885 52719->52723 52721->52720 52725 7ffa04aac902 memmove 52724->52725 52726 7ffa04aac8c4 52724->52726 52725->52726 53934 7ffa04913a8f 53935 7ffa04aa5fd0 53934->53935 53937 7ffa04aa60e4 53935->53937 53938 7ffa04912b58 53935->53938 53938->53937 53939 7ffa04b09550 53938->53939 53940 7ffa04b0955a TlsFree 53939->53940 53940->53937 52727 7ff69c798919 52739 7ff69c799238 52727->52739 52729 7ff69c79891e 52730 7ff69c79898f 52729->52730 52731 7ff69c798945 GetModuleHandleW 52729->52731 52732 7ff69c79881c 39 API calls 52730->52732 52731->52730 52737 7ff69c798952 52731->52737 52733 7ff69c7989cb 52732->52733 52734 7ff69c7989d2 52733->52734 52735 7ff69c7989e8 11 API calls 52733->52735 52736 7ff69c7989e4 52735->52736 52737->52730 52738 7ff69c798a40 GetModuleHandleExW GetProcAddress FreeLibrary 52737->52738 52738->52730 52744 7ff69c79a780 GetLastError 52739->52744 52745 7ff69c79a7c1 FlsSetValue 52744->52745 52746 7ff69c79a7a4 FlsGetValue 52744->52746 52748 7ff69c79a7d3 52745->52748 52763 7ff69c79a7b1 52745->52763 52747 7ff69c79a7bb 52746->52747 52746->52763 52747->52745 52767 7ff69c79deb8 52748->52767 52749 7ff69c79a82d SetLastError 52751 7ff69c799241 52749->52751 52752 7ff69c79a84d 52749->52752 52766 7ff69c79936c 45 API calls 2 library calls 52751->52766 52777 7ff69c79936c 45 API calls 2 library calls 52752->52777 52755 7ff69c79a800 FlsSetValue 52757 7ff69c79a81e 52755->52757 52758 7ff69c79a80c FlsSetValue 52755->52758 52756 7ff69c79a7f0 FlsSetValue 52760 7ff69c79a7f9 52756->52760 52775 7ff69c79a524 11 API calls _wfindfirst32i64 52757->52775 52758->52760 52774 7ff69c799f78 11 API calls 2 library calls 52760->52774 52763->52749 52764 7ff69c79a826 52776 7ff69c799f78 11 API calls 2 library calls 52764->52776 52773 7ff69c79dec9 _wfindfirst32i64 52767->52773 52768 7ff69c79df1a 52779 7ff69c796088 11 API calls _wfindfirst32i64 52768->52779 52769 7ff69c79defe RtlAllocateHeap 52770 7ff69c79a7e2 52769->52770 52769->52773 52770->52755 52770->52756 52773->52768 52773->52769 52778 7ff69c7a2730 EnterCriticalSection LeaveCriticalSection _wfindfirst32i64 52773->52778 52774->52763 52775->52764 52776->52749 52778->52773 52779->52770 53941 7ffa049155f6 53942 7ffa049d13b0 53941->53942 53943 7ffa049d1473 memmove 53942->53943 53944 7ffa049d143e 53942->53944 53943->53944 52780 7ff69c78a51c 52805 7ff69c78a6fc 52780->52805 52783 7ff69c78a673 52915 7ff69c78aa2c 7 API calls 2 library calls 52783->52915 52784 7ff69c78a53d __scrt_acquire_startup_lock 52786 7ff69c78a67d 52784->52786 52787 7ff69c78a55b 52784->52787 52916 7ff69c78aa2c 7 API calls 2 library calls 52786->52916 52796 7ff69c78a59d __scrt_release_startup_lock 52787->52796 52813 7ff69c7987d4 52787->52813 52789 7ff69c78a688 __FrameHandler3::FrameUnwindToEmptyState 52792 7ff69c78a580 52794 7ff69c78a606 52822 7ff69c798738 52794->52822 52796->52794 52912 7ff69c798ae4 45 API calls 52796->52912 52798 7ff69c78a60b 52828 7ff69c781000 52798->52828 52802 7ff69c78a62f 52802->52789 52914 7ff69c78a890 7 API calls __scrt_initialize_crt 52802->52914 52804 7ff69c78a646 52804->52792 52917 7ff69c78accc 52805->52917 52808 7ff69c78a535 52808->52783 52808->52784 52809 7ff69c78a72b 52919 7ff69c7991ec 52809->52919 52815 7ff69c7987e7 52813->52815 52814 7ff69c78a57c 52814->52792 52818 7ff69c798790 52814->52818 52815->52814 52936 7ff69c78a430 52815->52936 52953 7ff69c7941f0 52815->52953 52819 7ff69c7987c6 52818->52819 52820 7ff69c798795 52818->52820 52819->52796 52820->52819 53026 7ff69c78a500 52820->53026 52823 7ff69c798748 52822->52823 52826 7ff69c79875d 52822->52826 52823->52826 53035 7ff69c7981c8 52823->53035 52826->52798 52829 7ff69c781011 52828->52829 53086 7ff69c7867c0 52829->53086 52831 7ff69c781023 53093 7ff69c794f7c 52831->53093 52833 7ff69c7827ab 53100 7ff69c781af0 52833->53100 52839 7ff69c7827c9 52903 7ff69c7828ca 52839->52903 53116 7ff69c782c50 52839->53116 52841 7ff69c7827fb 52841->52903 53119 7ff69c785af0 52841->53119 52843 7ff69c782817 52844 7ff69c782863 52843->52844 52845 7ff69c785af0 92 API calls 52843->52845 53134 7ff69c7860f0 52844->53134 52850 7ff69c782838 __vcrt_freefls 52845->52850 52847 7ff69c782878 53138 7ff69c7819d0 52847->53138 52850->52844 52855 7ff69c7860f0 89 API calls 52850->52855 52851 7ff69c78296d 52852 7ff69c782998 52851->52852 53243 7ff69c7824a0 86 API calls 52851->53243 52862 7ff69c7829db 52852->52862 53149 7ff69c786db0 52852->53149 52853 7ff69c7819d0 121 API calls 52854 7ff69c7828ae 52853->52854 52858 7ff69c7828b2 52854->52858 52859 7ff69c7828f0 52854->52859 52855->52844 53205 7ff69c781c50 52858->53205 52859->52851 53220 7ff69c782de0 52859->53220 52860 7ff69c7829b8 52863 7ff69c7829bd 52860->52863 52864 7ff69c7829ce SetDllDirectoryW 52860->52864 53163 7ff69c784fa0 52862->53163 52867 7ff69c781c50 86 API calls 52863->52867 52864->52862 52867->52903 52870 7ff69c782a36 52877 7ff69c782af6 52870->52877 52884 7ff69c782a49 52870->52884 52871 7ff69c782912 52874 7ff69c781c50 86 API calls 52871->52874 52874->52903 52875 7ff69c7829f8 52875->52870 53245 7ff69c7847a0 158 API calls 3 library calls 52875->53245 52876 7ff69c782940 52876->52851 52878 7ff69c782945 52876->52878 53195 7ff69c782330 52877->53195 53239 7ff69c78e60c 52878->53239 52882 7ff69c782a09 52885 7ff69c782a0d 52882->52885 52886 7ff69c782a2c 52882->52886 52891 7ff69c782a95 52884->52891 53249 7ff69c781b30 52884->53249 53246 7ff69c784730 120 API calls 52885->53246 53248 7ff69c7849f0 FreeLibrary 52886->53248 52891->52903 53167 7ff69c7822d0 52891->53167 52892 7ff69c782a17 52892->52886 52896 7ff69c782a1b 52892->52896 52893 7ff69c782b2b 52894 7ff69c785af0 92 API calls 52893->52894 52897 7ff69c782b37 52894->52897 53247 7ff69c784df0 87 API calls 52896->53247 52901 7ff69c782b48 52897->52901 52897->52903 52898 7ff69c782ad1 53253 7ff69c7849f0 FreeLibrary 52898->53253 52900 7ff69c782a2a 52900->52870 53255 7ff69c786130 94 API calls 2 library calls 52901->53255 53211 7ff69c78a100 52903->53211 52905 7ff69c782b60 53256 7ff69c7849f0 FreeLibrary 52905->53256 52907 7ff69c782b87 53258 7ff69c781ab0 74 API calls __vcrt_freefls 52907->53258 52908 7ff69c782b6c 52908->52907 53257 7ff69c785df0 98 API calls 2 library calls 52908->53257 52911 7ff69c782b8f 52911->52903 52912->52794 52913 7ff69c78ab80 GetModuleHandleW 52913->52802 52914->52804 52915->52786 52916->52789 52918 7ff69c78a71e __scrt_dllmain_crt_thread_attach 52917->52918 52918->52808 52918->52809 52920 7ff69c7a264c 52919->52920 52921 7ff69c78a730 52920->52921 52924 7ff69c79bb50 52920->52924 52921->52808 52923 7ff69c78be28 7 API calls 2 library calls 52921->52923 52923->52808 52935 7ff69c79f808 EnterCriticalSection 52924->52935 52926 7ff69c79bb60 52927 7ff69c796ca8 43 API calls 52926->52927 52928 7ff69c79bb69 52927->52928 52929 7ff69c79b958 45 API calls 52928->52929 52934 7ff69c79bb77 52928->52934 52931 7ff69c79bb72 52929->52931 52930 7ff69c79f868 _isindst LeaveCriticalSection 52932 7ff69c79bb83 52930->52932 52933 7ff69c79ba48 GetStdHandle GetFileType 52931->52933 52932->52920 52933->52934 52934->52930 52937 7ff69c78a440 52936->52937 52965 7ff69c79580c 52937->52965 52939 7ff69c78a44c 52971 7ff69c78a748 52939->52971 52942 7ff69c78a4e5 52942->52815 52943 7ff69c78a464 _RTC_Initialize 52951 7ff69c78a4b9 52943->52951 52976 7ff69c78a8f8 52943->52976 52945 7ff69c78a479 52979 7ff69c797fd0 52945->52979 52949 7ff69c78a48e 52950 7ff69c798be0 45 API calls 52949->52950 52950->52951 52952 7ff69c78a4d5 52951->52952 53005 7ff69c78aa2c 7 API calls 2 library calls 52951->53005 52952->52815 52954 7ff69c79421a 52953->52954 52955 7ff69c79deb8 _wfindfirst32i64 11 API calls 52954->52955 52956 7ff69c794239 52955->52956 53023 7ff69c799f78 11 API calls 2 library calls 52956->53023 52958 7ff69c794247 52959 7ff69c79deb8 _wfindfirst32i64 11 API calls 52958->52959 52963 7ff69c794271 52958->52963 52960 7ff69c794263 52959->52960 53024 7ff69c799f78 11 API calls 2 library calls 52960->53024 52964 7ff69c79427a 52963->52964 53025 7ff69c79e294 6 API calls __crtLCMapStringW 52963->53025 52964->52815 52966 7ff69c79581d 52965->52966 52967 7ff69c795825 52966->52967 53006 7ff69c796088 11 API calls _wfindfirst32i64 52966->53006 52967->52939 52969 7ff69c795834 53007 7ff69c799f10 37 API calls _invalid_parameter_noinfo 52969->53007 52972 7ff69c78a759 52971->52972 52975 7ff69c78a75e __scrt_release_startup_lock 52971->52975 52972->52975 53008 7ff69c78aa2c 7 API calls 2 library calls 52972->53008 52974 7ff69c78a7d2 52975->52943 53009 7ff69c78a8bc 52976->53009 52978 7ff69c78a901 52978->52945 52980 7ff69c78a485 52979->52980 52981 7ff69c797ff0 52979->52981 52980->52951 53004 7ff69c78a9cc InitializeSListHead 52980->53004 52982 7ff69c79800e GetModuleFileNameW 52981->52982 52983 7ff69c797ff8 52981->52983 52987 7ff69c798039 52982->52987 53014 7ff69c796088 11 API calls _wfindfirst32i64 52983->53014 52985 7ff69c797ffd 53015 7ff69c799f10 37 API calls _invalid_parameter_noinfo 52985->53015 53016 7ff69c797f70 11 API calls 2 library calls 52987->53016 52989 7ff69c798079 52990 7ff69c798081 52989->52990 52994 7ff69c798099 52989->52994 53017 7ff69c796088 11 API calls _wfindfirst32i64 52990->53017 52992 7ff69c798086 53018 7ff69c799f78 11 API calls 2 library calls 52992->53018 52995 7ff69c7980bb 52994->52995 52998 7ff69c798100 52994->52998 52999 7ff69c7980e7 52994->52999 53022 7ff69c799f78 11 API calls 2 library calls 52995->53022 52996 7ff69c798094 52996->52980 53021 7ff69c799f78 11 API calls 2 library calls 52998->53021 53019 7ff69c799f78 11 API calls 2 library calls 52999->53019 53001 7ff69c7980f0 53020 7ff69c799f78 11 API calls 2 library calls 53001->53020 53005->52942 53006->52969 53008->52974 53010 7ff69c78a8d6 53009->53010 53012 7ff69c78a8cf 53009->53012 53013 7ff69c79904c 40 API calls 53010->53013 53012->52978 53013->53012 53014->52985 53016->52989 53017->52992 53018->52996 53019->53001 53020->52996 53021->52995 53022->52980 53023->52958 53024->52963 53025->52963 53034 7ff69c78abd4 SetUnhandledExceptionFilter 53026->53034 53036 7ff69c7981e1 53035->53036 53047 7ff69c7981dd 53035->53047 53049 7ff69c7a1bfc GetEnvironmentStringsW 53036->53049 53039 7ff69c7981ee 53075 7ff69c799f78 11 API calls 2 library calls 53039->53075 53040 7ff69c7981fa 53056 7ff69c798348 53040->53056 53045 7ff69c798221 53077 7ff69c799f78 11 API calls 2 library calls 53045->53077 53047->52826 53048 7ff69c798588 12 API calls 3 library calls 53047->53048 53048->52826 53050 7ff69c7a1c20 53049->53050 53051 7ff69c7981e6 53049->53051 53052 7ff69c79cc2c _fread_nolock 12 API calls 53050->53052 53051->53039 53051->53040 53054 7ff69c7a1c57 memcpy_s 53052->53054 53078 7ff69c799f78 11 API calls 2 library calls 53054->53078 53055 7ff69c7a1c77 FreeEnvironmentStringsW 53055->53051 53057 7ff69c798370 53056->53057 53058 7ff69c79deb8 _wfindfirst32i64 11 API calls 53057->53058 53070 7ff69c7983ab 53058->53070 53059 7ff69c7983b3 53079 7ff69c799f78 11 API calls 2 library calls 53059->53079 53061 7ff69c798202 53076 7ff69c799f78 11 API calls 2 library calls 53061->53076 53062 7ff69c79842d 53084 7ff69c799f78 11 API calls 2 library calls 53062->53084 53064 7ff69c79deb8 _wfindfirst32i64 11 API calls 53064->53070 53065 7ff69c79841c 53082 7ff69c798464 11 API calls Concurrency::details::SchedulerProxy::DeleteThis 53065->53082 53068 7ff69c798424 53083 7ff69c799f78 11 API calls 2 library calls 53068->53083 53069 7ff69c798450 53085 7ff69c799f30 17 API calls _wfindfirst32i64 53069->53085 53070->53059 53070->53062 53070->53064 53070->53065 53070->53069 53080 7ff69c79f9a4 37 API calls 2 library calls 53070->53080 53081 7ff69c799f78 11 API calls 2 library calls 53070->53081 53075->53047 53076->53045 53077->53047 53078->53055 53079->53061 53080->53070 53081->53070 53082->53068 53083->53059 53084->53061 53088 7ff69c7867df 53086->53088 53087 7ff69c786830 WideCharToMultiByte 53087->53088 53090 7ff69c7868d8 53087->53090 53088->53087 53089 7ff69c786886 WideCharToMultiByte 53088->53089 53088->53090 53092 7ff69c7867e7 __vcrt_freefls 53088->53092 53089->53088 53089->53090 53259 7ff69c781cb0 86 API calls 53090->53259 53092->52831 53096 7ff69c79ecc0 53093->53096 53094 7ff69c79ed13 53260 7ff69c799e44 37 API calls 2 library calls 53094->53260 53096->53094 53097 7ff69c79ed66 53096->53097 53261 7ff69c79eb98 71 API calls _fread_nolock 53097->53261 53099 7ff69c79ed3c 53099->52833 53101 7ff69c781b05 53100->53101 53102 7ff69c781b20 53101->53102 53262 7ff69c781c10 86 API calls 53101->53262 53102->52903 53104 7ff69c782cd0 53102->53104 53263 7ff69c78a130 53104->53263 53107 7ff69c782d0b 53265 7ff69c781cb0 86 API calls 53107->53265 53108 7ff69c782d22 53266 7ff69c786ec0 88 API calls 53108->53266 53111 7ff69c782d35 53112 7ff69c782d1e 53111->53112 53114 7ff69c781c50 86 API calls 53111->53114 53113 7ff69c78a100 _wfindfirst32i64 8 API calls 53112->53113 53115 7ff69c782d5f 53113->53115 53114->53112 53115->52839 53117 7ff69c781b30 49 API calls 53116->53117 53118 7ff69c782c6d 53117->53118 53118->52841 53120 7ff69c785afa 53119->53120 53121 7ff69c786db0 88 API calls 53120->53121 53122 7ff69c785b1c GetEnvironmentVariableW 53121->53122 53123 7ff69c785b86 53122->53123 53124 7ff69c785b34 ExpandEnvironmentStringsW 53122->53124 53126 7ff69c78a100 _wfindfirst32i64 8 API calls 53123->53126 53267 7ff69c786ec0 88 API calls 53124->53267 53127 7ff69c785b98 53126->53127 53127->52843 53128 7ff69c785b5c 53128->53123 53129 7ff69c785b66 53128->53129 53268 7ff69c79926c 37 API calls 2 library calls 53129->53268 53131 7ff69c785b6e 53132 7ff69c78a100 _wfindfirst32i64 8 API calls 53131->53132 53133 7ff69c785b7e 53132->53133 53133->52843 53135 7ff69c786db0 88 API calls 53134->53135 53136 7ff69c786107 SetEnvironmentVariableW 53135->53136 53137 7ff69c78611f __vcrt_freefls 53136->53137 53137->52847 53139 7ff69c781b30 49 API calls 53138->53139 53140 7ff69c781a00 53139->53140 53141 7ff69c781b30 49 API calls 53140->53141 53147 7ff69c781a7a 53140->53147 53142 7ff69c781a22 53141->53142 53143 7ff69c782c50 49 API calls 53142->53143 53142->53147 53144 7ff69c781a3b 53143->53144 53269 7ff69c7817b0 53144->53269 53147->52851 53147->52853 53148 7ff69c78e60c 74 API calls 53148->53147 53150 7ff69c786e57 MultiByteToWideChar 53149->53150 53151 7ff69c786dd1 MultiByteToWideChar 53149->53151 53154 7ff69c786e7a 53150->53154 53155 7ff69c786e9f 53150->53155 53152 7ff69c786e1c 53151->53152 53153 7ff69c786df7 53151->53153 53152->53150 53160 7ff69c786e32 53152->53160 53350 7ff69c781cb0 86 API calls 53153->53350 53352 7ff69c781cb0 86 API calls 53154->53352 53155->52860 53158 7ff69c786e8d 53158->52860 53159 7ff69c786e0a 53159->52860 53351 7ff69c781cb0 86 API calls 53160->53351 53162 7ff69c786e45 53162->52860 53164 7ff69c784fb5 53163->53164 53165 7ff69c7829e0 53164->53165 53353 7ff69c781c10 86 API calls 53164->53353 53165->52870 53244 7ff69c784c40 120 API calls 2 library calls 53165->53244 53354 7ff69c783ac0 53167->53354 53170 7ff69c78231d 53170->52898 53172 7ff69c7822f4 53172->53170 53410 7ff69c783840 53172->53410 53174 7ff69c782300 53174->53170 53420 7ff69c7839a0 53174->53420 53176 7ff69c78230c 53176->53170 53177 7ff69c78255c 53176->53177 53178 7ff69c782547 53176->53178 53180 7ff69c78257c 53177->53180 53192 7ff69c782592 __vcrt_freefls 53177->53192 53179 7ff69c781c50 86 API calls 53178->53179 53184 7ff69c782553 53179->53184 53182 7ff69c781c50 86 API calls 53180->53182 53181 7ff69c78a100 _wfindfirst32i64 8 API calls 53183 7ff69c7826ea 53181->53183 53182->53184 53183->52898 53184->53181 53187 7ff69c781b30 49 API calls 53187->53192 53188 7ff69c78273f 53189 7ff69c781c50 86 API calls 53188->53189 53189->53184 53190 7ff69c782719 53191 7ff69c781c50 86 API calls 53190->53191 53191->53184 53192->53184 53192->53187 53192->53188 53192->53190 53193 7ff69c7826f6 53192->53193 53425 7ff69c7812b0 53192->53425 53451 7ff69c781780 86 API calls 53192->53451 53194 7ff69c781c50 86 API calls 53193->53194 53194->53184 53197 7ff69c7823e4 53195->53197 53204 7ff69c7823a3 53195->53204 53196 7ff69c782423 53199 7ff69c78a100 _wfindfirst32i64 8 API calls 53196->53199 53197->53196 53591 7ff69c781ab0 74 API calls __vcrt_freefls 53197->53591 53200 7ff69c782435 53199->53200 53200->52903 53254 7ff69c786080 88 API calls __vcrt_freefls 53200->53254 53204->53197 53535 7ff69c781dc0 53204->53535 53590 7ff69c781440 158 API calls 2 library calls 53204->53590 53592 7ff69c781780 86 API calls 53204->53592 53206 7ff69c781c6e 53205->53206 53687 7ff69c781b90 53206->53687 53212 7ff69c78a109 53211->53212 53213 7ff69c7828de 53212->53213 53214 7ff69c78a1c0 IsProcessorFeaturePresent 53212->53214 53213->52913 53215 7ff69c78a1d8 53214->53215 53736 7ff69c78a3b4 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 53215->53736 53217 7ff69c78a1eb 53737 7ff69c78a180 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 53217->53737 53221 7ff69c782dec 53220->53221 53222 7ff69c786db0 88 API calls 53221->53222 53223 7ff69c782e17 53222->53223 53224 7ff69c786db0 88 API calls 53223->53224 53225 7ff69c782e2a 53224->53225 53738 7ff69c795538 53225->53738 53228 7ff69c78a100 _wfindfirst32i64 8 API calls 53229 7ff69c78290a 53228->53229 53229->52871 53230 7ff69c786360 53229->53230 53231 7ff69c786384 53230->53231 53232 7ff69c78645b __vcrt_freefls 53231->53232 53233 7ff69c78ec94 73 API calls 53231->53233 53232->52876 53234 7ff69c78639e 53233->53234 53234->53232 53906 7ff69c797a9c 53234->53906 53236 7ff69c7863b3 53236->53232 53237 7ff69c78ec94 73 API calls 53236->53237 53238 7ff69c78e95c _fread_nolock 53 API calls 53236->53238 53237->53236 53238->53236 53240 7ff69c78e63c 53239->53240 53922 7ff69c78e3e8 53240->53922 53242 7ff69c78e655 53242->52871 53243->52852 53244->52875 53245->52882 53246->52892 53247->52900 53248->52870 53250 7ff69c781b55 53249->53250 53251 7ff69c793c80 49 API calls 53250->53251 53252 7ff69c781b78 53251->53252 53252->52891 53253->52903 53254->52893 53255->52905 53256->52908 53257->52907 53258->52911 53259->53092 53260->53099 53261->53099 53262->53102 53264 7ff69c782cdc GetModuleFileNameW 53263->53264 53264->53107 53264->53108 53265->53112 53266->53111 53267->53128 53268->53131 53270 7ff69c7817d4 53269->53270 53271 7ff69c7817e4 53269->53271 53272 7ff69c782de0 120 API calls 53270->53272 53273 7ff69c786360 83 API calls 53271->53273 53302 7ff69c781842 53271->53302 53272->53271 53274 7ff69c781815 53273->53274 53274->53302 53303 7ff69c78ec94 53274->53303 53276 7ff69c78a100 _wfindfirst32i64 8 API calls 53278 7ff69c7819c0 53276->53278 53277 7ff69c78182b 53279 7ff69c78184c 53277->53279 53280 7ff69c78182f 53277->53280 53278->53147 53278->53148 53307 7ff69c78e95c 53279->53307 53316 7ff69c781c10 86 API calls 53280->53316 53284 7ff69c781867 53317 7ff69c781c10 86 API calls 53284->53317 53285 7ff69c78ec94 73 API calls 53287 7ff69c7818d1 53285->53287 53288 7ff69c7818e3 53287->53288 53289 7ff69c7818fe 53287->53289 53318 7ff69c781c10 86 API calls 53288->53318 53291 7ff69c78e95c _fread_nolock 53 API calls 53289->53291 53292 7ff69c781913 53291->53292 53292->53284 53293 7ff69c781925 53292->53293 53310 7ff69c78e6d0 53293->53310 53296 7ff69c78193d 53297 7ff69c781c50 86 API calls 53296->53297 53297->53302 53298 7ff69c781993 53300 7ff69c78e60c 74 API calls 53298->53300 53298->53302 53299 7ff69c781950 53299->53298 53301 7ff69c781c50 86 API calls 53299->53301 53300->53302 53301->53298 53302->53276 53304 7ff69c78ecc4 53303->53304 53319 7ff69c78ea24 53304->53319 53306 7ff69c78ecdd 53306->53277 53332 7ff69c78e97c 53307->53332 53311 7ff69c78e6d9 53310->53311 53315 7ff69c781939 53310->53315 53348 7ff69c796088 11 API calls _wfindfirst32i64 53311->53348 53313 7ff69c78e6de 53349 7ff69c799f10 37 API calls _invalid_parameter_noinfo 53313->53349 53315->53296 53315->53299 53316->53302 53317->53302 53318->53302 53320 7ff69c78ea8e 53319->53320 53321 7ff69c78ea4e 53319->53321 53320->53321 53323 7ff69c78ea9a 53320->53323 53331 7ff69c799e44 37 API calls 2 library calls 53321->53331 53330 7ff69c79438c EnterCriticalSection 53323->53330 53324 7ff69c78ea75 53324->53306 53326 7ff69c78ea9f 53327 7ff69c78eba8 71 API calls 53326->53327 53328 7ff69c78eab1 53327->53328 53329 7ff69c794398 _fread_nolock LeaveCriticalSection 53328->53329 53329->53324 53331->53324 53333 7ff69c78e9a6 53332->53333 53344 7ff69c781861 53332->53344 53334 7ff69c78e9f2 53333->53334 53336 7ff69c78e9b5 memcpy_s 53333->53336 53333->53344 53345 7ff69c79438c EnterCriticalSection 53334->53345 53346 7ff69c796088 11 API calls _wfindfirst32i64 53336->53346 53338 7ff69c78e9fa 53340 7ff69c78e6fc _fread_nolock 51 API calls 53338->53340 53339 7ff69c78e9ca 53347 7ff69c799f10 37 API calls _invalid_parameter_noinfo 53339->53347 53342 7ff69c78ea11 53340->53342 53343 7ff69c794398 _fread_nolock LeaveCriticalSection 53342->53343 53343->53344 53344->53284 53344->53285 53346->53339 53348->53313 53350->53159 53351->53162 53352->53158 53353->53165 53355 7ff69c783ad0 53354->53355 53356 7ff69c781b30 49 API calls 53355->53356 53357 7ff69c783b02 53356->53357 53358 7ff69c783b2b 53357->53358 53359 7ff69c783b0b 53357->53359 53361 7ff69c783b82 53358->53361 53452 7ff69c782e60 53358->53452 53360 7ff69c781c50 86 API calls 53359->53360 53363 7ff69c783b21 53360->53363 53362 7ff69c782e60 49 API calls 53361->53362 53365 7ff69c783b9b 53362->53365 53367 7ff69c78a100 _wfindfirst32i64 8 API calls 53363->53367 53368 7ff69c783bb9 53365->53368 53371 7ff69c781c50 86 API calls 53365->53371 53366 7ff69c783b4c 53369 7ff69c783b6a 53366->53369 53373 7ff69c781c50 86 API calls 53366->53373 53370 7ff69c7822de 53367->53370 53461 7ff69c786310 53368->53461 53455 7ff69c782d70 53369->53455 53370->53170 53382 7ff69c783e40 53370->53382 53371->53368 53373->53369 53375 7ff69c783bc6 53377 7ff69c783bed 53375->53377 53378 7ff69c783bcb 53375->53378 53466 7ff69c782f20 141 API calls 53377->53466 53465 7ff69c781cb0 86 API calls 53378->53465 53379 7ff69c786310 89 API calls 53379->53361 53383 7ff69c785af0 92 API calls 53382->53383 53385 7ff69c783e55 53383->53385 53384 7ff69c783e70 53386 7ff69c786db0 88 API calls 53384->53386 53385->53384 53387 7ff69c781c50 86 API calls 53385->53387 53388 7ff69c783eb4 53386->53388 53387->53384 53389 7ff69c783eb9 53388->53389 53390 7ff69c783ed0 53388->53390 53391 7ff69c781c50 86 API calls 53389->53391 53393 7ff69c786db0 88 API calls 53390->53393 53392 7ff69c783ec5 53391->53392 53392->53172 53394 7ff69c783f05 53393->53394 53396 7ff69c781b30 49 API calls 53394->53396 53408 7ff69c783f0a __vcrt_freefls 53394->53408 53395 7ff69c781c50 86 API calls 53397 7ff69c7840b1 53395->53397 53398 7ff69c783f87 53396->53398 53397->53172 53399 7ff69c783fb3 53398->53399 53400 7ff69c783f8e 53398->53400 53402 7ff69c786db0 88 API calls 53399->53402 53401 7ff69c781c50 86 API calls 53400->53401 53403 7ff69c783fa3 53401->53403 53404 7ff69c783fcc 53402->53404 53403->53172 53404->53408 53467 7ff69c783c20 53404->53467 53408->53395 53409 7ff69c78409a 53408->53409 53409->53172 53411 7ff69c783857 53410->53411 53411->53411 53412 7ff69c783880 53411->53412 53419 7ff69c783897 __vcrt_freefls 53411->53419 53413 7ff69c781c50 86 API calls 53412->53413 53414 7ff69c78388c 53413->53414 53414->53174 53415 7ff69c78397b 53415->53174 53416 7ff69c7812b0 120 API calls 53416->53419 53418 7ff69c781c50 86 API calls 53418->53419 53419->53415 53419->53416 53419->53418 53509 7ff69c781780 86 API calls 53419->53509 53422 7ff69c783aa7 53420->53422 53423 7ff69c7839bb 53420->53423 53422->53176 53423->53422 53424 7ff69c781c50 86 API calls 53423->53424 53510 7ff69c781780 86 API calls 53423->53510 53424->53423 53426 7ff69c7812f8 53425->53426 53427 7ff69c7812c6 53425->53427 53428 7ff69c78ec94 73 API calls 53426->53428 53429 7ff69c782de0 120 API calls 53427->53429 53430 7ff69c78130a 53428->53430 53431 7ff69c7812d6 53429->53431 53432 7ff69c78132f 53430->53432 53433 7ff69c78130e 53430->53433 53431->53426 53434 7ff69c7812de 53431->53434 53439 7ff69c781364 53432->53439 53440 7ff69c781344 53432->53440 53529 7ff69c781c10 86 API calls 53433->53529 53436 7ff69c781c50 86 API calls 53434->53436 53438 7ff69c7812ee 53436->53438 53437 7ff69c781325 53437->53192 53438->53192 53442 7ff69c78137e 53439->53442 53448 7ff69c781395 53439->53448 53530 7ff69c781c10 86 API calls 53440->53530 53511 7ff69c781050 53442->53511 53444 7ff69c78e95c _fread_nolock 53 API calls 53444->53448 53445 7ff69c781421 53445->53192 53446 7ff69c78e60c 74 API calls 53446->53445 53447 7ff69c78135f __vcrt_freefls 53447->53445 53447->53446 53448->53444 53448->53447 53449 7ff69c7813de 53448->53449 53531 7ff69c781c10 86 API calls 53449->53531 53451->53192 53453 7ff69c781b30 49 API calls 53452->53453 53454 7ff69c782e90 53453->53454 53454->53366 53456 7ff69c782d7a 53455->53456 53457 7ff69c786db0 88 API calls 53456->53457 53458 7ff69c782da2 53457->53458 53459 7ff69c78a100 _wfindfirst32i64 8 API calls 53458->53459 53460 7ff69c782dca 53459->53460 53460->53361 53460->53379 53462 7ff69c786db0 88 API calls 53461->53462 53463 7ff69c786327 LoadLibraryW 53462->53463 53464 7ff69c786344 __vcrt_freefls 53463->53464 53464->53375 53465->53363 53466->53363 53471 7ff69c783c3a 53467->53471 53468 7ff69c78a100 _wfindfirst32i64 8 API calls 53470 7ff69c783e10 53468->53470 53494 7ff69c786fb0 88 API calls __vcrt_freefls 53470->53494 53472 7ff69c783d53 53471->53472 53475 7ff69c783e29 53471->53475 53493 7ff69c783df1 53471->53493 53495 7ff69c795740 47 API calls 53471->53495 53496 7ff69c781780 86 API calls 53471->53496 53472->53493 53497 7ff69c7992e4 53472->53497 53477 7ff69c781c50 86 API calls 53475->53477 53477->53493 53479 7ff69c783d76 53480 7ff69c7992e4 _fread_nolock 37 API calls 53479->53480 53481 7ff69c783d88 53480->53481 53504 7ff69c79584c 39 API calls 3 library calls 53481->53504 53483 7ff69c783d94 53505 7ff69c795dd4 73 API calls 53483->53505 53485 7ff69c783da6 53506 7ff69c795dd4 73 API calls 53485->53506 53487 7ff69c783db8 53488 7ff69c794f7c 71 API calls 53487->53488 53489 7ff69c783dc9 53488->53489 53490 7ff69c794f7c 71 API calls 53489->53490 53491 7ff69c783ddd 53490->53491 53492 7ff69c794f7c 71 API calls 53491->53492 53492->53493 53493->53468 53494->53408 53495->53471 53496->53471 53498 7ff69c7992ed 53497->53498 53500 7ff69c783d6a 53497->53500 53507 7ff69c796088 11 API calls _wfindfirst32i64 53498->53507 53503 7ff69c79584c 39 API calls 3 library calls 53500->53503 53501 7ff69c7992f2 53508 7ff69c799f10 37 API calls _invalid_parameter_noinfo 53501->53508 53503->53479 53504->53483 53505->53485 53506->53487 53507->53501 53509->53419 53510->53423 53512 7ff69c7810a6 53511->53512 53513 7ff69c7810ad 53512->53513 53514 7ff69c7810d3 53512->53514 53515 7ff69c781c50 86 API calls 53513->53515 53517 7ff69c7810ed 53514->53517 53518 7ff69c781109 53514->53518 53516 7ff69c7810c0 53515->53516 53516->53447 53532 7ff69c781c10 86 API calls 53517->53532 53520 7ff69c78111b 53518->53520 53527 7ff69c781137 memcpy_s 53518->53527 53533 7ff69c781c10 86 API calls 53520->53533 53522 7ff69c78e95c _fread_nolock 53 API calls 53522->53527 53523 7ff69c781104 __vcrt_freefls 53523->53447 53524 7ff69c7811fe 53525 7ff69c781c50 86 API calls 53524->53525 53525->53523 53527->53522 53527->53523 53527->53524 53528 7ff69c78e6d0 37 API calls 53527->53528 53534 7ff69c78f09c 76 API calls 53527->53534 53528->53527 53529->53437 53530->53447 53531->53447 53532->53523 53533->53523 53534->53527 53536 7ff69c781dd6 53535->53536 53537 7ff69c781b30 49 API calls 53536->53537 53538 7ff69c781e0b 53537->53538 53539 7ff69c782c50 49 API calls 53538->53539 53565 7ff69c782211 53538->53565 53540 7ff69c781e7f 53539->53540 53593 7ff69c782230 53540->53593 53543 7ff69c781efa 53546 7ff69c782230 75 API calls 53543->53546 53544 7ff69c781ec1 53601 7ff69c785880 127 API calls 53544->53601 53548 7ff69c781f4c 53546->53548 53547 7ff69c781ec9 53549 7ff69c781eea 53547->53549 53602 7ff69c785760 138 API calls 2 library calls 53547->53602 53550 7ff69c781fb6 53548->53550 53551 7ff69c781f50 53548->53551 53552 7ff69c781c50 86 API calls 53549->53552 53556 7ff69c781ef3 53549->53556 53554 7ff69c782230 75 API calls 53550->53554 53603 7ff69c785880 127 API calls 53551->53603 53552->53556 53557 7ff69c781fe2 53554->53557 53560 7ff69c78a100 _wfindfirst32i64 8 API calls 53556->53560 53561 7ff69c782230 75 API calls 53557->53561 53569 7ff69c782042 53557->53569 53558 7ff69c781f58 53558->53549 53604 7ff69c785760 138 API calls 2 library calls 53558->53604 53563 7ff69c781fab 53560->53563 53566 7ff69c782012 53561->53566 53563->53204 53564 7ff69c781f75 53564->53549 53570 7ff69c7821f6 53564->53570 53567 7ff69c782230 75 API calls 53566->53567 53566->53569 53567->53569 53568 7ff69c781af0 86 API calls 53573 7ff69c7820af 53568->53573 53569->53565 53605 7ff69c785880 127 API calls 53569->53605 53571 7ff69c781c50 86 API calls 53570->53571 53574 7ff69c78216a 53571->53574 53572 7ff69c782052 53572->53565 53572->53568 53583 7ff69c78216f 53572->53583 53573->53565 53576 7ff69c781b30 49 API calls 53573->53576 53608 7ff69c781ab0 74 API calls __vcrt_freefls 53574->53608 53577 7ff69c7820d7 53576->53577 53577->53570 53579 7ff69c781b30 49 API calls 53577->53579 53578 7ff69c7821db 53578->53570 53607 7ff69c781440 158 API calls 2 library calls 53578->53607 53580 7ff69c782104 53579->53580 53580->53570 53582 7ff69c781b30 49 API calls 53580->53582 53584 7ff69c782131 53582->53584 53583->53578 53606 7ff69c781780 86 API calls 53583->53606 53584->53570 53586 7ff69c7817b0 121 API calls 53584->53586 53587 7ff69c782153 53586->53587 53587->53583 53588 7ff69c782157 53587->53588 53589 7ff69c781c50 86 API calls 53588->53589 53589->53574 53590->53204 53591->53197 53592->53204 53594 7ff69c782264 53593->53594 53609 7ff69c793c80 53594->53609 53597 7ff69c78229b 53599 7ff69c78a100 _wfindfirst32i64 8 API calls 53597->53599 53600 7ff69c781ebd 53599->53600 53600->53543 53600->53544 53601->53547 53602->53549 53603->53558 53604->53564 53605->53572 53606->53583 53607->53578 53608->53565 53611 7ff69c793cda 53609->53611 53610 7ff69c793cff 53644 7ff69c799e44 37 API calls 2 library calls 53610->53644 53611->53610 53612 7ff69c793d3b 53611->53612 53645 7ff69c7916c4 49 API calls _invalid_parameter_noinfo 53612->53645 53615 7ff69c793e18 53648 7ff69c799f78 11 API calls 2 library calls 53615->53648 53616 7ff69c793d29 53617 7ff69c78a100 _wfindfirst32i64 8 API calls 53616->53617 53620 7ff69c78228a 53617->53620 53619 7ff69c793dd2 53619->53615 53621 7ff69c793e3c 53619->53621 53622 7ff69c793ded 53619->53622 53625 7ff69c793de4 53619->53625 53620->53597 53627 7ff69c794e70 53620->53627 53621->53615 53623 7ff69c793e46 53621->53623 53646 7ff69c799f78 11 API calls 2 library calls 53622->53646 53647 7ff69c799f78 11 API calls 2 library calls 53623->53647 53625->53615 53625->53622 53628 7ff69c794e99 53627->53628 53629 7ff69c794e8d 53627->53629 53674 7ff69c794a84 45 API calls __FrameHandler3::FrameUnwindToEmptyState 53628->53674 53649 7ff69c7946e8 53629->53649 53632 7ff69c794ec1 53638 7ff69c794ed1 53632->53638 53675 7ff69c79e144 5 API calls __crtLCMapStringW 53632->53675 53635 7ff69c794f29 53636 7ff69c794f41 53635->53636 53637 7ff69c794f2d 53635->53637 53640 7ff69c7946e8 69 API calls 53636->53640 53639 7ff69c794e92 53637->53639 53677 7ff69c799f78 11 API calls 2 library calls 53637->53677 53676 7ff69c79456c 14 API calls 3 library calls 53638->53676 53639->53597 53642 7ff69c794f4d 53640->53642 53642->53639 53678 7ff69c799f78 11 API calls 2 library calls 53642->53678 53644->53616 53645->53619 53646->53616 53647->53616 53648->53616 53650 7ff69c79471f 53649->53650 53651 7ff69c794702 53649->53651 53650->53651 53653 7ff69c794732 CreateFileW 53650->53653 53679 7ff69c796068 11 API calls _wfindfirst32i64 53651->53679 53655 7ff69c794766 53653->53655 53656 7ff69c79479c 53653->53656 53654 7ff69c794707 53680 7ff69c796088 11 API calls _wfindfirst32i64 53654->53680 53682 7ff69c79483c 59 API calls 2 library calls 53655->53682 53683 7ff69c794d60 46 API calls 2 library calls 53656->53683 53660 7ff69c7947a1 53663 7ff69c7947d0 53660->53663 53664 7ff69c7947a5 53660->53664 53661 7ff69c79470f 53681 7ff69c799f10 37 API calls _invalid_parameter_noinfo 53661->53681 53662 7ff69c794774 53666 7ff69c794791 CloseHandle 53662->53666 53667 7ff69c79477b CloseHandle 53662->53667 53685 7ff69c794b20 51 API calls 53663->53685 53684 7ff69c795ffc 11 API calls 2 library calls 53664->53684 53670 7ff69c79471a 53666->53670 53667->53670 53670->53639 53671 7ff69c7947dd 53686 7ff69c794c5c 21 API calls _fread_nolock 53671->53686 53673 7ff69c7947af 53673->53670 53674->53632 53675->53638 53676->53635 53677->53639 53678->53639 53679->53654 53680->53661 53682->53662 53683->53660 53684->53673 53685->53671 53686->53673 53688 7ff69c781bb6 53687->53688 53701 7ff69c793b5c 53688->53701 53690 7ff69c781bcc 53691 7ff69c781d00 53690->53691 53692 7ff69c781d10 53691->53692 53693 7ff69c793c80 49 API calls 53692->53693 53694 7ff69c781d58 53693->53694 53717 7ff69c786bf0 MultiByteToWideChar 53694->53717 53696 7ff69c781d70 53697 7ff69c781b90 78 API calls 53696->53697 53698 7ff69c781d9e 53697->53698 53699 7ff69c78a100 _wfindfirst32i64 8 API calls 53698->53699 53700 7ff69c781c9b 53699->53700 53700->52903 53702 7ff69c793b86 53701->53702 53703 7ff69c793bbe 53702->53703 53704 7ff69c793bf1 53702->53704 53715 7ff69c799e44 37 API calls 2 library calls 53703->53715 53708 7ff69c78f140 53704->53708 53707 7ff69c793be7 53707->53690 53716 7ff69c79438c EnterCriticalSection 53708->53716 53710 7ff69c78f15d 53711 7ff69c791084 76 API calls 53710->53711 53712 7ff69c78f166 53711->53712 53713 7ff69c794398 _fread_nolock LeaveCriticalSection 53712->53713 53714 7ff69c78f170 53713->53714 53714->53707 53715->53707 53718 7ff69c786c39 53717->53718 53719 7ff69c786c53 53717->53719 53732 7ff69c781cb0 86 API calls 53718->53732 53721 7ff69c786c69 53719->53721 53722 7ff69c786c83 MultiByteToWideChar 53719->53722 53733 7ff69c781cb0 86 API calls 53721->53733 53724 7ff69c786ca6 53722->53724 53725 7ff69c786cc0 WideCharToMultiByte 53722->53725 53734 7ff69c781cb0 86 API calls 53724->53734 53727 7ff69c786cf6 53725->53727 53729 7ff69c786ced 53725->53729 53728 7ff69c786d1b WideCharToMultiByte 53727->53728 53727->53729 53728->53729 53731 7ff69c786c4c __vcrt_freefls 53728->53731 53735 7ff69c781cb0 86 API calls 53729->53735 53731->53696 53732->53731 53733->53731 53734->53731 53735->53731 53736->53217 53739 7ff69c79546c 53738->53739 53740 7ff69c795492 53739->53740 53743 7ff69c7954c5 53739->53743 53769 7ff69c796088 11 API calls _wfindfirst32i64 53740->53769 53742 7ff69c795497 53770 7ff69c799f10 37 API calls _invalid_parameter_noinfo 53742->53770 53744 7ff69c7954d8 53743->53744 53745 7ff69c7954cb 53743->53745 53757 7ff69c79a258 53744->53757 53771 7ff69c796088 11 API calls _wfindfirst32i64 53745->53771 53749 7ff69c782e39 53749->53228 53751 7ff69c7954f9 53764 7ff69c79f51c 53751->53764 53752 7ff69c7954ec 53772 7ff69c796088 11 API calls _wfindfirst32i64 53752->53772 53755 7ff69c79550c 53773 7ff69c794398 LeaveCriticalSection 53755->53773 53774 7ff69c79f808 EnterCriticalSection 53757->53774 53759 7ff69c79a26f 53760 7ff69c79a2cc 19 API calls 53759->53760 53761 7ff69c79a27a 53760->53761 53762 7ff69c79f868 _isindst LeaveCriticalSection 53761->53762 53763 7ff69c7954e2 53762->53763 53763->53751 53763->53752 53775 7ff69c79f218 53764->53775 53767 7ff69c79f576 53767->53755 53769->53742 53771->53749 53772->53749 53780 7ff69c79f253 __vcrt_FlsAlloc 53775->53780 53777 7ff69c79f4f1 53794 7ff69c799f10 37 API calls _invalid_parameter_noinfo 53777->53794 53779 7ff69c79f423 53779->53767 53787 7ff69c7a61dc 53779->53787 53785 7ff69c79f41a 53780->53785 53790 7ff69c7a54f4 51 API calls 3 library calls 53780->53790 53782 7ff69c79f485 53782->53785 53791 7ff69c7a54f4 51 API calls 3 library calls 53782->53791 53784 7ff69c79f4a4 53784->53785 53792 7ff69c7a54f4 51 API calls 3 library calls 53784->53792 53785->53779 53793 7ff69c796088 11 API calls _wfindfirst32i64 53785->53793 53795 7ff69c7a57dc 53787->53795 53790->53782 53791->53784 53792->53785 53793->53777 53796 7ff69c7a5811 53795->53796 53797 7ff69c7a57f3 53795->53797 53796->53797 53800 7ff69c7a582d 53796->53800 53849 7ff69c796088 11 API calls _wfindfirst32i64 53797->53849 53799 7ff69c7a57f8 53850 7ff69c799f10 37 API calls _invalid_parameter_noinfo 53799->53850 53806 7ff69c7a5dec 53800->53806 53804 7ff69c7a5804 53804->53767 53852 7ff69c7a5b20 53806->53852 53809 7ff69c7a5e61 53884 7ff69c796068 11 API calls _wfindfirst32i64 53809->53884 53810 7ff69c7a5e79 53872 7ff69c796e60 53810->53872 53813 7ff69c7a5e66 53885 7ff69c796088 11 API calls _wfindfirst32i64 53813->53885 53823 7ff69c7a5858 53823->53804 53851 7ff69c796e38 LeaveCriticalSection 53823->53851 53849->53799 53853 7ff69c7a5b4c 53852->53853 53861 7ff69c7a5b66 53852->53861 53853->53861 53897 7ff69c796088 11 API calls _wfindfirst32i64 53853->53897 53855 7ff69c7a5b5b 53898 7ff69c799f10 37 API calls _invalid_parameter_noinfo 53855->53898 53857 7ff69c7a5c35 53868 7ff69c7a5c92 53857->53868 53903 7ff69c7957dc 37 API calls 2 library calls 53857->53903 53858 7ff69c7a5be4 53858->53857 53901 7ff69c796088 11 API calls _wfindfirst32i64 53858->53901 53861->53858 53899 7ff69c796088 11 API calls _wfindfirst32i64 53861->53899 53862 7ff69c7a5c8e 53865 7ff69c7a5d10 53862->53865 53862->53868 53863 7ff69c7a5c2a 53902 7ff69c799f10 37 API calls _invalid_parameter_noinfo 53863->53902 53904 7ff69c799f30 17 API calls _wfindfirst32i64 53865->53904 53867 7ff69c7a5bd9 53900 7ff69c799f10 37 API calls _invalid_parameter_noinfo 53867->53900 53868->53809 53868->53810 53905 7ff69c79f808 EnterCriticalSection 53872->53905 53884->53813 53885->53823 53897->53855 53899->53867 53901->53863 53903->53862 53907 7ff69c797acc 53906->53907 53910 7ff69c7975a8 53907->53910 53909 7ff69c797ae5 53909->53236 53911 7ff69c7975f2 53910->53911 53912 7ff69c7975c3 53910->53912 53920 7ff69c79438c EnterCriticalSection 53911->53920 53921 7ff69c799e44 37 API calls 2 library calls 53912->53921 53915 7ff69c7975e3 53915->53909 53916 7ff69c7975f7 53917 7ff69c797614 38 API calls 53916->53917 53918 7ff69c797603 53917->53918 53919 7ff69c794398 _fread_nolock LeaveCriticalSection 53918->53919 53919->53915 53921->53915 53923 7ff69c78e431 53922->53923 53924 7ff69c78e403 53922->53924 53931 7ff69c78e423 53923->53931 53932 7ff69c79438c EnterCriticalSection 53923->53932 53933 7ff69c799e44 37 API calls 2 library calls 53924->53933 53927 7ff69c78e448 53928 7ff69c78e464 72 API calls 53927->53928 53929 7ff69c78e454 53928->53929 53930 7ff69c794398 _fread_nolock LeaveCriticalSection 53929->53930 53930->53931 53931->53242 53933->53931

                                                                                                                      Executed Functions

                                                                                                                      Function 00007FF69C7A5DEC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 152 7ff69c7a5dec-7ff69c7a5e5f call 7ff69c7a5b20 155 7ff69c7a5e61-7ff69c7a5e6a call 7ff69c796068 152->155 156 7ff69c7a5e79-7ff69c7a5e83 call 7ff69c796e60 152->156 163 7ff69c7a5e6d-7ff69c7a5e74 call 7ff69c796088 155->163 161 7ff69c7a5e9e-7ff69c7a5f07 CreateFileW 156->161 162 7ff69c7a5e85-7ff69c7a5e9c call 7ff69c796068 call 7ff69c796088 156->162 165 7ff69c7a5f84-7ff69c7a5f8f GetFileType 161->165 166 7ff69c7a5f09-7ff69c7a5f0f 161->166 162->163 179 7ff69c7a61ba-7ff69c7a61da 163->179 172 7ff69c7a5f91-7ff69c7a5fcc GetLastError call 7ff69c795ffc CloseHandle 165->172 173 7ff69c7a5fe2-7ff69c7a5fe9 165->173 169 7ff69c7a5f51-7ff69c7a5f7f GetLastError call 7ff69c795ffc 166->169 170 7ff69c7a5f11-7ff69c7a5f15 166->170 169->163 170->169 177 7ff69c7a5f17-7ff69c7a5f4f CreateFileW 170->177 172->163 186 7ff69c7a5fd2-7ff69c7a5fdd call 7ff69c796088 172->186 175 7ff69c7a5ff1-7ff69c7a5ff4 173->175 176 7ff69c7a5feb-7ff69c7a5fef 173->176 182 7ff69c7a5ffa-7ff69c7a604f call 7ff69c796d78 175->182 183 7ff69c7a5ff6 175->183 176->182 177->165 177->169 191 7ff69c7a606e-7ff69c7a609f call 7ff69c7a58a0 182->191 192 7ff69c7a6051-7ff69c7a605d call 7ff69c7a5d28 182->192 183->182 186->163 197 7ff69c7a60a1-7ff69c7a60a3 191->197 198 7ff69c7a60a5-7ff69c7a60e7 191->198 192->191 199 7ff69c7a605f 192->199 200 7ff69c7a6061-7ff69c7a6069 call 7ff69c79a0f0 197->200 201 7ff69c7a6109-7ff69c7a6114 198->201 202 7ff69c7a60e9-7ff69c7a60ed 198->202 199->200 200->179 204 7ff69c7a61b8 201->204 205 7ff69c7a611a-7ff69c7a611e 201->205 202->201 203 7ff69c7a60ef-7ff69c7a6104 202->203 203->201 204->179 205->204 208 7ff69c7a6124-7ff69c7a6169 CloseHandle CreateFileW 205->208 209 7ff69c7a619e-7ff69c7a61b3 208->209 210 7ff69c7a616b-7ff69c7a6199 GetLastError call 7ff69c795ffc call 7ff69c796fa0 208->210 209->204 210->209
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1617910340-0
                                                                                                                      • Opcode ID: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                                                                      • Instruction ID: 224d1ec9a288d918637213cfccc396347cc15e4e708dd6438aa8410a037937d3
                                                                                                                      • Opcode Fuzzy Hash: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                                                                      • Instruction Fuzzy Hash: FBC1CF33B28A4286EB60CF69C4916AD3771FB88BA8F010275DE2E9B795DF38D555C300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78A500 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 59578552-0
                                                                                                                      • Opcode ID: 7df629cd6e8306008f9e3eed4a483e0b5c85b3676623f040b2ff8f91b3e11bfb
                                                                                                                      • Instruction ID: 16aedd7f86cc2d39ef9b1134720cb688e286a078edd205e0aa0474e92020e567
                                                                                                                      • Opcode Fuzzy Hash: 7df629cd6e8306008f9e3eed4a483e0b5c85b3676623f040b2ff8f91b3e11bfb
                                                                                                                      • Instruction Fuzzy Hash: DEE0EC60E4E10386FA78776908834BC14B1DF46720F6002F9E21ECE3C2CD5D65925662
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7817B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _fread_nolock$_invalid_parameter_noinfo
                                                                                                                      • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                      • API String ID: 3405171723-4158440160
                                                                                                                      • Opcode ID: bed6261e8dff774c38eb5133a4526083c128e5741afcdf2626bc5d9c619855b3
                                                                                                                      • Instruction ID: 8d77f70883bd2c3e4f58d526c591f42f616ec5abfc1601d169aafcb5a81f10ac
                                                                                                                      • Opcode Fuzzy Hash: bed6261e8dff774c38eb5133a4526083c128e5741afcdf2626bc5d9c619855b3
                                                                                                                      • Instruction Fuzzy Hash: D6517E72A09A4386EB64CF25D49167837B0FF88BA8B518175DA0DCB399DF3CE540CB40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7812B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                      • API String ID: 0-3659356012
                                                                                                                      • Opcode ID: cabe82954e094bbc0339e02a780ea445080460d018c06c2a972aefb28105700c
                                                                                                                      • Instruction ID: cf0f05dade5f2648a4f1c2cefa7759d01a70907ee14d50197bb16ef99edaa0be
                                                                                                                      • Opcode Fuzzy Hash: cabe82954e094bbc0339e02a780ea445080460d018c06c2a972aefb28105700c
                                                                                                                      • Instruction Fuzzy Hash: E1414D22B4864382EA34DB11E890ABA63B0FF547E4F5544B2DF4D8BA55EE7CE546C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C781000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 278 7ff69c781000-7ff69c7827b6 call 7ff69c78e3e0 call 7ff69c78e3d8 call 7ff69c7867c0 call 7ff69c78a130 call 7ff69c794310 call 7ff69c794f7c call 7ff69c781af0 294 7ff69c7827bc-7ff69c7827cb call 7ff69c782cd0 278->294 295 7ff69c7828ca 278->295 294->295 300 7ff69c7827d1-7ff69c7827e4 call 7ff69c782ba0 294->300 297 7ff69c7828cf-7ff69c7828ef call 7ff69c78a100 295->297 300->295 304 7ff69c7827ea-7ff69c7827fd call 7ff69c782c50 300->304 304->295 307 7ff69c782803-7ff69c78282a call 7ff69c785af0 304->307 310 7ff69c78286c-7ff69c782894 call 7ff69c7860f0 call 7ff69c7819d0 307->310 311 7ff69c78282c-7ff69c78283b call 7ff69c785af0 307->311 322 7ff69c78297d-7ff69c78298e 310->322 323 7ff69c78289a-7ff69c7828b0 call 7ff69c7819d0 310->323 311->310 316 7ff69c78283d-7ff69c782843 311->316 318 7ff69c782845-7ff69c78284d 316->318 319 7ff69c78284f-7ff69c782869 call 7ff69c794138 call 7ff69c7860f0 316->319 318->319 319->310 325 7ff69c7829a3-7ff69c7829bb call 7ff69c786db0 322->325 326 7ff69c782990-7ff69c78299a call 7ff69c7824a0 322->326 332 7ff69c7828b2-7ff69c7828c5 call 7ff69c781c50 323->332 333 7ff69c7828f0-7ff69c7828f3 323->333 341 7ff69c7829bd-7ff69c7829c9 call 7ff69c781c50 325->341 342 7ff69c7829ce-7ff69c7829d5 SetDllDirectoryW 325->342 339 7ff69c78299c 326->339 340 7ff69c7829db-7ff69c7829e8 call 7ff69c784fa0 326->340 332->295 333->322 338 7ff69c7828f9-7ff69c782910 call 7ff69c782de0 333->338 351 7ff69c782917-7ff69c782943 call 7ff69c786360 338->351 352 7ff69c782912-7ff69c782915 338->352 339->325 349 7ff69c7829ea-7ff69c7829fa call 7ff69c784c40 340->349 350 7ff69c782a36-7ff69c782a3b call 7ff69c784f20 340->350 341->295 342->340 349->350 364 7ff69c7829fc-7ff69c782a0b call 7ff69c7847a0 349->364 358 7ff69c782a40-7ff69c782a43 350->358 365 7ff69c78296d-7ff69c78297b 351->365 366 7ff69c782945-7ff69c78294d call 7ff69c78e60c 351->366 355 7ff69c782952-7ff69c782968 call 7ff69c781c50 352->355 355->295 362 7ff69c782a49-7ff69c782a56 358->362 363 7ff69c782af6-7ff69c782afe call 7ff69c782330 358->363 368 7ff69c782a60-7ff69c782a6a 362->368 375 7ff69c782b03-7ff69c782b05 363->375 378 7ff69c782a0d-7ff69c782a19 call 7ff69c784730 364->378 379 7ff69c782a2c-7ff69c782a31 call 7ff69c7849f0 364->379 365->326 366->355 372 7ff69c782a6c-7ff69c782a71 368->372 373 7ff69c782a73-7ff69c782a75 368->373 372->368 372->373 376 7ff69c782a77-7ff69c782a9a call 7ff69c781b30 373->376 377 7ff69c782ac1-7ff69c782ad6 call 7ff69c782490 call 7ff69c7822d0 call 7ff69c782480 373->377 375->295 380 7ff69c782b0b-7ff69c782b42 call 7ff69c786080 call 7ff69c785af0 call 7ff69c784540 375->380 376->295 392 7ff69c782aa0-7ff69c782aab 376->392 402 7ff69c782adb-7ff69c782af1 call 7ff69c7849f0 call 7ff69c784f20 377->402 378->379 393 7ff69c782a1b-7ff69c782a2a call 7ff69c784df0 378->393 379->350 380->295 403 7ff69c782b48-7ff69c782b7d call 7ff69c782490 call 7ff69c786130 call 7ff69c7849f0 call 7ff69c784f20 380->403 396 7ff69c782ab0-7ff69c782abf 392->396 393->358 396->377 396->396 402->297 416 7ff69c782b87-7ff69c782b91 call 7ff69c781ab0 403->416 417 7ff69c782b7f-7ff69c782b82 call 7ff69c785df0 403->417 416->297 417->416
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00007FF69C782CD0: GetModuleFileNameW.KERNEL32(?,00007FF69C7827C9,?,?,?,?,?,?), ref: 00007FF69C782D01
                                                                                                                      • SetDllDirectoryW.KERNEL32 ref: 00007FF69C7829D5
                                                                                                                        • Part of subcall function 00007FF69C785AF0: GetEnvironmentVariableW.KERNEL32(00007FF69C782817,?,?,?,?,?,?), ref: 00007FF69C785B2A
                                                                                                                        • Part of subcall function 00007FF69C785AF0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF69C785B47
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                      • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                      • API String ID: 2344891160-3602715111
                                                                                                                      • Opcode ID: 4b43ed5aca35e3dd32c97dc69cc98798f2bec0413c73ade8f5adb2066d4db026
                                                                                                                      • Instruction ID: dccd3f9d12306bb1a1b2d877eb6ed93effe38c9263d7646459d2a6c4723daee0
                                                                                                                      • Opcode Fuzzy Hash: 4b43ed5aca35e3dd32c97dc69cc98798f2bec0413c73ade8f5adb2066d4db026
                                                                                                                      • Instruction Fuzzy Hash: BDC16121A1C68351EA74AB2294D1AFD17B1FF84795F4040B2EB4DCF69BEF2CE6058710
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C781050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 421 7ff69c781050-7ff69c7810ab call 7ff69c789990 424 7ff69c7810ad-7ff69c7810d2 call 7ff69c781c50 421->424 425 7ff69c7810d3-7ff69c7810eb call 7ff69c79414c 421->425 430 7ff69c7810ed-7ff69c781104 call 7ff69c781c10 425->430 431 7ff69c781109-7ff69c781119 call 7ff69c79414c 425->431 436 7ff69c78126c-7ff69c7812a0 call 7ff69c789670 call 7ff69c794138 * 2 430->436 437 7ff69c78111b-7ff69c781132 call 7ff69c781c10 431->437 438 7ff69c781137-7ff69c781147 431->438 437->436 441 7ff69c781150-7ff69c781175 call 7ff69c78e95c 438->441 447 7ff69c78117b-7ff69c781185 call 7ff69c78e6d0 441->447 448 7ff69c78125e 441->448 447->448 455 7ff69c78118b-7ff69c781197 447->455 452 7ff69c781264 448->452 452->436 456 7ff69c7811a0-7ff69c7811b5 call 7ff69c787de0 455->456 458 7ff69c7811ba-7ff69c7811c8 456->458 459 7ff69c7811ca-7ff69c7811cd 458->459 460 7ff69c781241-7ff69c78125c call 7ff69c781c50 458->460 461 7ff69c78123c 459->461 462 7ff69c7811cf-7ff69c7811d9 459->462 460->452 461->460 464 7ff69c7811db-7ff69c7811f0 call 7ff69c78f09c 462->464 465 7ff69c781203-7ff69c781206 462->465 476 7ff69c7811f2-7ff69c7811fc call 7ff69c78e6d0 464->476 477 7ff69c7811fe-7ff69c781201 464->477 467 7ff69c781219-7ff69c78121e 465->467 468 7ff69c781208-7ff69c781216 call 7ff69c78aec0 465->468 467->456 471 7ff69c781220-7ff69c781223 467->471 468->467 474 7ff69c781237-7ff69c78123a 471->474 475 7ff69c781225-7ff69c781228 471->475 474->452 475->460 478 7ff69c78122a-7ff69c781232 475->478 476->467 476->477 477->460 478->441
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                      • API String ID: 0-1655038675
                                                                                                                      • Opcode ID: ad1d5c708e0e1f1d3b9565d7782decd6f7c4dfa5a4b923ce9d46d716d778b2b5
                                                                                                                      • Instruction ID: 821e8b18f56e07cfb33dce1a1626e61310f8f59bef54e17261961ebcf3bc8ab9
                                                                                                                      • Opcode Fuzzy Hash: ad1d5c708e0e1f1d3b9565d7782decd6f7c4dfa5a4b923ce9d46d716d778b2b5
                                                                                                                      • Instruction Fuzzy Hash: 2751C022B0968386EA70DB51E890BBA62B0FB857A4F448171DF4DCB795EF3CE545C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79DF30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • FreeLibrary.KERNEL32(?,00000000,?,00007FF69C79E2CA,?,?,-00000018,00007FF69C79A383,?,?,?,00007FF69C79A27A,?,?,?,00007FF69C7954E2), ref: 00007FF69C79E0AC
                                                                                                                      • GetProcAddress.KERNEL32(?,00000000,?,00007FF69C79E2CA,?,?,-00000018,00007FF69C79A383,?,?,?,00007FF69C79A27A,?,?,?,00007FF69C7954E2), ref: 00007FF69C79E0B8
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                      • API String ID: 3013587201-537541572
                                                                                                                      • Opcode ID: 5d4014bca18f9f9ee9ee76f308e7221266f6712ab36b1d3e30b229e2872ef72f
                                                                                                                      • Instruction ID: ddd2d43c056958e1cfdf3b53fa8c71bbf445876b14765c2153b7eaaa7f031362
                                                                                                                      • Opcode Fuzzy Hash: 5d4014bca18f9f9ee9ee76f308e7221266f6712ab36b1d3e30b229e2872ef72f
                                                                                                                      • Instruction Fuzzy Hash: 7C41B022B1AA1381FA758B1AA8006B623B6FF49BE0F684575DD1DCF784EE3DE4458304
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79B08C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 507 7ff69c79b08c-7ff69c79b0b2 508 7ff69c79b0b4-7ff69c79b0c8 call 7ff69c796068 call 7ff69c796088 507->508 509 7ff69c79b0cd-7ff69c79b0d1 507->509 527 7ff69c79b4be 508->527 511 7ff69c79b4a7-7ff69c79b4b3 call 7ff69c796068 call 7ff69c796088 509->511 512 7ff69c79b0d7-7ff69c79b0de 509->512 529 7ff69c79b4b9 call 7ff69c799f10 511->529 512->511 515 7ff69c79b0e4-7ff69c79b112 512->515 515->511 516 7ff69c79b118-7ff69c79b11f 515->516 519 7ff69c79b121-7ff69c79b133 call 7ff69c796068 call 7ff69c796088 516->519 520 7ff69c79b138-7ff69c79b13b 516->520 519->529 525 7ff69c79b141-7ff69c79b147 520->525 526 7ff69c79b4a3-7ff69c79b4a5 520->526 525->526 531 7ff69c79b14d-7ff69c79b150 525->531 530 7ff69c79b4c1-7ff69c79b4d8 526->530 527->530 529->527 531->519 534 7ff69c79b152-7ff69c79b177 531->534 536 7ff69c79b179-7ff69c79b17b 534->536 537 7ff69c79b1aa-7ff69c79b1b1 534->537 540 7ff69c79b1a2-7ff69c79b1a8 536->540 541 7ff69c79b17d-7ff69c79b184 536->541 538 7ff69c79b1b3-7ff69c79b1db call 7ff69c79cc2c call 7ff69c799f78 * 2 537->538 539 7ff69c79b186-7ff69c79b19d call 7ff69c796068 call 7ff69c796088 call 7ff69c799f10 537->539 570 7ff69c79b1f8-7ff69c79b223 call 7ff69c79b8b4 538->570 571 7ff69c79b1dd-7ff69c79b1f3 call 7ff69c796088 call 7ff69c796068 538->571 568 7ff69c79b330 539->568 542 7ff69c79b228-7ff69c79b23f 540->542 541->539 541->540 545 7ff69c79b241-7ff69c79b249 542->545 546 7ff69c79b2ba-7ff69c79b2c4 call 7ff69c7a2abc 542->546 545->546 549 7ff69c79b24b-7ff69c79b24d 545->549 557 7ff69c79b34e 546->557 558 7ff69c79b2ca-7ff69c79b2df 546->558 549->546 555 7ff69c79b24f-7ff69c79b265 549->555 555->546 560 7ff69c79b267-7ff69c79b273 555->560 566 7ff69c79b353-7ff69c79b373 ReadFile 557->566 558->557 562 7ff69c79b2e1-7ff69c79b2f3 GetConsoleMode 558->562 560->546 564 7ff69c79b275-7ff69c79b277 560->564 562->557 567 7ff69c79b2f5-7ff69c79b2fd 562->567 564->546 569 7ff69c79b279-7ff69c79b291 564->569 572 7ff69c79b379-7ff69c79b381 566->572 573 7ff69c79b46d-7ff69c79b476 GetLastError 566->573 567->566 576 7ff69c79b2ff-7ff69c79b321 ReadConsoleW 567->576 579 7ff69c79b333-7ff69c79b33d call 7ff69c799f78 568->579 569->546 580 7ff69c79b293-7ff69c79b29f 569->580 570->542 571->568 572->573 574 7ff69c79b387 572->574 577 7ff69c79b493-7ff69c79b496 573->577 578 7ff69c79b478-7ff69c79b48e call 7ff69c796088 call 7ff69c796068 573->578 582 7ff69c79b38e-7ff69c79b3a3 574->582 584 7ff69c79b323 GetLastError 576->584 585 7ff69c79b342-7ff69c79b34c 576->585 589 7ff69c79b329-7ff69c79b32b call 7ff69c795ffc 577->589 590 7ff69c79b49c-7ff69c79b49e 577->590 578->568 579->530 580->546 588 7ff69c79b2a1-7ff69c79b2a3 580->588 582->579 592 7ff69c79b3a5-7ff69c79b3b0 582->592 584->589 585->582 588->546 596 7ff69c79b2a5-7ff69c79b2b5 588->596 589->568 590->579 599 7ff69c79b3b2-7ff69c79b3cb call 7ff69c79aca4 592->599 600 7ff69c79b3d7-7ff69c79b3df 592->600 596->546 607 7ff69c79b3d0-7ff69c79b3d2 599->607 603 7ff69c79b3e1-7ff69c79b3f3 600->603 604 7ff69c79b45b-7ff69c79b468 call 7ff69c79aae4 600->604 608 7ff69c79b44e-7ff69c79b456 603->608 609 7ff69c79b3f5 603->609 604->607 607->579 608->579 611 7ff69c79b3fa-7ff69c79b401 609->611 612 7ff69c79b403-7ff69c79b407 611->612 613 7ff69c79b43d-7ff69c79b448 611->613 614 7ff69c79b423 612->614 615 7ff69c79b409-7ff69c79b410 612->615 613->608 617 7ff69c79b429-7ff69c79b439 614->617 615->614 616 7ff69c79b412-7ff69c79b416 615->616 616->614 619 7ff69c79b418-7ff69c79b421 616->619 617->611 618 7ff69c79b43b 617->618 618->608 619->617
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: ee59720b79a9e47793a9da6a02bda62818bcb6e59e1f7582f0fe7a757ca616f9
                                                                                                                      • Instruction ID: 82f7d6ac986babecf3a28d8c6614c612b2433f3acca0bba6fa0b3d8d3728bba1
                                                                                                                      • Opcode Fuzzy Hash: ee59720b79a9e47793a9da6a02bda62818bcb6e59e1f7582f0fe7a757ca616f9
                                                                                                                      • Instruction Fuzzy Hash: 48C1E132A0CA8791EB709B1594402BE7BB1FB81BD0F5542B5DA4E8B7D1CF7DE8498701
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79C590 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 842 7ff69c79c590-7ff69c79c5b5 843 7ff69c79c883 842->843 844 7ff69c79c5bb-7ff69c79c5be 842->844 847 7ff69c79c885-7ff69c79c895 843->847 845 7ff69c79c5c0-7ff69c79c5f2 call 7ff69c799e44 844->845 846 7ff69c79c5f7-7ff69c79c623 844->846 845->847 849 7ff69c79c62e-7ff69c79c634 846->849 850 7ff69c79c625-7ff69c79c62c 846->850 852 7ff69c79c644-7ff69c79c659 call 7ff69c7a2abc 849->852 853 7ff69c79c636-7ff69c79c63f call 7ff69c79b950 849->853 850->845 850->849 857 7ff69c79c65f-7ff69c79c668 852->857 858 7ff69c79c773-7ff69c79c77c 852->858 853->852 857->858 861 7ff69c79c66e-7ff69c79c672 857->861 859 7ff69c79c77e-7ff69c79c784 858->859 860 7ff69c79c7d0-7ff69c79c7f5 WriteFile 858->860 866 7ff69c79c786-7ff69c79c789 859->866 867 7ff69c79c7bc-7ff69c79c7c9 call 7ff69c79c048 859->867 864 7ff69c79c800 860->864 865 7ff69c79c7f7-7ff69c79c7fd GetLastError 860->865 862 7ff69c79c683-7ff69c79c68e 861->862 863 7ff69c79c674-7ff69c79c67c call 7ff69c793830 861->863 869 7ff69c79c69f-7ff69c79c6b4 GetConsoleMode 862->869 870 7ff69c79c690-7ff69c79c699 862->870 863->862 872 7ff69c79c803 864->872 865->864 873 7ff69c79c7a8-7ff69c79c7ba call 7ff69c79c268 866->873 874 7ff69c79c78b-7ff69c79c78e 866->874 879 7ff69c79c7ce 867->879 877 7ff69c79c6ba-7ff69c79c6c0 869->877 878 7ff69c79c76c 869->878 870->858 870->869 880 7ff69c79c808 872->880 887 7ff69c79c760-7ff69c79c767 873->887 881 7ff69c79c814-7ff69c79c81e 874->881 882 7ff69c79c794-7ff69c79c7a6 call 7ff69c79c14c 874->882 885 7ff69c79c6c6-7ff69c79c6c9 877->885 886 7ff69c79c749-7ff69c79c75b call 7ff69c79bbd0 877->886 878->858 879->887 888 7ff69c79c80d 880->888 889 7ff69c79c820-7ff69c79c825 881->889 890 7ff69c79c87c-7ff69c79c881 881->890 882->887 894 7ff69c79c6d4-7ff69c79c6e2 885->894 895 7ff69c79c6cb-7ff69c79c6ce 885->895 886->887 887->880 888->881 891 7ff69c79c853-7ff69c79c85d 889->891 892 7ff69c79c827-7ff69c79c82a 889->892 890->847 899 7ff69c79c85f-7ff69c79c862 891->899 900 7ff69c79c864-7ff69c79c873 891->900 897 7ff69c79c843-7ff69c79c84e call 7ff69c796044 892->897 898 7ff69c79c82c-7ff69c79c83b 892->898 901 7ff69c79c740-7ff69c79c744 894->901 902 7ff69c79c6e4 894->902 895->888 895->894 897->891 898->897 899->843 899->900 900->890 901->872 904 7ff69c79c6e8-7ff69c79c6ff call 7ff69c7a2b88 902->904 908 7ff69c79c701-7ff69c79c70d 904->908 909 7ff69c79c737-7ff69c79c73d GetLastError 904->909 910 7ff69c79c70f-7ff69c79c721 call 7ff69c7a2b88 908->910 911 7ff69c79c72c-7ff69c79c733 908->911 909->901 910->909 915 7ff69c79c723-7ff69c79c72a 910->915 911->901 913 7ff69c79c735 911->913 913->904 915->911
                                                                                                                      APIs
                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF69C79C57B), ref: 00007FF69C79C6AC
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF69C79C57B), ref: 00007FF69C79C737
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ConsoleErrorLastMode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 953036326-0
                                                                                                                      • Opcode ID: 1ee269c4fb3492fdab786e16ea0be33da994e1b3a3006f3c14cd8905a42bf150
                                                                                                                      • Instruction ID: 59cdb746823a71318d7daa37a5addfb5433ed18be56a2a729413a28b3af76ac7
                                                                                                                      • Opcode Fuzzy Hash: 1ee269c4fb3492fdab786e16ea0be33da994e1b3a3006f3c14cd8905a42bf150
                                                                                                                      • Instruction Fuzzy Hash: 02919F72E1865385FB708F7A94506BD2BB0FB44B98F5441B9DE0EABA85DF38D486C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7946E8 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279662727-0
                                                                                                                      • Opcode ID: 6f171c56c4af514848e95b4e04b562bbb562cc25ad397f2cc98f1fee1aaa5281
                                                                                                                      • Instruction ID: cf49d62348ff3ed73f3cbf8a1e0ac0fa283afe20461f1c60256934f32fd9f39a
                                                                                                                      • Opcode Fuzzy Hash: 6f171c56c4af514848e95b4e04b562bbb562cc25ad397f2cc98f1fee1aaa5281
                                                                                                                      • Instruction Fuzzy Hash: 1441B032E1878387F7608B6195103797370FBA57A8F109374EA9C8BAD5DF6CA5A08B10
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78A51C Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3058843127-0
                                                                                                                      • Opcode ID: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                                                                      • Instruction ID: 57296c7966a48b1006b2ae3438622c904f6a462f58703f208bce464c2353b7a8
                                                                                                                      • Opcode Fuzzy Hash: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                                                                      • Instruction Fuzzy Hash: 12314C21E0820382FA70AB21D595BB923B1EF857A4F4444B5EB0DCF6DBDE2DEA45C741
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7989E8 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1703294689-0
                                                                                                                      • Opcode ID: fc68bfbf785dc4e8d02d30f22ac316467e06faf73d836825e3014864920bd8dd
                                                                                                                      • Instruction ID: 5873ebd940acabdcbc5f246bda28eb8570783bf62d6b64ebb9a4f0deb00f404b
                                                                                                                      • Opcode Fuzzy Hash: fc68bfbf785dc4e8d02d30f22ac316467e06faf73d836825e3014864920bd8dd
                                                                                                                      • Instruction Fuzzy Hash: 09D06C20B0874387EB686B71989517A6271EF88761F0414B8C84B8A393DE2DE94D4B40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04912FBD Relevance: 3.9, APIs: 3, Instructions: 107COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: freemalloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3061335427-0
                                                                                                                      • Opcode ID: 90faeaecf5bf97e80e96f9d18ac3a7f8d56ec69de713acc21b4512af470592a2
                                                                                                                      • Instruction ID: b34dc74de94fe73e8a6a80661f010135c62eb9693ad0ef0ea33b52a51286b091
                                                                                                                      • Opcode Fuzzy Hash: 90faeaecf5bf97e80e96f9d18ac3a7f8d56ec69de713acc21b4512af470592a2
                                                                                                                      • Instruction Fuzzy Hash: B0317F25F1978181FE548B67B48013AA3A0FF8AFD0F584435EE5E47B59DF2CE8918B00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78E6FC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: 91f838de0bf1c0634cfb639a0c406c35748c40ae1573d712d08faa75350ec251
                                                                                                                      • Instruction ID: 77079b79ee7cb0aa1a420dc90d3edc19bb35e13a0c6f427a574ddaecca71d599
                                                                                                                      • Opcode Fuzzy Hash: 91f838de0bf1c0634cfb639a0c406c35748c40ae1573d712d08faa75350ec251
                                                                                                                      • Instruction Fuzzy Hash: 2451E465B0964346FA789A369480A7A66A1FF40BF8F484774DF6C8B7C5CF3CE4018701
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79C048 Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 442123175-0
                                                                                                                      • Opcode ID: 48497a76b3055afe52661005fd715ce1d46b06a16acad2e21dfde3d81f02aed8
                                                                                                                      • Instruction ID: 169e656facd0b403609dcf2478abeafaf9c682355d828699f51694d4dca8c699
                                                                                                                      • Opcode Fuzzy Hash: 48497a76b3055afe52661005fd715ce1d46b06a16acad2e21dfde3d81f02aed8
                                                                                                                      • Instruction Fuzzy Hash: 0A31AE72A18A829AEB209F19E8802A977B0FB587C0F444072EB4D8B755EE3CD556CB00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79BA48 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileHandleType
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3000768030-0
                                                                                                                      • Opcode ID: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                                                                      • Instruction ID: f16c30cd9f4ed63bd4aca20e2b43580b8687b5fd84202613e040401e5da597ab
                                                                                                                      • Opcode Fuzzy Hash: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                                                                      • Instruction Fuzzy Hash: 56319822A18B4791DB748B1595905787A70FB56BB0F681379DB6E8B3E4CF38E4A1D300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78A430 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3548387204-0
                                                                                                                      • Opcode ID: e73ddc723508b0491e4b94715f99b78742a126c962af343d9941132424497e48
                                                                                                                      • Instruction ID: f86b569db9a177996d56ec784fabf0df6b610f7f71030429e8e2055340a477bf
                                                                                                                      • Opcode Fuzzy Hash: e73ddc723508b0491e4b94715f99b78742a126c962af343d9941132424497e48
                                                                                                                      • Instruction Fuzzy Hash: 29119B50E0C20342FA7477B554EAABC11B1DF94324F6504F4E71DCE6D3ED5CBA868262
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA049155F6 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: memmove
                                                                                                                      • String ID: ..\s\crypto\asn1\tasn_utl.c
                                                                                                                      • API String ID: 2162964266-2379504382
                                                                                                                      • Opcode ID: c5bd70fa23e2b56b434a305efe79944bce5f42bbae6be7a80f2c75f930131929
                                                                                                                      • Instruction ID: b43ab4abc99dccded9cf099674e3f88cfcf321fee1e46f21f5fb7b31c330f986
                                                                                                                      • Opcode Fuzzy Hash: c5bd70fa23e2b56b434a305efe79944bce5f42bbae6be7a80f2c75f930131929
                                                                                                                      • Instruction Fuzzy Hash: 79213126A09A4185EA10DF75F091379ABA0FF86BC4F58C435DE4C07B96DF7DE5418B00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79A188 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindCloseChangeNotification.KERNEL32(?,?,?,00007FF69C79A005,?,?,00000000,00007FF69C79A0BA), ref: 00007FF69C79A1F6
                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF69C79A005,?,?,00000000,00007FF69C79A0BA), ref: 00007FF69C79A200
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1687624791-0
                                                                                                                      • Opcode ID: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                                                                      • Instruction ID: 2fb58d43efea6c72195f22310c2517cd6bcfcbc33f3f0b2687635c73d0ac2bc9
                                                                                                                      • Opcode Fuzzy Hash: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                                                                      • Instruction Fuzzy Hash: B121C021F1964341FEB09766989427E22B2EF847F4F5842B5DA2ECF3C6DE6CE5458300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79B764 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF69C79B750,00000000,?,?,?,00007FF69C781023,00007FF69C79B859), ref: 00007FF69C79B7B0
                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00007FF69C79B750,00000000,?,?,?,00007FF69C781023,00007FF69C79B859), ref: 00007FF69C79B7BA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorFileLastPointer
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2976181284-0
                                                                                                                      • Opcode ID: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                                                                      • Instruction ID: e10293e4a8896a1ee501131c98b0ed445d9ef08dfb9850f811b378431e1c1b8a
                                                                                                                      • Opcode Fuzzy Hash: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                                                                      • Instruction Fuzzy Hash: 5511CE62A18A8381DA708B3AA844069A371EB84BF4F545372EE7D8F7E9DE3CD0558700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A1BFC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF69C7981E6,?,?,00000000,00007FF69C7986DA,?,?,?,?,00007FF69C7A05A4,?,?,00000000), ref: 00007FF69C7A1C10
                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF69C7981E6,?,?,00000000,00007FF69C7986DA,?,?,?,?,00007FF69C7A05A4,?,?,00000000), ref: 00007FF69C7A1C7A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnvironmentStrings$Free
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3328510275-0
                                                                                                                      • Opcode ID: 88de1132cf0756e951a59962b5db98af525e8dcc68c8a65b856a8e93ce024262
                                                                                                                      • Instruction ID: 4e310e3e1c4e9727a68570c3886d07c5278561f6ed65864b717cd315a49cf4a1
                                                                                                                      • Opcode Fuzzy Hash: 88de1132cf0756e951a59962b5db98af525e8dcc68c8a65b856a8e93ce024262
                                                                                                                      • Instruction Fuzzy Hash: 4001C411E1876382FB34AB21740102A63B0EF94FF0B484670EF6E5BBC5DE2CE8428740
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79B4DC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                                                                      • Instruction ID: 6ac459f898f31ba28a16c4a163367f3b276ca90eee18052156fe32bcdafe8981
                                                                                                                      • Opcode Fuzzy Hash: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                                                                      • Instruction Fuzzy Hash: 4D41CF3290864387FA34CB19A54127973B1EB56B90F140175DA8ECB7D5DF2CE402C751
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786360 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _fread_nolock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 840049012-0
                                                                                                                      • Opcode ID: ecba16b5651eabcd283c4ab7773f504ce5ff6e7a0524a92303ef0f4e705ed3eb
                                                                                                                      • Instruction ID: 3f16642c7eaa28435b0ec8cf981e1bc6e5da30afc51b50c35b9c1a2b6edca2b1
                                                                                                                      • Opcode Fuzzy Hash: ecba16b5651eabcd283c4ab7773f504ce5ff6e7a0524a92303ef0f4e705ed3eb
                                                                                                                      • Instruction Fuzzy Hash: 22219121B0869356FE249B126984BBEA661FF45BD4F884470EF1D8F786DF7CE145C204
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79AF6C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: 215bf1b77ccde561eed8eea60c34a1d65fc1379a1c4c4c23abd8e86c97fd8e23
                                                                                                                      • Instruction ID: a94c71545854c68a040015735cd57e5caeb0db96e116776c1f4964a5233ba451
                                                                                                                      • Opcode Fuzzy Hash: 215bf1b77ccde561eed8eea60c34a1d65fc1379a1c4c4c23abd8e86c97fd8e23
                                                                                                                      • Instruction Fuzzy Hash: BD31B362E18A0385F771AB59888237C3670EF40BA4F4102B5E91E8F3D2DF7DE9468721
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C798919 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3947729631-0
                                                                                                                      • Opcode ID: 7474e071a48ef7130f5acd4d7b35ddfbaeb0d66e7037ac086cf5d56d8c80b409
                                                                                                                      • Instruction ID: da286fac549de87f519e75b109a902cca3a68b314863ef092060162ec2d308e9
                                                                                                                      • Opcode Fuzzy Hash: 7474e071a48ef7130f5acd4d7b35ddfbaeb0d66e7037ac086cf5d56d8c80b409
                                                                                                                      • Instruction Fuzzy Hash: CA218C72A087078AEB349F64C4442FC3BB0EB44728F08567AD66D8AAC5DF38D584CB81
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C795538 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                                                                      • Instruction ID: c1267f9eebd40298a48cf2c00a48b15e95007572602a6086aa59a15a49852321
                                                                                                                      • Opcode Fuzzy Hash: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                                                                      • Instruction Fuzzy Hash: 5911B421A1C65381EAF09F51940127DA2B0FF85B80F4846B1EB8CDFB96CF7DE8015740
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A57DC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                                                                      • Instruction ID: 77f1bec3c38a44cfecf8555fa028dc14e5c6701cc8e3eec3d2e88d92d8eb8f97
                                                                                                                      • Opcode Fuzzy Hash: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                                                                      • Instruction Fuzzy Hash: 58215032A18A4386DBB58F29E44077976B0FBC4BA4F544274EA5D8B6D9DF3DD4058B00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78E97C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3215553584-0
                                                                                                                      • Opcode ID: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                                                                      • Instruction ID: c3631b770ee68b18c92ec6158e17cfa7c6bcfbea6c436f6bcf7668677e53edb7
                                                                                                                      • Opcode Fuzzy Hash: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                                                                      • Instruction Fuzzy Hash: 73010425B08B5380EA64DB629840479AAB1FF82FE0F0846B1DF5C9BBDACF7CD4018300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79DEB8 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF69C79AA16,?,?,?,00007FF69C799BD3,?,?,00000000,00007FF69C799E6E), ref: 00007FF69C79DF0D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                                                                      • Instruction ID: ec4a589262f368598a7289b7c3861dd4c7e2b0e29f3890a793d9ececb0b7647b
                                                                                                                      • Opcode Fuzzy Hash: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                                                                      • Instruction Fuzzy Hash: 8AF09054B0920341FE789B6599523B452B5DFB8B80F4C44B0DA0ECE7D2EE2CE4824220
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79CC2C Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(?,?,?,00007FF69C78F1E4,?,?,?,00007FF69C7906F6,?,?,?,?,?,00007FF69C79275D), ref: 00007FF69C79CC6A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: b827a7ab023d1767f95784f6f7fefaf86c66ee15463514ccfd07e797832e7771
                                                                                                                      • Instruction ID: 192ba6ad6c442a97d726976aa7ff6d943de6c0ac2b6f454345e119d4d685d40e
                                                                                                                      • Opcode Fuzzy Hash: b827a7ab023d1767f95784f6f7fefaf86c66ee15463514ccfd07e797832e7771
                                                                                                                      • Instruction Fuzzy Hash: D2F08C50B0D24741FE7957BA595267516B0CF86BB0F0843B4DD2ECD3D2DE2DE4809210
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786310 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00007FF69C786DB0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF69C786DEA
                                                                                                                      • LoadLibraryW.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C786333
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2592636585-0
                                                                                                                      • Opcode ID: 4f2292e1e78b6b04c2ade65416a023b90951e6264d27b8cd69ba397aaf3470f3
                                                                                                                      • Instruction ID: a902275a95fec241dcd54cc09759b769b454eab8d3bdea8e76c40a290c0c912e
                                                                                                                      • Opcode Fuzzy Hash: 4f2292e1e78b6b04c2ade65416a023b90951e6264d27b8cd69ba397aaf3470f3
                                                                                                                      • Instruction Fuzzy Hash: 68E08621B1454252DE689767A94646AA261EF88BC0F489035DF0D8B755DD2CD4914B00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04912B58 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Free
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3978063606-0
                                                                                                                      • Opcode ID: 99c7829f09a5c78c67ae0b713d3d91cb04d237d0367d97be12d496e7a1f6d673
                                                                                                                      • Instruction ID: f569387ff5019cb2757ed9bcc98c0036ef24ac529c62555690a2e1ffdc31eab4
                                                                                                                      • Opcode Fuzzy Hash: 99c7829f09a5c78c67ae0b713d3d91cb04d237d0367d97be12d496e7a1f6d673
                                                                                                                      • Instruction Fuzzy Hash: 7EC01265F0500387F7082339E8E626D11506F4A311F90C034E90EC26D2DD0CD8998700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Non-executed Functions

                                                                                                                      Function 00007FFA04AC4CF0 Relevance: 33.6, APIs: 11, Strings: 8, Instructions: 351stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: strspn$strncmp$strcspn
                                                                                                                      • String ID: $ $ ,$..\s\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Expecting: $Proc-Type:
                                                                                                                      • API String ID: 232339659-387852012
                                                                                                                      • Opcode ID: cdb6180bfdd474a00b40804c173568adf5c4176b07c75176ed43ab95955d923e
                                                                                                                      • Instruction ID: ad09c130b1d4caf4fd38bca27cb8adab30af1c840e5c6f1f8eed1cb93d4fc7e6
                                                                                                                      • Opcode Fuzzy Hash: cdb6180bfdd474a00b40804c173568adf5c4176b07c75176ed43ab95955d923e
                                                                                                                      • Instruction Fuzzy Hash: 5BF19925F1CA129AFB54DB72F4D02B923A1BB4AB88F508032DE4D57A95EF3CE546C740
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA0491322E Relevance: 21.3, APIs: 14, Instructions: 251fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide_errno$FileFind$ErrorFirstLastNextfreemallocmemset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3372420414-0
                                                                                                                      • Opcode ID: 3d8f240a4f90c780c6746068f38d3319f7b472bfe65928556dd2a935678a57e1
                                                                                                                      • Instruction ID: 369b367f71db8639cf0c9b7241ef19434703ba54fa5c2ad5508558526440e3bf
                                                                                                                      • Opcode Fuzzy Hash: 3d8f240a4f90c780c6746068f38d3319f7b472bfe65928556dd2a935678a57e1
                                                                                                                      • Instruction Fuzzy Hash: 7AB1B126A18B8286EB148F35E48427D77A4FB4ABA5F94C336DE5D43792EF3CD4918340
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04912671 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 168COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnvironmentVariable$ByteCharMultiWide
                                                                                                                      • String ID: .rnd$HOME$RANDFILE$SYSTEMROOT$USERPROFILE
                                                                                                                      • API String ID: 2184640988-1666712896
                                                                                                                      • Opcode ID: 9bdffb1b50c3161ebfeb316bcddf5aa0d76d079b0f97c82e6ecc90dc1062e570
                                                                                                                      • Instruction ID: 22dde97422661b1ea20e26845a222cd8b3069c9c89956b91dd45575e2f1f92c8
                                                                                                                      • Opcode Fuzzy Hash: 9bdffb1b50c3161ebfeb316bcddf5aa0d76d079b0f97c82e6ecc90dc1062e570
                                                                                                                      • Instruction Fuzzy Hash: 0261D226B19F8255EB148F35B89027A67A1FB5BBA4B58C231EE1E47BD4DF3DE0458300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7858E0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTempPathW.KERNEL32(?,00000000,?,00007FF69C7858AD), ref: 00007FF69C78597A
                                                                                                                      • GetCurrentProcessId.KERNEL32(?,00007FF69C7858AD), ref: 00007FF69C785980
                                                                                                                        • Part of subcall function 00007FF69C785AF0: GetEnvironmentVariableW.KERNEL32(00007FF69C782817,?,?,?,?,?,?), ref: 00007FF69C785B2A
                                                                                                                        • Part of subcall function 00007FF69C785AF0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF69C785B47
                                                                                                                        • Part of subcall function 00007FF69C796818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69C796831
                                                                                                                      • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF69C785A31
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Environment$Variable$CurrentExpandPathProcessStringsTemp_invalid_parameter_noinfo
                                                                                                                      • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                      • API String ID: 1556224225-1116378104
                                                                                                                      • Opcode ID: a44a740facdf1d92c96cc1d57dfc7a24484df9c802c516da767de91bd523a684
                                                                                                                      • Instruction ID: d196886341a172073c2c1c236493b01240bb6e7a1a32bf8cb622c584774ccf67
                                                                                                                      • Opcode Fuzzy Hash: a44a740facdf1d92c96cc1d57dfc7a24484df9c802c516da767de91bd523a684
                                                                                                                      • Instruction Fuzzy Hash: 92518120B0D64350FEB4A722A9D66FA52B1EF85BD0F8440B1EE0ECFB96ED2DE5014710
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04915A24 Relevance: 13.6, APIs: 9, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 313767242-0
                                                                                                                      • Opcode ID: a2d914222e0312e5cf461600ac8b059d6c61fa3806f1dd2a9609d900ee9212fe
                                                                                                                      • Instruction ID: 9dfe896d202e562773baf7687a27933b9aea42100d24a2453155f7b9bbd384cf
                                                                                                                      • Opcode Fuzzy Hash: a2d914222e0312e5cf461600ac8b059d6c61fa3806f1dd2a9609d900ee9212fe
                                                                                                                      • Instruction Fuzzy Hash: 40316E72A08B8195EB649F70F8803EE7364FB96748F44803ADA4E47B95DF38D588C704
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78AA2C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3140674995-0
                                                                                                                      • Opcode ID: 414c3b7d1a52ef3ba5408d69683659119c26abb58edcf35ad0cee906abb0d3fb
                                                                                                                      • Instruction ID: dd58bc1270c9152811ac3a304d3db1bc54cc28a3ce67e3fa7f7a7bef6b996a07
                                                                                                                      • Opcode Fuzzy Hash: 414c3b7d1a52ef3ba5408d69683659119c26abb58edcf35ad0cee906abb0d3fb
                                                                                                                      • Instruction Fuzzy Hash: 43315E72609A8296EB709F60E8807ED7375FB84754F444039DB4E8BA94DF3CD648CB10
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A4EA0 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A4EE5
                                                                                                                        • Part of subcall function 00007FF69C7A4838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69C7A484C
                                                                                                                        • Part of subcall function 00007FF69C799F78: HeapFree.KERNEL32(?,?,?,00007FF69C7A1EC2,?,?,?,00007FF69C7A1EFF,?,?,00000000,00007FF69C7A23C5,?,?,00000000,00007FF69C7A22F7), ref: 00007FF69C799F8E
                                                                                                                        • Part of subcall function 00007FF69C799F78: GetLastError.KERNEL32(?,?,?,00007FF69C7A1EC2,?,?,?,00007FF69C7A1EFF,?,?,00000000,00007FF69C7A23C5,?,?,00000000,00007FF69C7A22F7), ref: 00007FF69C799F98
                                                                                                                        • Part of subcall function 00007FF69C799F30: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF69C799F0F,?,?,?,?,?,00007FF69C791A40), ref: 00007FF69C799F39
                                                                                                                        • Part of subcall function 00007FF69C799F30: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF69C799F0F,?,?,?,?,?,00007FF69C791A40), ref: 00007FF69C799F5E
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A4ED4
                                                                                                                        • Part of subcall function 00007FF69C7A4898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69C7A48AC
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A514A
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A515B
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A516C
                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69C7A53AC), ref: 00007FF69C7A5193
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4070488512-0
                                                                                                                      • Opcode ID: 42879cf380970c3c1b3eb9a3c380a4b0868782278cc420caf8c8fe604d45ee6a
                                                                                                                      • Instruction ID: 94b2b4dbc2c588013fae559ef3538e055f73162f6f021218e6d176f215c85c32
                                                                                                                      • Opcode Fuzzy Hash: 42879cf380970c3c1b3eb9a3c380a4b0868782278cc420caf8c8fe604d45ee6a
                                                                                                                      • Instruction Fuzzy Hash: A9D1BC22E0864386EB74AF26E8905B96771FF947A4F459076EA0DCBB95DF3CE441C380
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C799C44 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1239891234-0
                                                                                                                      • Opcode ID: 5dfb057c3f1a11160ff10646ccc1b52b02cf652cbed9a545e94d4dbf2c44da7d
                                                                                                                      • Instruction ID: 141f4c855ec25e7530ae5a224d50e46508b5110c23623da87ba9947fa8bd2146
                                                                                                                      • Opcode Fuzzy Hash: 5dfb057c3f1a11160ff10646ccc1b52b02cf652cbed9a545e94d4dbf2c44da7d
                                                                                                                      • Instruction Fuzzy Hash: EB314132618B8296E770CF25E8806AE73B4FB847A4F540175EA9D87B54DF3CD655CB00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A0A34 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2227656907-0
                                                                                                                      • Opcode ID: 9f9ca1d73139302c1f8dadc28b774b2f708e59aaaf6a5032caa9291e182b955e
                                                                                                                      • Instruction ID: 527aff6bc488555b264279ba9a4ceb253eb778ea64495abcc813af2fd8193e8b
                                                                                                                      • Opcode Fuzzy Hash: 9f9ca1d73139302c1f8dadc28b774b2f708e59aaaf6a5032caa9291e182b955e
                                                                                                                      • Instruction Fuzzy Hash: 4BB1A222B1869381EB719B2599016B9A3B1EB84BF4F845971EA5F8FBC5DE3CE441C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A511C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A514A
                                                                                                                        • Part of subcall function 00007FF69C7A4898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69C7A48AC
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A515B
                                                                                                                        • Part of subcall function 00007FF69C7A4838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69C7A484C
                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF69C7A516C
                                                                                                                        • Part of subcall function 00007FF69C7A4868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF69C7A487C
                                                                                                                        • Part of subcall function 00007FF69C799F78: HeapFree.KERNEL32(?,?,?,00007FF69C7A1EC2,?,?,?,00007FF69C7A1EFF,?,?,00000000,00007FF69C7A23C5,?,?,00000000,00007FF69C7A22F7), ref: 00007FF69C799F8E
                                                                                                                        • Part of subcall function 00007FF69C799F78: GetLastError.KERNEL32(?,?,?,00007FF69C7A1EC2,?,?,?,00007FF69C7A1EFF,?,?,00000000,00007FF69C7A23C5,?,?,00000000,00007FF69C7A22F7), ref: 00007FF69C799F98
                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69C7A53AC), ref: 00007FF69C7A5193
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3458911817-0
                                                                                                                      • Opcode ID: 7e198542f45e47f797bfdedd3dcdeb77a56801e9e6762daf8462a5b391b5a0a3
                                                                                                                      • Instruction ID: 4c83dacb6ee478b4b08c11c95099450572934786ceb763c1360aeede3d4f3588
                                                                                                                      • Opcode Fuzzy Hash: 7e198542f45e47f797bfdedd3dcdeb77a56801e9e6762daf8462a5b391b5a0a3
                                                                                                                      • Instruction Fuzzy Hash: 10516B32A1864386F774DF22E8915B9A770FB98794F4091B6EA4DCBB96DF3CE4008740
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04C54458 Relevance: .3, Instructions: 279COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 21b4edca107f571abc5aa9c82b50ca336580ef9cf48ef2b2f8f04a9e2ca72e4d
                                                                                                                      • Instruction ID: a3be03ead8fa7080d77686de445e2d15fd9d0a0cd5e8513b785c693f0a940d86
                                                                                                                      • Opcode Fuzzy Hash: 21b4edca107f571abc5aa9c82b50ca336580ef9cf48ef2b2f8f04a9e2ca72e4d
                                                                                                                      • Instruction Fuzzy Hash: 52115E97E4D7C16AF76A077428E927C2F90EF63505B4D80B7CB8C872C3D90D28C9561A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04914246 Relevance: .0, Instructions: 33COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a46b17bfff405d911cbf0ed16f10332b4be66aad2a683c4b6cb6413eca26ac33
                                                                                                                      • Instruction ID: 19a26049dca176ed6b9d641e5efaa60cbb3a85de6cd96726e1f970628e8a6d26
                                                                                                                      • Opcode Fuzzy Hash: a46b17bfff405d911cbf0ed16f10332b4be66aad2a683c4b6cb6413eca26ac33
                                                                                                                      • Instruction Fuzzy Hash: CDF0E2723283E105CB95CB36B448FA92ED5A392BC8F22C030ED0CC3F44E92EC6118B80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04915731 Relevance: .0, Instructions: 22COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 47cb47f2231c500fe69675262d211844ffd3893697c7c00b0061ec7b87a542e7
                                                                                                                      • Instruction ID: 4f3366b4027d215117dc4475e9f8dc17b3f5e8c1e71d125a1963d4b8a8345acb
                                                                                                                      • Opcode Fuzzy Hash: 47cb47f2231c500fe69675262d211844ffd3893697c7c00b0061ec7b87a542e7
                                                                                                                      • Instruction Fuzzy Hash: 09E01AB67183B445D756CA362508E6A6ED4B716BC9F43C1309D0D83A85E92EDA118B80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA049132FB Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d97060366a19393a5f378523a58d3a9988204d3c9b3160ae50f75094774aa8b0
                                                                                                                      • Instruction ID: c5eec27e354d5fc88966ac459948f243886a76b2183464033d7a7672f5a983f9
                                                                                                                      • Opcode Fuzzy Hash: d97060366a19393a5f378523a58d3a9988204d3c9b3160ae50f75094774aa8b0
                                                                                                                      • Instruction Fuzzy Hash: 1CA002E8B14655296EA41371228977405032A4A3C68E2D970986D111445A1D61609190
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C782F20 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C782F36
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C782F75
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C782F9A
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C782FBF
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C782FE7
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C78300F
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C783037
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C78305F
                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF69C7822DE,?,?,?,?), ref: 00007FF69C783087
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc
                                                                                                                      • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                      • API String ID: 190572456-3109299426
                                                                                                                      • Opcode ID: 3d8788b48c699204fb620db4b6681a167f3e5177f9efbc96361098fa63709e71
                                                                                                                      • Instruction ID: 812d85f795bf98af3192a6102106c999bc46628bc88f04f8d4020d2389525e95
                                                                                                                      • Opcode Fuzzy Hash: 3d8788b48c699204fb620db4b6681a167f3e5177f9efbc96361098fa63709e71
                                                                                                                      • Instruction Fuzzy Hash: 61429964A0EB0391FB759B19A89057523B1EF987A1F8451B5C94E8E3A8FFBCF548D300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C784730 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                                                      • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                      • API String ID: 2238633743-1453502826
                                                                                                                      • Opcode ID: e0502fcf1b420640f725b5f986344d9b1d5f93aef03ede1fdd1d364c869fabcf
                                                                                                                      • Instruction ID: 1df2f5637ebe68a0ab7c2917195bc07d4f65725a065d493525a30e05c4177ee6
                                                                                                                      • Opcode Fuzzy Hash: e0502fcf1b420640f725b5f986344d9b1d5f93aef03ede1fdd1d364c869fabcf
                                                                                                                      • Instruction Fuzzy Hash: 39E1D664A4EB03A0FFB5DB15A89057523B9EF847A1F9450B1C90E8E3A4FF7CE6489350
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04AC41F0 Relevance: 49.7, APIs: 19, Strings: 14, Instructions: 223stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC4241
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC4258
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC426F
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC42A2
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC42EB
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC431F
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC4371
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC4384
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC439B
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC43AE
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC43C5
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC43D8
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC43EF
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC4402
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC4415
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC4428
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC443B
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC4487
                                                                                                                      • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFA04AC4E33,?,?,?,?,?,?,?,?,00007FFA04AC2E4B), ref: 00007FFA04AC44B2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: strcmp
                                                                                                                      • String ID: ANY PRIVATE KEY$CERTIFICATE$CERTIFICATE REQUEST$CMS$DH PARAMETERS$ENCRYPTED PRIVATE KEY$NEW CERTIFICATE REQUEST$PARAMETERS$PKCS #7 SIGNED DATA$PKCS7$PRIVATE KEY$TRUSTED CERTIFICATE$X509 CERTIFICATE$X9.42 DH PARAMETERS
                                                                                                                      • API String ID: 1004003707-1119032718
                                                                                                                      • Opcode ID: 5faaf54baf5283146832f0d94d5468780e9adc20c66d13194ea508598b332b28
                                                                                                                      • Instruction ID: 55b53346618ad298f90eb10a8a8dc9ac585c43f1382650c9d6712f8cd17f55f1
                                                                                                                      • Opcode Fuzzy Hash: 5faaf54baf5283146832f0d94d5468780e9adc20c66d13194ea508598b332b28
                                                                                                                      • Instruction Fuzzy Hash: A191A061E1C74741FE909735B6E13B86BD1BF5BB98FA4D131DD5E862C6EE1CE4028204
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04914E44 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 205registryfileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Event$FileSource$ByteCharDeregisterHandleMultiRegisterReportTypeWideWrite__stdio_common_vsprintf__stdio_common_vswprintf
                                                                                                                      • String ID: $OpenSSL$OpenSSL: FATAL$no stack?
                                                                                                                      • API String ID: 2603057392-2963566556
                                                                                                                      • Opcode ID: 75131406242315063b9eb8b61f751d263e868ede2efdb133bf2f38d68100ef13
                                                                                                                      • Instruction ID: 1be321a5cec9be9e7a172110df10779763e6673e260218cb81e99c8dbf690c69
                                                                                                                      • Opcode Fuzzy Hash: 75131406242315063b9eb8b61f751d263e868ede2efdb133bf2f38d68100ef13
                                                                                                                      • Instruction Fuzzy Hash: 0591C832A18B8295EB208F34F8941AD3760FB46795F508636EE5D07BA5EF3CE295C300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786BF0 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 113COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MultiByteToWideChar.KERNEL32 ref: 00007FF69C786C2C
                                                                                                                        • Part of subcall function 00007FF69C781CB0: GetLastError.KERNEL32(?,?,00000000,00007FF69C786904,?,?,?,?,?,?,?,?,?,?,?,00007FF69C781023), ref: 00007FF69C781CD7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharErrorLastMultiWide
                                                                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$WideCharToMultiByte$win32_utils_from_utf8$win32_wcs_to_mbs
                                                                                                                      • API String ID: 203985260-1562484376
                                                                                                                      • Opcode ID: 4738581143a7505b28abcd57c7c993806daa07168fe16da415c29e9b13c2df9d
                                                                                                                      • Instruction ID: aab28ed93c1552d7963066554f37fca52049163a1e58b71a6c7a47888677505d
                                                                                                                      • Opcode Fuzzy Hash: 4738581143a7505b28abcd57c7c993806daa07168fe16da415c29e9b13c2df9d
                                                                                                                      • Instruction Fuzzy Hash: 41419531A0CA4392EB30DB22AC8147A66B5EF84BE0F544575DA4DDFBA5EF3CE1018710
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04911C1C Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 267stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: strcmp$strncmp
                                                                                                                      • String ID: ..\s\crypto\asn1\asn_mime.c$application/pkcs7-mime$application/pkcs7-signature$application/x-pkcs7-mime$application/x-pkcs7-signature$boundary$content-type$multipart/signed$type:
                                                                                                                      • API String ID: 1244041713-3630080479
                                                                                                                      • Opcode ID: 4402babdf5a97c3aa5dced0622e991af631daa283e52cc8ca4ab059d2da87997
                                                                                                                      • Instruction ID: c1451c41f07d129357baa7fd5c0d79ae59f780ffc4f7d01be9516d95a93161b6
                                                                                                                      • Opcode Fuzzy Hash: 4402babdf5a97c3aa5dced0622e991af631daa283e52cc8ca4ab059d2da87997
                                                                                                                      • Instruction Fuzzy Hash: 89C15A69E0C64681FA24EB75B4826B96391BF4B7C4F84C036ED4D077A6EF3CE5458B04
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04911F69 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 135COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ..\s\crypto\rand\randfile.c$Filename=$i
                                                                                                                      • API String ID: 0-1799673945
                                                                                                                      • Opcode ID: a6f02dfeb70ef61c0ee9e9694ab8847aa61750c054584c333bcf1208030ac0cf
                                                                                                                      • Instruction ID: 1a17e5c65ccccd411486c183aea5fcaad4b066bba8efbe32013137e27cf2d9cb
                                                                                                                      • Opcode Fuzzy Hash: a6f02dfeb70ef61c0ee9e9694ab8847aa61750c054584c333bcf1208030ac0cf
                                                                                                                      • Instruction Fuzzy Hash: 33517D61A1CE4296F620AB71F8C06BA33A1FF87B81F508135DE4E4A695EF3DE5458740
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C781440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                      • API String ID: 0-666925554
                                                                                                                      • Opcode ID: d23745dbb29aacf55713ee76ee326d5d10be18b675361fcf35689298bd2de325
                                                                                                                      • Instruction ID: 4c94d35def0a009d1faccd2c0276ab7def22e32ed4fac8922470fc154cfa1be8
                                                                                                                      • Opcode Fuzzy Hash: d23745dbb29aacf55713ee76ee326d5d10be18b675361fcf35689298bd2de325
                                                                                                                      • Instruction Fuzzy Hash: 18516961B0864382EA309B21E494AB963B0EF85BE4F4545B1DE5DCF6D6EE3CE6458700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786A60 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                      • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                      • API String ID: 4998090-2855260032
                                                                                                                      • Opcode ID: e3ae2089cc123d46b594be8ff950cb64da25cc15db14cd9a57b660644dd56c7b
                                                                                                                      • Instruction ID: 9900d8a1313bdb661cd84358a3db4f2ca9bd4f79cdbb4d26980f259d1d7c0207
                                                                                                                      • Opcode Fuzzy Hash: e3ae2089cc123d46b594be8ff950cb64da25cc15db14cd9a57b660644dd56c7b
                                                                                                                      • Instruction Fuzzy Hash: D341723161C78392EB609F61E4846AE7371FB84BA4F540271EA5E8BAD5EF3CD549CB00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04917207 Relevance: 16.7, APIs: 4, Strings: 7, Instructions: 159stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: strchr
                                                                                                                      • String ID: ..\s\crypto\ocsp\ocsp_lib.c$/$/$443$[$http$https
                                                                                                                      • API String ID: 2830005266-535551730
                                                                                                                      • Opcode ID: 8209eae5f3730bba32479bddf96a5152b557427ea594da94681f58c3af32064b
                                                                                                                      • Instruction ID: 8e3fa88d7c9c08ed04a9eee77d0e9161b9833d65101955b41e8faa8569a9087a
                                                                                                                      • Opcode Fuzzy Hash: 8209eae5f3730bba32479bddf96a5152b557427ea594da94681f58c3af32064b
                                                                                                                      • Instruction Fuzzy Hash: A1617A26A1DB4691FA11DB31F4906792BA1BB8BB90F94C035DE4E07792EE3DE949C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA049123D3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindowwcsstr
                                                                                                                      • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                      • API String ID: 459917433-1672312481
                                                                                                                      • Opcode ID: 79db5ee4ce9dc6ccf9bd915a9b468d2fbd35849815718b4b7a41fc8616343fad
                                                                                                                      • Instruction ID: 3052d64164f94d0f49b964a863fcdd1b389bdab82dfcb1040ffa091cdbb2006b
                                                                                                                      • Opcode Fuzzy Hash: 79db5ee4ce9dc6ccf9bd915a9b468d2fbd35849815718b4b7a41fc8616343fad
                                                                                                                      • Instruction Fuzzy Hash: 0D414D22A15A825AEB649B34F8802A93390FF4A7B8F58C735ED7D467E4DF2CF1448200
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786670 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLastError.KERNEL32(WideCharToMultiByte,00007FF69C781CE4,?,?,00000000,00007FF69C786904), ref: 00007FF69C786697
                                                                                                                      • FormatMessageW.KERNEL32 ref: 00007FF69C7866C6
                                                                                                                      • WideCharToMultiByte.KERNEL32 ref: 00007FF69C78671C
                                                                                                                        • Part of subcall function 00007FF69C781CB0: GetLastError.KERNEL32(?,?,00000000,00007FF69C786904,?,?,?,?,?,?,?,?,?,?,?,00007FF69C781023), ref: 00007FF69C781CD7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast$ByteCharFormatMessageMultiWide
                                                                                                                      • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                      • API String ID: 2383786077-2573406579
                                                                                                                      • Opcode ID: ee4750cad08e904e569e44cd6da303e01fcfffc44399732fd87d74f29f2688a4
                                                                                                                      • Instruction ID: 18b264645dd52d94773c5ad3a2bc2e2a7a92fdee265db8bb7fd4f4d4a40c4e20
                                                                                                                      • Opcode Fuzzy Hash: ee4750cad08e904e569e44cd6da303e01fcfffc44399732fd87d74f29f2688a4
                                                                                                                      • Instruction Fuzzy Hash: E1218331A0CA43A2FB709B15E89467623B5FF88394F840175E64DCA6A4EF3CD149C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04A1CBA0 Relevance: 15.2, APIs: 1, Strings: 9, Instructions: 238stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: strncmp
                                                                                                                      • String ID: %-8d$, path=$, retcode=$, value=$..\s\crypto\conf\conf_mod.c$OPENSSL_finish$OPENSSL_init$module=$path
                                                                                                                      • API String ID: 1114863663-3652895664
                                                                                                                      • Opcode ID: b2c001a325ae34b3d97350ce1cd7c8b2c8457e73893b44b3ec4f25cc738f0474
                                                                                                                      • Instruction ID: b104e06198ceccd2d07aa647f71ea30857011aebbe70d755d721ae4a47c0652c
                                                                                                                      • Opcode Fuzzy Hash: b2c001a325ae34b3d97350ce1cd7c8b2c8457e73893b44b3ec4f25cc738f0474
                                                                                                                      • Instruction Fuzzy Hash: 15A17C65B1874295FA64AB32F9C06B92290BF4BBE0F548135DE0D4BBE5EF3CE9458300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78F5C8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID: f$f$p$p$f
                                                                                                                      • API String ID: 3215553584-1325933183
                                                                                                                      • Opcode ID: 5b8d5396a44c552a0cc4e48ad8092be8cf806d396b8c8f6251230df5f0eb9214
                                                                                                                      • Instruction ID: 3042a3751fd7459a79cad740adb2ca168590f3adbfbfb620ed28462de64a6650
                                                                                                                      • Opcode Fuzzy Hash: 5b8d5396a44c552a0cc4e48ad8092be8cf806d396b8c8f6251230df5f0eb9214
                                                                                                                      • Instruction Fuzzy Hash: 7D129462E0C14386FB309E25E094BBA7671FB40754F944976E799CB6C8DF7CE5808B11
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04911D48 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 99libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HandleModule$AddressProc
                                                                                                                      • String ID: OPENSSL_Applink$OPENSSL_Uplink(%p,%02X): $_ssl.pyd$_ssl_d.pyd
                                                                                                                      • API String ID: 1883125708-1130596517
                                                                                                                      • Opcode ID: f2636a76e782a0e1fa67e1c2fe2d0083f1ed94c4a280093996525d6ffba33d81
                                                                                                                      • Instruction ID: d53a5d457c3dd1f1ff8f4563be814727f93bc161071f50b2c3cc66e95d1d24b1
                                                                                                                      • Opcode Fuzzy Hash: f2636a76e782a0e1fa67e1c2fe2d0083f1ed94c4a280093996525d6ffba33d81
                                                                                                                      • Instruction Fuzzy Hash: 2451F021D08F8296F6159F38F98027873A0FB5B768B04DB36DD6C0A2A5EF3CE5818700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786130 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                      • String ID: CreateProcessW$Error creating child process!
                                                                                                                      • API String ID: 2895956056-3524285272
                                                                                                                      • Opcode ID: d5693698e4819ce5d510509d5cda6c943b390b1bcdb6e918232fd1435297541c
                                                                                                                      • Instruction ID: 3d713bc600958b09d4470e4c85b7c3ca3e2fcb28bfdac1884dc0d2d8e854d9a4
                                                                                                                      • Opcode Fuzzy Hash: d5693698e4819ce5d510509d5cda6c943b390b1bcdb6e918232fd1435297541c
                                                                                                                      • Instruction Fuzzy Hash: D5411F31A08B8391EB309B65E4952AAB3B4FB94370F504775E6AD8BBD5DF7CD1488B00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA0491377E Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 85stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: strcmpstrncmpstrtoul
                                                                                                                      • String ID: MASK:$default$nombstr$pkix$utf8only
                                                                                                                      • API String ID: 1175158921-3483942737
                                                                                                                      • Opcode ID: 0eb005829b5090700deec3fa77c1e89360f57b44948d3d3a333400b0d416245b
                                                                                                                      • Instruction ID: a9e559a9e1efdc7ba2a73852c730fc581554d335885529ca13575b6991018ae6
                                                                                                                      • Opcode Fuzzy Hash: 0eb005829b5090700deec3fa77c1e89360f57b44948d3d3a333400b0d416245b
                                                                                                                      • Instruction Fuzzy Hash: F63105A6A2C68196EB418B38F5C03B837A0FB47B90F44D132EF5E43691DE2CE491C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78CF90 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                      • String ID: csm$csm$csm
                                                                                                                      • API String ID: 849930591-393685449
                                                                                                                      • Opcode ID: c9717f7599358984fa081211ebe6d8e8a7f2fe77f13a54a703b9fcdffbee59eb
                                                                                                                      • Instruction ID: a89b70e430a07c297581378862369f3ef8d7a3d54256533101684abfb528ff45
                                                                                                                      • Opcode Fuzzy Hash: c9717f7599358984fa081211ebe6d8e8a7f2fe77f13a54a703b9fcdffbee59eb
                                                                                                                      • Instruction Fuzzy Hash: 73E16A72A087438AFB309B659480AAD77B0FB55B98F104175EF8D9BB95CF38E481C701
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7867C0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF69C781023), ref: 00007FF69C78685F
                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF69C781023), ref: 00007FF69C7868AF
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                      • API String ID: 626452242-27947307
                                                                                                                      • Opcode ID: 6005c3c3b021663ea81aa36166b0848140842be883a1b4f62739566592ce7020
                                                                                                                      • Instruction ID: 7f41e0e57442f04928d12c497a8012fe42e393c7feb885ae955c890bb6c2ae23
                                                                                                                      • Opcode Fuzzy Hash: 6005c3c3b021663ea81aa36166b0848140842be883a1b4f62739566592ce7020
                                                                                                                      • Instruction Fuzzy Hash: AC417E32A08B8396E730DF16B88056AABB5FB847A0F544175DB8D8BBA4DF3CD456C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786EC0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00007FF69C782D35,?,?,?,?,?,?), ref: 00007FF69C786F01
                                                                                                                        • Part of subcall function 00007FF69C781CB0: GetLastError.KERNEL32(?,?,00000000,00007FF69C786904,?,?,?,?,?,?,?,?,?,?,?,00007FF69C781023), ref: 00007FF69C781CD7
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00007FF69C782D35,?,?,?,?,?,?), ref: 00007FF69C786F75
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                      • API String ID: 1717984340-27947307
                                                                                                                      • Opcode ID: d869b65ad41923ea885775a182ffbbb4fa8a6a55f9429b012359a23964d7bd56
                                                                                                                      • Instruction ID: b8355c28e1d591ad2f1179950dda2ae31ae196e47da4995ad2f2be432c7e44dd
                                                                                                                      • Opcode Fuzzy Hash: d869b65ad41923ea885775a182ffbbb4fa8a6a55f9429b012359a23964d7bd56
                                                                                                                      • Instruction Fuzzy Hash: C8216921A18B43A5EB20DF16A881479BBB5EB84BA0F584275DB4DDB7A4EF3CE5158300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04B125B0 Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 190stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: memsetstrncpy
                                                                                                                      • String ID: , failure codes: $, status text: $..\s\crypto\ts\ts_rsp_verify.c$status code: $unknown code$unspecified
                                                                                                                      • API String ID: 388311670-2553778726
                                                                                                                      • Opcode ID: 39cd71dad31d408acf43d46d142f1453c6267406d7fc2ff5f829c7621710fe6b
                                                                                                                      • Instruction ID: d0e13cda5337887a94d377f290f0d055d9089287fe95cfb57ab43c47698bab75
                                                                                                                      • Opcode Fuzzy Hash: 39cd71dad31d408acf43d46d142f1453c6267406d7fc2ff5f829c7621710fe6b
                                                                                                                      • Instruction Fuzzy Hash: 8D816E25A0C68686EB649B31F4803BA77A0FF87B80F858075DE4D577A5EF3DE5458700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7993C4 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID: f$p$p
                                                                                                                      • API String ID: 3215553584-1995029353
                                                                                                                      • Opcode ID: d478605e8072a694eb9a9d804e4987f1596106984b5661be3eee2fb972e34d58
                                                                                                                      • Instruction ID: f7f7b326f2eaec01e09b2ef61e5e65ad4d6f14f7106e0c2a15c85462c032057a
                                                                                                                      • Opcode Fuzzy Hash: d478605e8072a694eb9a9d804e4987f1596106984b5661be3eee2fb972e34d58
                                                                                                                      • Instruction Fuzzy Hash: 70129262E0C14386FB349B16E1546BAB6B1FB80754F984175E69E8B7C8DF3DE580CB10
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786FB0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                      • API String ID: 626452242-876015163
                                                                                                                      • Opcode ID: 15182e71835fbe62ed04ed96ffee69818c29c72be0e860e28e8d56ff05f5ea04
                                                                                                                      • Instruction ID: fa81b57c7693e4b0edbf879722dca2600d5b343967968af623eac293e9e248db
                                                                                                                      • Opcode Fuzzy Hash: 15182e71835fbe62ed04ed96ffee69818c29c72be0e860e28e8d56ff05f5ea04
                                                                                                                      • Instruction Fuzzy Hash: B7416232A1CB4392E670DF15A89057A66B5FB84790F544175EF4E8BBA4EF3CD452C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04912E4B Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 91COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnvironmentVariable
                                                                                                                      • String ID: OPENSSL_ia32cap$~$~$~$~
                                                                                                                      • API String ID: 1431749950-1981414212
                                                                                                                      • Opcode ID: cf480c52fdec152708fcec39c4b82c05f8550ca0c57a004c4734a86e6d7d47de
                                                                                                                      • Instruction ID: 865c446088d1f6ef3a796fd82aa98b983f3d573a5df8bb78a9c09a736ccda66b
                                                                                                                      • Opcode Fuzzy Hash: cf480c52fdec152708fcec39c4b82c05f8550ca0c57a004c4734a86e6d7d47de
                                                                                                                      • Instruction Fuzzy Hash: 6E417A24E1D653AAE7109B21B4C02BA32A0FB5A7D1F94C136ED5E47AA4EF3CF481C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7855E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00007FF69C786DB0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF69C786DEA
                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF69C78592F,?,00000000,?,TokenIntegrityLevel), ref: 00007FF69C78563F
                                                                                                                      Strings
                                                                                                                      • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF69C785616
                                                                                                                      • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF69C785653
                                                                                                                      • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF69C78569A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                                                                      • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                      • API String ID: 2001182103-3498232454
                                                                                                                      • Opcode ID: 1f426a93b6cac929cbf670ac030889d357a0e2c62746adcecc4bd95078451b9f
                                                                                                                      • Instruction ID: 0f727a603e48187ea96aa6adf0c5135f06e773f8889cf4704b9a31a6aaef1533
                                                                                                                      • Opcode Fuzzy Hash: 1f426a93b6cac929cbf670ac030889d357a0e2c62746adcecc4bd95078451b9f
                                                                                                                      • Instruction Fuzzy Hash: 5131A151B1878391FE74E721A9957FA62B1EF987D0F8440B1DB0ECA7CAEE2CE1048700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78C248 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF69C78C4FA,?,?,?,00007FF69C78C1EC,?,?,00000001,00007FF69C78BE09), ref: 00007FF69C78C2CD
                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF69C78C4FA,?,?,?,00007FF69C78C1EC,?,?,00000001,00007FF69C78BE09), ref: 00007FF69C78C2DB
                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF69C78C4FA,?,?,?,00007FF69C78C1EC,?,?,00000001,00007FF69C78BE09), ref: 00007FF69C78C305
                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF69C78C4FA,?,?,?,00007FF69C78C1EC,?,?,00000001,00007FF69C78BE09), ref: 00007FF69C78C34B
                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF69C78C4FA,?,?,?,00007FF69C78C1EC,?,?,00000001,00007FF69C78BE09), ref: 00007FF69C78C357
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                      • String ID: api-ms-
                                                                                                                      • API String ID: 2559590344-2084034818
                                                                                                                      • Opcode ID: 9ce77a0163c425c367fd7c26c9c82fe5a817cd2dfec158d19dd861a4531b58f3
                                                                                                                      • Instruction ID: 695446846950c36980bdaa6a75cbe7a4dbe1d970861576f7db693a9b32d94da4
                                                                                                                      • Opcode Fuzzy Hash: 9ce77a0163c425c367fd7c26c9c82fe5a817cd2dfec158d19dd861a4531b58f3
                                                                                                                      • Instruction Fuzzy Hash: EE31A221A1AA4381EE729B03A88097933B4FF49BA0F594575DF1DCE794EF3CE4468701
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA049139BD Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _chmod_stat64i32fclosefwrite
                                                                                                                      • String ID: ..\s\crypto\rand\randfile.c$Filename=
                                                                                                                      • API String ID: 4260490851-2201148535
                                                                                                                      • Opcode ID: 6f88aa77b3787b65bf21e9a5eb4250f5c66180b7d9e03cb661efe32528626253
                                                                                                                      • Instruction ID: 82418e289a3c0860f2e2d2622b263f6329b3554058e737d0a9f62415fe8afb09
                                                                                                                      • Opcode Fuzzy Hash: 6f88aa77b3787b65bf21e9a5eb4250f5c66180b7d9e03cb661efe32528626253
                                                                                                                      • Instruction Fuzzy Hash: 2A319C61A1CA4296FA20DB71F8C03AA7360FF8B784F508136DE1E076A5EF3CE5448704
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C786DB0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF69C786DEA
                                                                                                                        • Part of subcall function 00007FF69C781CB0: GetLastError.KERNEL32(?,?,00000000,00007FF69C786904,?,?,?,?,?,?,?,?,?,?,?,00007FF69C781023), ref: 00007FF69C781CD7
                                                                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF69C786E70
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                      • API String ID: 1717984340-876015163
                                                                                                                      • Opcode ID: 7f54e5da8ee4cb54e1cd0e604769d215f15cea2374718bc11fd99751b49c0007
                                                                                                                      • Instruction ID: 773d328be5bb8a7d1884ea5e4ce3dce83d5b03a8b501ceb34cddba7b2c6b0298
                                                                                                                      • Opcode Fuzzy Hash: 7f54e5da8ee4cb54e1cd0e604769d215f15cea2374718bc11fd99751b49c0007
                                                                                                                      • Instruction Fuzzy Hash: EE219421B0CA4392EB60CB29F84016AA7B5FF847D4F584171DB4CDBBA9EF2DD5518700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79A780 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F,?,?,?,00007FF69C799473), ref: 00007FF69C79A78F
                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F,?,?,?,00007FF69C799473), ref: 00007FF69C79A7A4
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F,?,?,?,00007FF69C799473), ref: 00007FF69C79A7C5
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F,?,?,?,00007FF69C799473), ref: 00007FF69C79A7F2
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F,?,?,?,00007FF69C799473), ref: 00007FF69C79A803
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F,?,?,?,00007FF69C799473), ref: 00007FF69C79A814
                                                                                                                      • SetLastError.KERNEL32(?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F,?,?,?,00007FF69C799473), ref: 00007FF69C79A82F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2506987500-0
                                                                                                                      • Opcode ID: 18f3002092cfe72e97dbd1152696bac8a013db82aebdf5a8fd3e30e3113208b9
                                                                                                                      • Instruction ID: 945c0c4ba0a8070e4c1519bec8a0d23a0843dad74a1f7d14b573633526b7094f
                                                                                                                      • Opcode Fuzzy Hash: 18f3002092cfe72e97dbd1152696bac8a013db82aebdf5a8fd3e30e3113208b9
                                                                                                                      • Instruction Fuzzy Hash: 73214928E0A64342FA79A372554257A62B2DF447F0F1447B4E93ECFBCADE2CA5424601
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A70EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                      • String ID: CONOUT$
                                                                                                                      • API String ID: 3230265001-3130406586
                                                                                                                      • Opcode ID: 900c1da012dee1dfb60ea43974335527b3f6c3b56b4e810762f126343bdfd55c
                                                                                                                      • Instruction ID: 8105b47e434e6fdb60564a30745cad324afa14decacf60b70fa986c83ac4cbcd
                                                                                                                      • Opcode Fuzzy Hash: 900c1da012dee1dfb60ea43974335527b3f6c3b56b4e810762f126343bdfd55c
                                                                                                                      • Instruction Fuzzy Hash: DB116D22B18A4386F7608B52E85432A63B5FBD8BF4F044274EA5ECB794DF7CD9048B40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79A8F8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF69C796091,?,?,?,?,00007FF69C79DF1F,?,?,00000000,00007FF69C79AA16,?,?,?), ref: 00007FF69C79A907
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C796091,?,?,?,?,00007FF69C79DF1F,?,?,00000000,00007FF69C79AA16,?,?,?), ref: 00007FF69C79A93D
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C796091,?,?,?,?,00007FF69C79DF1F,?,?,00000000,00007FF69C79AA16,?,?,?), ref: 00007FF69C79A96A
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C796091,?,?,?,?,00007FF69C79DF1F,?,?,00000000,00007FF69C79AA16,?,?,?), ref: 00007FF69C79A97B
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C796091,?,?,?,?,00007FF69C79DF1F,?,?,00000000,00007FF69C79AA16,?,?,?), ref: 00007FF69C79A98C
                                                                                                                      • SetLastError.KERNEL32(?,?,?,00007FF69C796091,?,?,?,?,00007FF69C79DF1F,?,?,00000000,00007FF69C79AA16,?,?,?), ref: 00007FF69C79A9A7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2506987500-0
                                                                                                                      • Opcode ID: d32a125ae759e39c7b8e4d5e6f0b4fb50da111d566cec233ea9a1091c6451b16
                                                                                                                      • Instruction ID: 713c2e6ddee4a4ef0360ffd0b782da6083df769e1edc38ac99886e0f12bfc99e
                                                                                                                      • Opcode Fuzzy Hash: d32a125ae759e39c7b8e4d5e6f0b4fb50da111d566cec233ea9a1091c6451b16
                                                                                                                      • Instruction Fuzzy Hash: 0311A928B0E60342FA74A322958113E66B2EF857F0F1587B4E86ECF7DADE2CE5404201
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78BC08 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                      • String ID: csm$f
                                                                                                                      • API String ID: 2395640692-629598281
                                                                                                                      • Opcode ID: e4cc0f9b1589dd73a5d4f416534ce71b9b3e94dd2aede877d85d93aa73312820
                                                                                                                      • Instruction ID: 62379d6ededb6ceabdd41a0ae9d44b20d92b405c4e54963a93525878d07127d6
                                                                                                                      • Opcode Fuzzy Hash: e4cc0f9b1589dd73a5d4f416534ce71b9b3e94dd2aede877d85d93aa73312820
                                                                                                                      • Instruction Fuzzy Hash: C351A132A196039AEB34CF15E884E7937B5FB44B88F5481B0DB5E8B788DF38E8418710
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C798A40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                      • Opcode ID: 78a1a69aac29132cf000f84d0d5f993c26bceca4d1e4e1c3cfa2e89eec15c9a9
                                                                                                                      • Instruction ID: a7e096e0638b4bdddda5ab292ba089c14d9e4a3198cec82ed530b6cab724512f
                                                                                                                      • Opcode Fuzzy Hash: 78a1a69aac29132cf000f84d0d5f993c26bceca4d1e4e1c3cfa2e89eec15c9a9
                                                                                                                      • Instruction Fuzzy Hash: 5AF06D21A09B0382EB308B25E84437A6370FF897B1F544679CA6E8D2E4DF2DD588C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04911064 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: memmovestrncpy
                                                                                                                      • String ID: ..\s\crypto\x509\x509_obj.c$0123456789ABCDEF$NO X509_NAME
                                                                                                                      • API String ID: 3054264757-3422593365
                                                                                                                      • Opcode ID: 98ecf5c9d8545d32cde30c32ae29478d074958ef4f694f834b457a1a01604372
                                                                                                                      • Instruction ID: 8fd09449878f39f584bb2fe7693ce2a7ae49ae535ee268ecdb366c09e1b52ed2
                                                                                                                      • Opcode Fuzzy Hash: 98ecf5c9d8545d32cde30c32ae29478d074958ef4f694f834b457a1a01604372
                                                                                                                      • Instruction Fuzzy Hash: 5FB1D366A0868686EB108B3AF5C037AB790FB9B784F18C135DE8D47799DF7CE4468700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA0491158C Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 131COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: memchr
                                                                                                                      • String ID: ..\s\crypto\x509v3\v3_utl.c$E$FALSE$TRUE
                                                                                                                      • API String ID: 3297308162-1433594941
                                                                                                                      • Opcode ID: 1138ef5b296fe60377b5a7d11e77cc735befd3a97223ed11516b4f42105e1e84
                                                                                                                      • Instruction ID: 11401a69b1b1ad371dcf4c724653d9b223172c3482383ab2f667f0e97534ca53
                                                                                                                      • Opcode Fuzzy Hash: 1138ef5b296fe60377b5a7d11e77cc735befd3a97223ed11516b4f42105e1e84
                                                                                                                      • Instruction Fuzzy Hash: DA518A26F0AA4295FA51EB76F8803A9A2A0BF4B780F84C435DE8D47795DF3CE5528304
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A8824 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _set_statfp
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1156100317-0
                                                                                                                      • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                      • Instruction ID: cf4ced90179fe206244ecb4af485f2d745637c581cb7d84b39cfa55a9ee04594
                                                                                                                      • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                      • Instruction Fuzzy Hash: 5E114F36E68A1307F77C112AD8453755571EFD83B4E8906B8E96ECE6DBCE2CE8414101
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79A9C0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF69C799BD3,?,?,00000000,00007FF69C799E6E,?,?,?,?,?,00007FF69C791A40), ref: 00007FF69C79A9DF
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C799BD3,?,?,00000000,00007FF69C799E6E,?,?,?,?,?,00007FF69C791A40), ref: 00007FF69C79A9FE
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C799BD3,?,?,00000000,00007FF69C799E6E,?,?,?,?,?,00007FF69C791A40), ref: 00007FF69C79AA26
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C799BD3,?,?,00000000,00007FF69C799E6E,?,?,?,?,?,00007FF69C791A40), ref: 00007FF69C79AA37
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF69C799BD3,?,?,00000000,00007FF69C799E6E,?,?,?,?,?,00007FF69C791A40), ref: 00007FF69C79AA48
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Value
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3702945584-0
                                                                                                                      • Opcode ID: d6cb894fe020b95276eac345b1733748ad609d2d97d3b86b730f5eb00f1e0c18
                                                                                                                      • Instruction ID: 305f24f514f4a299c2e7c2ff7f27e1bdd410e8d330957ab3a72e3a1861d191f2
                                                                                                                      • Opcode Fuzzy Hash: d6cb894fe020b95276eac345b1733748ad609d2d97d3b86b730f5eb00f1e0c18
                                                                                                                      • Instruction Fuzzy Hash: C2115124F09A0342FA7853655681179A272EF547F0F1493B4E83ECF7DADE2CF9414601
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79A854 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F), ref: 00007FF69C79A865
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F), ref: 00007FF69C79A884
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F), ref: 00007FF69C79A8AC
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F), ref: 00007FF69C79A8BD
                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF69C7A24B3,?,?,?,00007FF69C79CCEC,?,?,00000000,00007FF69C79386F), ref: 00007FF69C79A8CE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Value
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3702945584-0
                                                                                                                      • Opcode ID: 5454554fca8674492c2962385ed37bd16f798094e248208d99da590e8ffc9404
                                                                                                                      • Instruction ID: dca853f33e46c2f1767b836e95d25298c5897d84791c604454bd6a15bb8f95d5
                                                                                                                      • Opcode Fuzzy Hash: 5454554fca8674492c2962385ed37bd16f798094e248208d99da590e8ffc9404
                                                                                                                      • Instruction Fuzzy Hash: 42111B28F0A60741F9B96376445297A1272CF553B0F2847B4E93ECE3D6EE2CB5434242
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79F218 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                      • API String ID: 3215553584-1196891531
                                                                                                                      • Opcode ID: fa9c2c0b9e0b51f4f192ae3b8b8b95ed4a793ff286fdede4dba764f85164dfb1
                                                                                                                      • Instruction ID: f83ea21ae3553c48e6fb6f3936923fe905c08252f41daf9b75fedac02ccb37ab
                                                                                                                      • Opcode Fuzzy Hash: fa9c2c0b9e0b51f4f192ae3b8b8b95ed4a793ff286fdede4dba764f85164dfb1
                                                                                                                      • Instruction Fuzzy Hash: 82816B72E08A0389FBB48F29C15127C26B0EB11B88F5588B6DA0DDF695DF3DE9419705
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78D468 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CallEncodePointerTranslator
                                                                                                                      • String ID: MOC$RCC
                                                                                                                      • API String ID: 3544855599-2084237596
                                                                                                                      • Opcode ID: f09742bcba9082defbae069630545238114b431a0e4fd7be58dd8469a5d7fef1
                                                                                                                      • Instruction ID: 0a43572af28a39332c3394b6bf140601081d59775eb1873446e3fe2844cacbfc
                                                                                                                      • Opcode Fuzzy Hash: f09742bcba9082defbae069630545238114b431a0e4fd7be58dd8469a5d7fef1
                                                                                                                      • Instruction Fuzzy Hash: C0615A32A08A468AE720CF65E4807AD77B0FB54B8CF144266EF4D5BB99DF38E555C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78D7C4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                      • String ID: csm$csm
                                                                                                                      • API String ID: 3896166516-3733052814
                                                                                                                      • Opcode ID: a3990994d2fbb822c09bdc2a35b5fa2b647080e9aebb1a5b00e12dffe7bfe986
                                                                                                                      • Instruction ID: 775cd94c1199a2eebdf8c4f1b18ba06e30e2c7315be025dd9e30e1e7f40163f2
                                                                                                                      • Opcode Fuzzy Hash: a3990994d2fbb822c09bdc2a35b5fa2b647080e9aebb1a5b00e12dffe7bfe986
                                                                                                                      • Instruction Fuzzy Hash: ED517E329086838BFB748B169588B687BB1FB65B94F1441B6DB9CCBA95CF3CE450C701
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04914E9E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: BIO[%p]: $bio callback - unknown type (%d)
                                                                                                                      • API String ID: 0-3830480438
                                                                                                                      • Opcode ID: 76b22bc3b440f725fb9f88c8a8d155368ed9d030df80797cf3a92c7b727f3807
                                                                                                                      • Instruction ID: 90a2208bd83d920b54c0f652356a7aad64589cc514fcd89b9741036f11469f1a
                                                                                                                      • Opcode Fuzzy Hash: 76b22bc3b440f725fb9f88c8a8d155368ed9d030df80797cf3a92c7b727f3807
                                                                                                                      • Instruction Fuzzy Hash: CE31D466B08A8156F7119B75B8C07BA6A60BF8B7C4F44C036EF0E837A5DE3CE485C600
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04913846 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ..\s\crypto\bio\b_sock.c$J$host=
                                                                                                                      • API String ID: 0-1729655730
                                                                                                                      • Opcode ID: 941f2fbceea9f6781c3ad95e534017a9b341198856a0048fa999bb3705f921b3
                                                                                                                      • Instruction ID: 355c38cc981ba0fd052750c3a8e6c0e2eb47390384bded3e7c93049ea66fdbd8
                                                                                                                      • Opcode Fuzzy Hash: 941f2fbceea9f6781c3ad95e534017a9b341198856a0048fa999bb3705f921b3
                                                                                                                      • Instruction Fuzzy Hash: AC31706AA08A4282EB10EB75F48116EA360FB8A7D4F404435EF4D47BAADF7DD545CB04
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C782CD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleFileNameW.KERNEL32(?,00007FF69C7827C9,?,?,?,?,?,?), ref: 00007FF69C782D01
                                                                                                                        • Part of subcall function 00007FF69C781CB0: GetLastError.KERNEL32(?,?,00000000,00007FF69C786904,?,?,?,?,?,?,?,?,?,?,?,00007FF69C781023), ref: 00007FF69C781CD7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorFileLastModuleName
                                                                                                                      • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                      • API String ID: 2776309574-1977442011
                                                                                                                      • Opcode ID: fa74f7d49a5bba7cfca93e60cd70646f34d32484488c9266ff3ae070a385e0ea
                                                                                                                      • Instruction ID: f28c9059042fa1a9d6186a5a71bb76328b74b9f945189be5c96326d450e6c853
                                                                                                                      • Opcode Fuzzy Hash: fa74f7d49a5bba7cfca93e60cd70646f34d32484488c9266ff3ae070a385e0ea
                                                                                                                      • Instruction Fuzzy Hash: C1016761F1C64391FB719720D8967B51271EF587D5F4000B2DA4DCE696EE1CE3448B10
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04B39C10 Relevance: 6.5, APIs: 5, Instructions: 232COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: memcmp
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1475443563-0
                                                                                                                      • Opcode ID: ca894cce3bd78d2642ea1bcb458eb66fcd1cc6eb7eacde8df9891b13e2823d55
                                                                                                                      • Instruction ID: 6f8e9d651c3c8197555c990f42d2eff747577cb77c77d69e0ebfd8d48cc79c03
                                                                                                                      • Opcode Fuzzy Hash: ca894cce3bd78d2642ea1bcb458eb66fcd1cc6eb7eacde8df9891b13e2823d55
                                                                                                                      • Instruction Fuzzy Hash: BA916CA2B0865385FB109B77E9C16B963A5FB477C9F40D032DE0D9BA99EE78F4458300
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79BBD0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2718003287-0
                                                                                                                      • Opcode ID: 47f9f7c1e3185106a498671fedee26090088e719dd8e44b73d57f810765c87d4
                                                                                                                      • Instruction ID: 51a4103cf263da92c7f758f83134d3bcc0b6961bc0a408c4ecfcdc82875dc75d
                                                                                                                      • Opcode Fuzzy Hash: 47f9f7c1e3185106a498671fedee26090088e719dd8e44b73d57f810765c87d4
                                                                                                                      • Instruction Fuzzy Hash: D1D1EF72B18A8289EB20CF69D4402AC37B5FB54BD8F104276DE5E9BBD9DE38D416C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04913832 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 226COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )$..\s\crypto\evp\p5_crpt.c
                                                                                                                      • API String ID: 0-3563398421
                                                                                                                      • Opcode ID: 3447cb7305a06ee0e73fa9c8685d2ef131f742793ef80daca158727beab2407e
                                                                                                                      • Instruction ID: cd296eec1ce6fbe13b4b85648e1037ba1aa4fdbca25cb1e88f65c920f46ee65d
                                                                                                                      • Opcode Fuzzy Hash: 3447cb7305a06ee0e73fa9c8685d2ef131f742793ef80daca158727beab2407e
                                                                                                                      • Instruction Fuzzy Hash: 65917266A2C68386EB60DB35F4816BA63A0FF867C0F54C132EE5D47A95DF3CE9458700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79E95C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _get_daylight$_isindst
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4170891091-0
                                                                                                                      • Opcode ID: 993f4cb53d01987759aa9ab87d439edc94425a62c6450610c4994d1423bcdf7f
                                                                                                                      • Instruction ID: 737130feb984716d3935bcb61e6769aca781d8bd6de67c4c855c3c4c4b24b1f4
                                                                                                                      • Opcode Fuzzy Hash: 993f4cb53d01987759aa9ab87d439edc94425a62c6450610c4994d1423bcdf7f
                                                                                                                      • Instruction Fuzzy Hash: 2B51D772F046138AFB38CF249955ABC67B1FB513A9F640175DD1E9AAE5EF38A401C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79483C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2780335769-0
                                                                                                                      • Opcode ID: 1291a0862dc251a0f1dda952d285f4a36c3dc69b0fb142e3468d3d288eb0a289
                                                                                                                      • Instruction ID: 0c03340af403493be60365e1ff8131f7c7eba15252cc720c37263a79877a728e
                                                                                                                      • Opcode Fuzzy Hash: 1291a0862dc251a0f1dda952d285f4a36c3dc69b0fb142e3468d3d288eb0a289
                                                                                                                      • Instruction Fuzzy Hash: 1A517A32E086428AFB60DF71D4513BD27B1EB48BA8F108175DE4D9B689DF38D4818764
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04911C76 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 57stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: strcmp
                                                                                                                      • String ID: ..\s\crypto\pem\pem_pkey.c$DH PARAMETERS$X9.42 DH PARAMETERS
                                                                                                                      • API String ID: 1004003707-3633731555
                                                                                                                      • Opcode ID: cde1f461eecae850271a1f819954f4aaec1b1493597ec814a2443f0875c5bd28
                                                                                                                      • Instruction ID: 69fe0efa8f883e984b0f5dc8c286f0cd2d088afb6019dd7c884f1766eb9787c7
                                                                                                                      • Opcode Fuzzy Hash: cde1f461eecae850271a1f819954f4aaec1b1493597ec814a2443f0875c5bd28
                                                                                                                      • Instruction Fuzzy Hash: D0217465A0CA4681EA50EB75F4C02AAA3A0FF867D4F508435EE8C47765EF7DE145CB00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA0491440D Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: memmovememset
                                                                                                                      • String ID: $$..\s\crypto\rsa\rsa_none.c
                                                                                                                      • API String ID: 1288253900-779172340
                                                                                                                      • Opcode ID: de5f583c7a3756590fc2426c2a0cc6b33ad44590f8bf8e756a1bf535920b5d69
                                                                                                                      • Instruction ID: d5827f9dffe51e16f10e6240cd39ffb8c6342ed9fe7796f08c066ee660756298
                                                                                                                      • Opcode Fuzzy Hash: de5f583c7a3756590fc2426c2a0cc6b33ad44590f8bf8e756a1bf535920b5d69
                                                                                                                      • Instruction Fuzzy Hash: 7B019E21B1824286E610DF36B9C4069B361FB867D0F58C534FF5C47BAADE3CD5028700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04916A23 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 330COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ..\s\crypto\engine\eng_ctrl.c$b
                                                                                                                      • API String ID: 0-1836817417
                                                                                                                      • Opcode ID: 2f64efd3c35e40f30812e63d939679b1a2fc46fb0eca14743626378916f2d28d
                                                                                                                      • Instruction ID: 9f6b38e5fb4088fb5465f0d7ae8a42ce998787e0efa5668dd12ea525cae6eb8d
                                                                                                                      • Opcode Fuzzy Hash: 2f64efd3c35e40f30812e63d939679b1a2fc46fb0eca14743626378916f2d28d
                                                                                                                      • Instruction Fuzzy Hash: 0CE16932B2864282F6348F72F8C47BA26A1BB86784F648135DE8D07B95DF3DE9458704
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C7A4DBC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                      • String ID: ?
                                                                                                                      • API String ID: 1286766494-1684325040
                                                                                                                      • Opcode ID: 4229e5f7fe21a2344ef9f10fc1703e3254f403fa20c69332239e4488e93ed929
                                                                                                                      • Instruction ID: 1b617bb377a2dc3fff536e46d37011f2a9a313a99b368312aa738e08aa9ec96b
                                                                                                                      • Opcode Fuzzy Hash: 4229e5f7fe21a2344ef9f10fc1703e3254f403fa20c69332239e4488e93ed929
                                                                                                                      • Instruction Fuzzy Hash: 91412222A0C28342FB758B26E40137AA674EBC0BB4F149275EE5C8BAD9DF3DD441C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04912748 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 118COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _time64
                                                                                                                      • String ID: %02d%02d%02d%02d%02d%02dZ$%04d%02d%02d%02d%02d%02dZ
                                                                                                                      • API String ID: 1670930206-2648760357
                                                                                                                      • Opcode ID: 4f01d9f861e9c6c8f70647b046dc82b808f72db07d97631f436a9c698cc874c8
                                                                                                                      • Instruction ID: 22a6414751c9536ab05f0c070b1e968b910d8c7bd7cd6db5fc10125ebd7802b2
                                                                                                                      • Opcode Fuzzy Hash: 4f01d9f861e9c6c8f70647b046dc82b808f72db07d97631f436a9c698cc874c8
                                                                                                                      • Instruction Fuzzy Hash: 9F516576A1C7818AE760DF75F58026AB7A0FB8A780F448135EE8D87B59DF3CE4408B40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04911613 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: getaddrinfo
                                                                                                                      • String ID: ..\s\crypto\bio\b_addr.c
                                                                                                                      • API String ID: 300660673-2547254400
                                                                                                                      • Opcode ID: a2c99f71c7972fb3b7ba828c59694e00382d0b8ec626129309ba30accd8ab733
                                                                                                                      • Instruction ID: 27dd89ed3d9aec6af68d3721128c8200536fe860b867b2f108ae951059bfe579
                                                                                                                      • Opcode Fuzzy Hash: a2c99f71c7972fb3b7ba828c59694e00382d0b8ec626129309ba30accd8ab733
                                                                                                                      • Instruction Fuzzy Hash: 67419376A18A8287E750DF76B8806BA7750FB86780F508135EE8D47B99DF3CE845CB40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C797FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF69C798002
                                                                                                                        • Part of subcall function 00007FF69C799F78: HeapFree.KERNEL32(?,?,?,00007FF69C7A1EC2,?,?,?,00007FF69C7A1EFF,?,?,00000000,00007FF69C7A23C5,?,?,00000000,00007FF69C7A22F7), ref: 00007FF69C799F8E
                                                                                                                        • Part of subcall function 00007FF69C799F78: GetLastError.KERNEL32(?,?,?,00007FF69C7A1EC2,?,?,?,00007FF69C7A1EFF,?,?,00000000,00007FF69C7A23C5,?,?,00000000,00007FF69C7A22F7), ref: 00007FF69C799F98
                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF69C78A485), ref: 00007FF69C798020
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                      • String ID: C:\Users\user\Desktop\yk2Eh24FDd.exe
                                                                                                                      • API String ID: 3580290477-2036403294
                                                                                                                      • Opcode ID: 83176ff4db4dd0536c3ddf35c800fe3e17928d2d4ec44ff73abd72510ae6e28f
                                                                                                                      • Instruction ID: 0e3a8ad85c4a4e9380b5d05808d319c8a59c0cd83370ab0029a33f79cec702ca
                                                                                                                      • Opcode Fuzzy Hash: 83176ff4db4dd0536c3ddf35c800fe3e17928d2d4ec44ff73abd72510ae6e28f
                                                                                                                      • Instruction Fuzzy Hash: 4B415932A48B1386EB24DF25D8810BD67B5EB44BD4F54407AEA4E8BB95DF3DE4918340
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79C268 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                      • String ID: U
                                                                                                                      • API String ID: 442123175-4171548499
                                                                                                                      • Opcode ID: 3868b3aae24abb70b6c7ced641cfa87b6d54125405e373b4c87f7bfc476be08b
                                                                                                                      • Instruction ID: fc404df42f8aa4813edb3bb89244fb06482bb987749903460aeb9807dda4e120
                                                                                                                      • Opcode Fuzzy Hash: 3868b3aae24abb70b6c7ced641cfa87b6d54125405e373b4c87f7bfc476be08b
                                                                                                                      • Instruction Fuzzy Hash: 7A41A222A18A8285EB20CF65E8443AA77B0FB987D4F844031EE4DCB798EF7CD541C741
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79E588 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentDirectory
                                                                                                                      • String ID: :
                                                                                                                      • API String ID: 1611563598-336475711
                                                                                                                      • Opcode ID: 94d8cc45f34235f4f8be3872c52168324f921a030aa0c04db91d79f582118158
                                                                                                                      • Instruction ID: 1c2e76ce0d84e6c21405d13e9122dd3a0f837545243a7cece0117e8def877de5
                                                                                                                      • Opcode Fuzzy Hash: 94d8cc45f34235f4f8be3872c52168324f921a030aa0c04db91d79f582118158
                                                                                                                      • Instruction Fuzzy Hash: 3621BF72B0868381FB349B15D44426D73B2FB84B84F958075DA8D8B285DF7DE945CB41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA0491338C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastgetsockname
                                                                                                                      • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                      • API String ID: 566540725-540685895
                                                                                                                      • Opcode ID: 6b4fc8a7a88fb01f9812228e0b07841756f3377f257988557045c535e6cc1a7b
                                                                                                                      • Instruction ID: 96548cbba7fbfde6efdcf1483270e3ce1128f672648b1b96dbb785d60f7fe511
                                                                                                                      • Opcode Fuzzy Hash: 6b4fc8a7a88fb01f9812228e0b07841756f3377f257988557045c535e6cc1a7b
                                                                                                                      • Instruction Fuzzy Hash: C6219DB5A0850686EB20EF75E8846EEB760FF86344F408231EA5C46AA1DF7DE585CB40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04912522 Relevance: 5.3, APIs: 4, Instructions: 301COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 904c1ddc1ac2b7d51a3733fdc4c934fa97721c2ab28c691eea5c0e6f115cc51a
                                                                                                                      • Instruction ID: 4e3873c25a25d1000608a78ded5b7064e2ba9bd692e0542e70d2854d9c0327fc
                                                                                                                      • Opcode Fuzzy Hash: 904c1ddc1ac2b7d51a3733fdc4c934fa97721c2ab28c691eea5c0e6f115cc51a
                                                                                                                      • Instruction Fuzzy Hash: E4C1B576B0868186D720CF69B8847AEB7A1FB89BC4F448136EE8D57B59DF3CD0458B00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C78E310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                      • String ID: csm
                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                      • Opcode ID: ee4cd62d6736e0f26efa3482034fbaa09f2706f16dc7c85cfdea4997af4e44da
                                                                                                                      • Instruction ID: ae6b4de2b42d77a45cfe86a374d12460a18f4dd408a0674d8c4d58f0bc0f1dd4
                                                                                                                      • Opcode Fuzzy Hash: ee4cd62d6736e0f26efa3482034fbaa09f2706f16dc7c85cfdea4997af4e44da
                                                                                                                      • Instruction Fuzzy Hash: B5111C36618B4682EB618F15F84026977B5FB88BD4F188271EF8D4BB68DF3CD9518B00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FF69C79F08C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896243887.00007FF69C781000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF69C780000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896237859.00007FF69C780000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896250889.00007FF69C7AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7BD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896257678.00007FF69C7CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896273733.00007FF69C7E4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ff69c780000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                      • String ID: :
                                                                                                                      • API String ID: 2595371189-336475711
                                                                                                                      • Opcode ID: 231bdef7d4e4c9a314d514652501e8a1bb3d1d6653b2e53c967e9d93a887682d
                                                                                                                      • Instruction ID: f4c1ec7cd04149ecc51985763bb67ae95f34708ef87abd5384c29ad01c512c73
                                                                                                                      • Opcode Fuzzy Hash: 231bdef7d4e4c9a314d514652501e8a1bb3d1d6653b2e53c967e9d93a887682d
                                                                                                                      • Instruction Fuzzy Hash: 37012172A1CA0386F730AF2494A227E23B0EF44748F80057AD64DCB281DF3CE644CB10
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA049115AF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _time64
                                                                                                                      • String ID: !$..\s\crypto\ct\ct_policy.c
                                                                                                                      • API String ID: 1670930206-3401457818
                                                                                                                      • Opcode ID: bf6d92498a573574c7126317d3c12d718d5fa8c87d7a7d72a88d5f0a64037fc0
                                                                                                                      • Instruction ID: 860a694898cdbe5c2116cb2e380474a28d37ee7ac6329940e4d60298ea4cae54
                                                                                                                      • Opcode Fuzzy Hash: bf6d92498a573574c7126317d3c12d718d5fa8c87d7a7d72a88d5f0a64037fc0
                                                                                                                      • Instruction Fuzzy Hash: 9CF04935B1A60A96EB14AB74E4823AD3390FF46744F948035DE0D067D2EE3CF656DB00
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA04916BEA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastioctlsocket
                                                                                                                      • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                      • API String ID: 1021210092-540685895
                                                                                                                      • Opcode ID: 4d68a102142dda0a141e0aa41e49ba71bac8bdbe77c0eb6d10dc70971b8a66ca
                                                                                                                      • Instruction ID: c4f9787188c4e4975f3927e89d57ba402cfda45f2da458d7eeb86c704ebecaa7
                                                                                                                      • Opcode Fuzzy Hash: 4d68a102142dda0a141e0aa41e49ba71bac8bdbe77c0eb6d10dc70971b8a66ca
                                                                                                                      • Instruction Fuzzy Hash: DFE09A64F0850386F7106BB0F884B792210BF0B38AF008130EE0D826A1EF2DA2988A04
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00007FFA049153E9 Relevance: 5.0, APIs: 4, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000002.00000002.896305593.00007FFA04911000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFA04910000, based on PE: true
                                                                                                                      • Associated: 00000002.00000002.896300349.00007FFA04910000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA0491D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04975000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04989000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04999000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA049AD000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896305593.00007FFA04B5D000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B5F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04B8A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BBC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896372074.00007FFA04BE1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896404191.00007FFA04C2F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896409348.00007FFA04C35000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C37000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000002.00000002.896415046.00007FFA04C58000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_2_2_7ffa04910000_yk2Eh24FDd.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2162964266-0
                                                                                                                      • Opcode ID: c7954e11c4b5c180aee147f19bd23452bbd2d047806da0b6489b870047a3b121
                                                                                                                      • Instruction ID: 7240c1b23e197f14f29b3dc38028194d0d44abafa55675ff02723a7bf89979e1
                                                                                                                      • Opcode Fuzzy Hash: c7954e11c4b5c180aee147f19bd23452bbd2d047806da0b6489b870047a3b121
                                                                                                                      • Instruction Fuzzy Hash: 6A119362A1464196E610DB26F1801AD7360FB467D0F84D531EF5E87BA6EF28E5A5C700
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%