Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Modrinth.exe

Overview

General Information

Sample name:Modrinth.exe
Analysis ID:1467847
MD5:21cad48edbc93da2d1e1ab6f6632461a
SHA1:667a584eae5a57937d66d64249c26c8b1b2abf8f
SHA256:32619382ab72416dff258bff30a8b505d6e69e818345612892a121c28f3b23b0
Tags:DCRATexe
Infos:

Detection

DCRat
Score:74
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected DCRat
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Creates processes via WMI
Drops PE files to the user root directory
Drops PE files with benign system names
Drops executable to a common third party application directory
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Files With System Process Name In Unsuspected Locations
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Modrinth.exe (PID: 3192 cmdline: "C:\Users\user\Desktop\Modrinth.exe" MD5: 21CAD48EDBC93DA2D1E1AB6F6632461A)
    • Modrinth.exe (PID: 1964 cmdline: "C:\Users\user\AppData\Local\Temp\Modrinth.exe" MD5: 24F86EDBA8782175BB4583A8CA79EA5A)
      • wscript.exe (PID: 1988 cmdline: "C:\Windows\System32\WScript.exe" "C:\intosessionperfcrtSvc\x6qhfc.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
        • cmd.exe (PID: 3692 cmdline: C:\Windows\system32\cmd.exe /c ""C:\intosessionperfcrtSvc\QvJVxLMgIdUXKZXo3vjvMJd9h.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 4372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • Componentwebfont.exe (PID: 1308 cmdline: "C:\intosessionperfcrtSvc\Componentwebfont.exe" MD5: 4830C66C5387BFAA6373A25814227C96)
    • msiexec.exe (PID: 5456 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\Modrinth App_0.7.1_x64_en-US.msi" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • msiexec.exe (PID: 1476 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 5284 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding E9350FF13617C2EDECFDC599F293255F C MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • DVoCIYUveQTPKsllMirxd.exe (PID: 2716 cmdline: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe MD5: 4830C66C5387BFAA6373A25814227C96)
  • DVoCIYUveQTPKsllMirxd.exe (PID: 4436 cmdline: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe MD5: 4830C66C5387BFAA6373A25814227C96)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"w\":\"^\",\"T\":\";\",\"A\":\"-\",\"O\":\"%\",\"z\":\"~\",\"J\":\"*\",\"0\":\"(\",\"i\":\"@\",\"d\":\">\",\"j\":\"$\",\"U\":\")\",\"a\":\"#\",\"p\":\"&\",\"n\":\".\",\"I\":\"|\",\"1\":\"!\",\"s\":\"_\",\"h\":\" \",\"R\":\"`\",\"y\":\"<\",\"v\":\",\"}", "PCRT": "{\"k\":\"&\",\"R\":\"_\",\"F\":\"|\",\"1\":\"@\",\"M\":\"$\",\"v\":\"!\",\"U\":\",\",\"a\":\"-\",\"0\":\" \",\"Z\":\"~\",\"V\":\")\",\"Q\":\"`\",\"T\":\">\",\"m\":\"(\",\"E\":\"^\",\"W\":\"<\",\"d\":\";\",\"X\":\"#\",\"L\":\".\",\"B\":\"*\",\"8\":\"%\"}", "TAG": "", "MUTEX": "DCR_MUTEX-7Ye3wPcjuvzlhJoVIUW4", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%AppData% - Very Fast"}, "AS": true, "ASO": false, "AD": false, "H1": "http://cz36357.tw1.ru/@=cDMmNzNiFGO", "H2": "http://cz36357.tw1.ru/@=cDMmNzNiFGO", "T": "0"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000028.00000002.2226399767.0000000003231000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
    00000008.00000002.2120796404.000000000381D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      00000028.00000002.2226399767.000000000326E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        00000027.00000002.2226297047.0000000002FD1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          00000008.00000002.2120796404.0000000003361000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.0.Modrinth.exe.49e164.4.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Files With System Process Name In Unsuspected Locations
              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\intosessionperfcrtSvc\Componentwebfont.exe, ProcessId: 1308, TargetFilename: C:\intosessionperfcrtSvc\RuntimeBroker.exe
              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
              Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\intosessionperfcrtSvc\x6qhfc.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\intosessionperfcrtSvc\x6qhfc.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Modrinth.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Modrinth.exe, ParentProcessId: 1964, ParentProcessName: Modrinth.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\intosessionperfcrtSvc\x6qhfc.vbe" , ProcessId: 1988, ProcessName: wscript.exe

              Snort Signatures

              Timestamp:07/04/24-21:58:14.578787
              SID:2850862
              Source Port:80
              Destination Port:49769
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:07/04/24-21:57:14.997261
              SID:2850862
              Source Port:80
              Destination Port:49706
              Protocol:TCP
              Classtype:A Network Trojan was detected

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: Modrinth.exeAvira: detected
              Source: Modrinth.exeAvira: detected
              Source: Modrinth.exeAvira: detected
              Antivirus detection for dropped file
              Source: C:\Windows\Vss\Writers\Application\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Program Files (x86)\Windows Multimedia Platform\wininit.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Users\Default\SearchApp.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Program Files\Windows Photo Viewer\en-GB\System.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeAvira: detection malicious, Label: VBS/Runner.VPG
              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exeAvira: detection malicious, Label: HEUR/AGEN.1323984
              Found malware configuration
              Source: 00000008.00000002.2123867809.000000001336F000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"SCRT": "{\"w\":\"^\",\"T\":\";\",\"A\":\"-\",\"O\":\"%\",\"z\":\"~\",\"J\":\"*\",\"0\":\"(\",\"i\":\"@\",\"d\":\">\",\"j\":\"$\",\"U\":\")\",\"a\":\"#\",\"p\":\"&\",\"n\":\".\",\"I\":\"|\",\"1\":\"!\",\"s\":\"_\",\"h\":\" \",\"R\":\"`\",\"y\":\"<\",\"v\":\",\"}", "PCRT": "{\"k\":\"&\",\"R\":\"_\",\"F\":\"|\",\"1\":\"@\",\"M\":\"$\",\"v\":\"!\",\"U\":\",\",\"a\":\"-\",\"0\":\" \",\"Z\":\"~\",\"V\":\")\",\"Q\":\"`\",\"T\":\">\",\"m\":\"(\",\"E\":\"^\",\"W\":\"<\",\"d\":\";\",\"X\":\"#\",\"L\":\".\",\"B\":\"*\",\"8\":\"%\"}", "TAG": "", "MUTEX": "DCR_MUTEX-7Ye3wPcjuvzlhJoVIUW4", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%AppData% - Very Fast"}, "AS": true, "ASO": false, "AD": false, "H1": "http://cz36357.tw1.ru/@=cDMmNzNiFGO", "H2": "http://cz36357.tw1.ru/@=cDMmNzNiFGO", "T": "0"}
              Multi AV Scanner detection for dropped file
              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exeReversingLabs: Detection: 87%
              Source: C:\Program Files (x86)\MSECache\OfficeKMS\win7\DVoCIYUveQTPKsllMirxd.exeReversingLabs: Detection: 87%
              Source: C:\Program Files (x86)\Windows Multimedia Platform\wininit.exeReversingLabs: Detection: 87%
              Source: C:\Program Files\Reference Assemblies\Microsoft\Framework\DVoCIYUveQTPKsllMirxd.exeReversingLabs: Detection: 87%
              Source: C:\Program Files\Windows Photo Viewer\en-GB\System.exeReversingLabs: Detection: 87%
              Source: C:\Users\Default\DVoCIYUveQTPKsllMirxd.exeReversingLabs: Detection: 87%
              Source: C:\Users\Default\SearchApp.exeReversingLabs: Detection: 87%
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeReversingLabs: Detection: 62%
              Source: C:\Windows\Vss\Writers\Application\RuntimeBroker.exeReversingLabs: Detection: 87%
              Source: C:\Windows\en-US\csrss.exeReversingLabs: Detection: 87%
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeReversingLabs: Detection: 87%
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeReversingLabs: Detection: 87%
              Source: C:\intosessionperfcrtSvc\RuntimeBroker.exeReversingLabs: Detection: 87%
              Multi AV Scanner detection for submitted file
              Source: Modrinth.exeReversingLabs: Detection: 97%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 93.6% probability
              Machine Learning detection for dropped file
              Source: C:\Windows\Vss\Writers\Application\RuntimeBroker.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Windows Multimedia Platform\wininit.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exeJoe Sandbox ML: detected
              Source: C:\Users\Default\SearchApp.exeJoe Sandbox ML: detected
              Source: C:\Program Files\Windows Photo Viewer\en-GB\System.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeJoe Sandbox ML: detected
              Source: C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: Modrinth.exeJoe Sandbox ML: detected
              Source: Modrinth.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
              Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Modrinth AppJump to behavior
              Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Modrinth App\Modrinth App.exeJump to behavior
              Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Modrinth App\Uninstall Modrinth App.lnkJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeDirectory created: C:\Program Files\Windows Photo Viewer\en-GB\System.exeJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeDirectory created: C:\Program Files\Windows Photo Viewer\en-GB\27d1bcfc3c54e0Jump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeDirectory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\DVoCIYUveQTPKsllMirxd.exeJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeDirectory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\510335ec8a3ea2Jump to behavior
              Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}Jump to behavior
              Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: Modrinth.exe
              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr
              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr
              Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0026A5F4 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,2_2_0026A5F4
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0027B8E0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,2_2_0027B8E0
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0028AAA8 FindFirstFileExA,2_2_0028AAA8

              Networking

              barindex
              Snort IDS alert for network traffic
              Source: TrafficSnort IDS: 2850862 ETPRO TROJAN DCRat Initial Checkin Server Response M4 92.53.96.121:80 -> 192.168.2.5:49706
              Source: TrafficSnort IDS: 2850862 ETPRO TROJAN DCRat Initial Checkin Server Response M4 92.53.96.121:80 -> 192.168.2.5:49769
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: http://cz36357.tw1.ru/@=cDMmNzNiFGO
              Yara detected Generic Downloader
              Source: Yara matchFile source: 0.0.Modrinth.exe.49e164.4.raw.unpack, type: UNPACKEDPE
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: Modrinth App.exe.5.drString found in binary or memory: icons/128x128.pngicons/128x128@2x.pngdW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IDIwMzM5QkE0M0FCOERBMzkKUldRNTJyZzZwSnN6SUdPRGdZREtUUGxMblZqeG9OVHYxRUlRTzJBc2U3MUNJaDMvZDQ1UytZZmYKhttps://launcher-files.modrinth.com/updates.jsondefault-src 'self'; connect-src https://modrinth.com https://*.modrinth.com https://mixpanel.com https://*.mixpanel.com https://*.cloudflare.com https://api.mclo.gs; font-src https://cdn-raw.modrinth.com/fonts/inter/; img-src tauri: https: data: blob: 'unsafe-inline' asset: https://asset.localhost; script-src https://*.cloudflare.com 'self'; frame-src https://*.cloudflare.com https://www.youtube.com https://www.youtube-nocookie.com https://discord.com 'self'; style-src unsafe-inline 'self'$APPDATA/caches/icons/*$APPCONFIG/caches/icons/*$CONFIG/caches/icons/*http://localhost:1420/../dist/assets/index-WeuSTy9x.css[ equals www.youtube.com (Youtube)
              Source: global trafficDNS traffic detected: DNS query: cdn-raw.modrinth.com
              Source: global trafficDNS traffic detected: DNS query: cdn.modrinth.com
              Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
              Source: Modrinth App.exe.5.drString found in binary or memory: http://.css
              Source: Modrinth App.exe.5.drString found in binary or memory: http://.jpg
              Source: Modrinth App.exe.5.drString found in binary or memory: http://auth.xboxlive.com
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr, Modrinth App.exe.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr, Modrinth App.exe.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr, Modrinth App.exe.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr, Modrinth App.exe.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr, Modrinth App.exe.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr, Modrinth App.exe.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr, Modrinth App.exe.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
              Source: Modrinth App.exe.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr, Modrinth App.exe.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
              Source: Modrinth App.exe.5.drString found in binary or memory: http://html4/loose.dtd
              Source: Modrinth App.exe.5.drString found in binary or memory: http://localhost:1420/../dist/assets/index-WeuSTy9x.css
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr, Modrinth App.exe.5.drString found in binary or memory: http://ocsp.digicert.com0
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr, Modrinth App.exe.5.drString found in binary or memory: http://ocsp.digicert.com0A
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr, Modrinth App.exe.5.drString found in binary or memory: http://ocsp.digicert.com0C
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drString found in binary or memory: http://ocsp.digicert.com0K
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drString found in binary or memory: http://ocsp.digicert.com0N
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drString found in binary or memory: http://ocsp.digicert.com0O
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr, Modrinth App.exe.5.drString found in binary or memory: http://ocsp.digicert.com0X
              Source: Componentwebfont.exe, 00000008.00000002.2120796404.0000000003825000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drString found in binary or memory: http://wixtoolset.org
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr, Modrinth App.exe.5.drString found in binary or memory: http://www.digicert.com/CPS0
              Source: Modrinth App.exe.5.drString found in binary or memory: https://api.azul.com/metadata/v1/zulu/packages?arch=&java_version=&os=&archive_type=zip&javafx_bundl
              Source: Modrinth App.exe.5.drString found in binary or memory: https://api.mclo.gs;
              Source: Modrinth App.exe.5.drString found in binary or memory: https://api.minecraftservices.com/entitlements/license?requestId=
              Source: Modrinth App.exe.5.drString found in binary or memory: https://api.minecraftservices.com/launcher/loginXBL3.0
              Source: Modrinth App.exe.5.drString found in binary or memory: https://api.minecraftservices.com/minecraft/profile
              Source: Modrinth App.exe.5.drString found in binary or memory: https://api.modrinth.com/analytics/playtimeTried
              Source: Modrinth App.exe.5.drString found in binary or memory: https://api.modrinth.com/v2/
              Source: Modrinth App.exe.5.drString found in binary or memory: https://asset.localhost;
              Source: Modrinth App.exe.5.drString found in binary or memory: https://cdn-raw.modrinth.com/fonts/inter/;
              Source: Modrinth App.exe.5.drString found in binary or memory: https://cdn.modrle_relative_pathprofile_relative
              Source: Modrinth App.exe.5.drString found in binary or memory: https://device.auth.xboxlive.com/device/authenticate/device/authenticateProofOfPossession
              Source: Modrinth App.exe.5.drString found in binary or memory: https://device.auth.xboxlive.com/device/authenticate/device/authenticateProofOfPossession5q
              Source: Modrinth App.exe.5.drString found in binary or memory: https://discord.com
              Source: Modrinth App.exe.5.drString found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-supportC:
              Source: Modrinth App.exe.5.drString found in binary or memory: https://docs.rs/tauri/1/tauri/scope/struct.IpcScope.html#method.configure_remote_access
              Source: Modrinth App.exe.5.drString found in binary or memory: https://github.com/rust-windowing/tao
              Source: Modrinth App.exe.5.drString found in binary or memory: https://github.com/tauri-apps/tauri/issues/2549#issuecomment-1250036908
              Source: Modrinth App.exe.5.drString found in binary or memory: https://github.com/tauri-apps/tauri/issues/8306)
              Source: Modrinth App.exe.5.drString found in binary or memory: https://launcher-files.modrinth.com/detect.txtcheck_internettimeout
              Source: Modrinth App.exe.5.drString found in binary or memory: https://launcher-files.modrinth.com/updates.jsondefault-src
              Source: Modrinth App.exe.5.drString found in binary or memory: https://libraries.minecraft.net/(
              Source: Modrinth App.exe.5.drString found in binary or memory: https://login.live.com/oauth20_desktop.srfscopeservice::user.auth.xboxlive.com::MBI_SSLhttps://login
              Source: Modrinth App.exe.5.drString found in binary or memory: https://meta.modrinth.com
              Source: Modrinth App.exe.5.drString found in binary or memory: https://meta.modrinth.comx
              Source: Modrinth App.exe.5.drString found in binary or memory: https://mixpanel.com
              Source: Modrinth App.exe.5.drString found in binary or memory: https://modrinth.com
              Source: Modrinth App.exe.5.drString found in binary or memory: https://piston-meta.mojang.com/mc/game/version_manifest_v2.json
              Source: Modrinth App.exe.5.drString found in binary or memory: https://resources.download.minecraft.net/
              Source: Modrinth App.exe.5.drString found in binary or memory: https://sisu.xboxlive.com/authenticate/authenticatecode_challenge_methodX-SessionId
              Source: Modrinth App.exe.5.drString found in binary or memory: https://sisu.xboxlive.com/authorize/authorizet=
              Source: Modrinth App.exe.5.drString found in binary or memory: https://sisu.xboxlive.com/authorize/authorizet=M
              Source: Modrinth App.exe.5.drString found in binary or memory: https://tauri.app/docs/api/config#tauri.allowlist)
              Source: Modrinth App.exe.5.drString found in binary or memory: https://tauri.app/docs/api/config#tauri.allowlist)PlatformOsTypeTempdirLocaleGetAppVersionGetAppName
              Source: Modrinth App.exe.5.drString found in binary or memory: https://tauri.app/v1/api/config/#securityconfig.dangerousremotedomainipcaccess
              Source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drString found in binary or memory: https://www.digicert.com/CPS0
              Source: Modrinth App.exe.5.drString found in binary or memory: https://www.youtube-nocookie.com
              Source: Modrinth App.exe.5.drString found in binary or memory: https://www.youtube.com
              Source: Modrinth App.exe.5.drString found in binary or memory: https://xsts.auth.xboxlive.com/xsts/authorize/xsts/authorizerp://api.minecraftservices.com/
              Source: Modrinth App.exe.5.drBinary or memory string: RegisterRawInputDevicesmemstr_be399663-a

              System Summary

              barindex
              Windows Scripting host queries suspicious COM object (likely to drop second stage)
              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0026718C: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,2_2_0026718C
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6ed634.msiJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{67E35770-3BE7-49CB-BE18-C8626CE846EE}Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID819.tmpJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{67E35770-3BE7-49CB-BE18-C8626CE846EE}Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{67E35770-3BE7-49CB-BE18-C8626CE846EE}\ProductIconJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6ed636.msiJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6ed636.msiJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Windows\en-US\csrss.exeJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Windows\en-US\886983d96e3d3eJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Windows\Vss\Writers\Application\RuntimeBroker.exeJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Windows\Vss\Writers\Application\9e8d7a4ca61bd9Jump to behavior
              Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\6ed636.msiJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0026857B2_2_0026857B
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0028D00E2_2_0028D00E
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0026407E2_2_0026407E
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_002770BF2_2_002770BF
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_002911942_2_00291194
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0026E2A02_2_0026E2A0
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_002632812_2_00263281
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_002802F62_2_002802F6
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_002766462_2_00276646
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0028473A2_2_0028473A
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0028070E2_2_0028070E
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_002627E82_2_002627E8
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_002737C12_2_002737C1
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0026E8A02_2_0026E8A0
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_002849692_2_00284969
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0026F9682_2_0026F968
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_00273A3C2_2_00273A3C
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_00276A7B2_2_00276A7B
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0028CB602_2_0028CB60
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_00280B432_2_00280B43
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_00275C772_2_00275C77
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0026ED142_2_0026ED14
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_00273D6D2_2_00273D6D
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0027FDFA2_2_0027FDFA
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0026BE132_2_0026BE13
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0026DE6C2_2_0026DE6C
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_00265F3C2_2_00265F3C
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_00280F782_2_00280F78
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: String function: 0027E360 appears 52 times
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: String function: 0027ED00 appears 31 times
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: String function: 0027E28C appears 35 times
              Source: Modrinth.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
              Source: Componentwebfont.exe.2.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
              Source: Modrinth.exe, 00000000.00000002.2033378957.0000000000EBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsiexec.exe.muiX vs Modrinth.exe
              Source: Modrinth.exe, 00000000.00000002.2033378957.0000000000EBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsiexec.exeX vs Modrinth.exe
              Source: Modrinth.exe, 00000000.00000003.2020454414.0000000002AA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs Modrinth.exe
              Source: Modrinth.exe, 00000002.00000003.2024115320.000000000540F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs Modrinth.exe
              Source: Modrinth.exe, 00000002.00000003.2023615711.0000000005352000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs Modrinth.exe
              Source: Modrinth.exeBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs Modrinth.exe
              Source: Modrinth.exeBinary or memory string: OriginalFilenamewixca.dll\ vs Modrinth.exe
              Source: Modrinth.exeBinary or memory string: OriginalFilenameuica.dll\ vs Modrinth.exe
              Source: Modrinth.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, ehi0Ar05rwO3rBy5vDQ.csCryptographic APIs: 'TransformBlock'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, ehi0Ar05rwO3rBy5vDQ.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, oZCvG54wWRBjDfkFnkO.csCryptographic APIs: 'CreateDecryptor'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, oZCvG54wWRBjDfkFnkO.csCryptographic APIs: 'CreateDecryptor'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, ehi0Ar05rwO3rBy5vDQ.csCryptographic APIs: 'TransformBlock'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, ehi0Ar05rwO3rBy5vDQ.csCryptographic APIs: 'TransformFinalBlock'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, oZCvG54wWRBjDfkFnkO.csCryptographic APIs: 'CreateDecryptor'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, oZCvG54wWRBjDfkFnkO.csCryptographic APIs: 'CreateDecryptor'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, ehi0Ar05rwO3rBy5vDQ.csCryptographic APIs: 'TransformBlock'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, ehi0Ar05rwO3rBy5vDQ.csCryptographic APIs: 'TransformFinalBlock'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, oZCvG54wWRBjDfkFnkO.csCryptographic APIs: 'CreateDecryptor'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, oZCvG54wWRBjDfkFnkO.csCryptographic APIs: 'CreateDecryptor'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, baYrhAOQ8tHFrFkoH4H.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, baYrhAOQ8tHFrFkoH4H.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, baYrhAOQ8tHFrFkoH4H.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, baYrhAOQ8tHFrFkoH4H.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, baYrhAOQ8tHFrFkoH4H.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, baYrhAOQ8tHFrFkoH4H.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: Modrinth App.exe.5.drBinary string: \Device\Afd\Mio
              Source: Modrinth App.exe.5.drBinary string: Failed to open \Device\Afd\Mio:
              Source: classification engineClassification label: mal74.troj.evad.winEXE@20/57@8/0
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_00266EC9 GetLastError,FormatMessageW,2_2_00266EC9
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_00279E1C FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,2_2_00279E1C
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Modrinth AppJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\Public\Desktop\Modrinth App.lnkJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4372:120:WilError_03
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeMutant created: NULL
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeMutant created: \Sessions\1\BaseNamedObjects\Local\e5ff995eea97787bc058f62dffde7d9982100014
              Source: C:\Users\user\Desktop\Modrinth.exeFile created: C:\Users\user\AppData\Local\Temp\Modrinth.exeJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\intosessionperfcrtSvc\QvJVxLMgIdUXKZXo3vjvMJd9h.bat" "
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCommand line argument: sfxname2_2_0027D5D4
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCommand line argument: sfxstime2_2_0027D5D4
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCommand line argument: STARTDLG2_2_0027D5D4
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCommand line argument: xj+2_2_0027D5D4
              Source: Modrinth.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.94%
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\Users\user\Desktop\Modrinth.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: Modrinth.exeReversingLabs: Detection: 97%
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeFile read: C:\Users\user\AppData\Local\Temp\Modrinth.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\Modrinth.exe "C:\Users\user\Desktop\Modrinth.exe"
              Source: C:\Users\user\Desktop\Modrinth.exeProcess created: C:\Users\user\AppData\Local\Temp\Modrinth.exe "C:\Users\user\AppData\Local\Temp\Modrinth.exe"
              Source: C:\Users\user\Desktop\Modrinth.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\Modrinth App_0.7.1_x64_en-US.msi"
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\intosessionperfcrtSvc\x6qhfc.vbe"
              Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\intosessionperfcrtSvc\QvJVxLMgIdUXKZXo3vjvMJd9h.bat" "
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\intosessionperfcrtSvc\Componentwebfont.exe "C:\intosessionperfcrtSvc\Componentwebfont.exe"
              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E9350FF13617C2EDECFDC599F293255F C
              Source: unknownProcess created: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe
              Source: unknownProcess created: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe
              Source: C:\Users\user\Desktop\Modrinth.exeProcess created: C:\Users\user\AppData\Local\Temp\Modrinth.exe "C:\Users\user\AppData\Local\Temp\Modrinth.exe" Jump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\Modrinth App_0.7.1_x64_en-US.msi" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\intosessionperfcrtSvc\x6qhfc.vbe" Jump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\intosessionperfcrtSvc\QvJVxLMgIdUXKZXo3vjvMJd9h.bat" "Jump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E9350FF13617C2EDECFDC599F293255F CJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\intosessionperfcrtSvc\Componentwebfont.exe "C:\intosessionperfcrtSvc\Componentwebfont.exe"Jump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess created: unknown unknownJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: dxgidebug.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: riched20.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: usp10.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: msls31.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: pcacli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msihnd.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: oleacc.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: riched20.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: usp10.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msls31.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: linkinfo.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: ntshrui.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: cscapi.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: version.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: wldp.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: profapi.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: amsi.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: userenv.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: propsys.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: edputil.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: netutils.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: slc.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: sppc.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: version.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: wldp.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: profapi.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: mscoree.dll
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: kernel.appcore.dll
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: version.dll
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: uxtheme.dll
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: windows.storage.dll
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: wldp.dll
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: profapi.dll
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: cryptsp.dll
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: rsaenh.dll
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: cryptbase.dll
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeSection loaded: sspicli.dll
              Source: C:\Users\user\Desktop\Modrinth.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next
              Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next
              Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Install
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Modrinth AppJump to behavior
              Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Modrinth App\Modrinth App.exeJump to behavior
              Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Modrinth App\Uninstall Modrinth App.lnkJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeDirectory created: C:\Program Files\Windows Photo Viewer\en-GB\System.exeJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeDirectory created: C:\Program Files\Windows Photo Viewer\en-GB\27d1bcfc3c54e0Jump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeDirectory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\DVoCIYUveQTPKsllMirxd.exeJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeDirectory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\510335ec8a3ea2Jump to behavior
              Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}Jump to behavior
              Source: Modrinth.exeStatic file information: File size 7141376 > 1048576
              Source: Modrinth.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x6cd600
              Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: Modrinth.exe
              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\uica.pdb source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr
              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: Modrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.dr

              Data Obfuscation

              barindex
              .NET source code contains method to dynamically call methods (often used by packers)
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, oZCvG54wWRBjDfkFnkO.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, oZCvG54wWRBjDfkFnkO.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, oZCvG54wWRBjDfkFnkO.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
              .NET source code contains potential unpacker
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, F0eFFnmKkJZhn55Zvys.cs.Net Code: Cb9OuxZ2ZO System.AppDomain.Load(byte[])
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, F0eFFnmKkJZhn55Zvys.cs.Net Code: Cb9OuxZ2ZO System.Reflection.Assembly.Load(byte[])
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, F0eFFnmKkJZhn55Zvys.cs.Net Code: Cb9OuxZ2ZO
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, F0eFFnmKkJZhn55Zvys.cs.Net Code: Cb9OuxZ2ZO System.AppDomain.Load(byte[])
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, F0eFFnmKkJZhn55Zvys.cs.Net Code: Cb9OuxZ2ZO System.Reflection.Assembly.Load(byte[])
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, F0eFFnmKkJZhn55Zvys.cs.Net Code: Cb9OuxZ2ZO
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, F0eFFnmKkJZhn55Zvys.cs.Net Code: Cb9OuxZ2ZO System.AppDomain.Load(byte[])
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, F0eFFnmKkJZhn55Zvys.cs.Net Code: Cb9OuxZ2ZO System.Reflection.Assembly.Load(byte[])
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, F0eFFnmKkJZhn55Zvys.cs.Net Code: Cb9OuxZ2ZO
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeFile created: C:\intosessionperfcrtSvc\__tmp_rar_sfx_access_check_7252718Jump to behavior
              Source: Modrinth.exeStatic PE information: real checksum: 0x2d4fd should be: 0x6dcc9f
              Source: Modrinth.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x1a2464
              Source: Componentwebfont.exe.2.drStatic PE information: real checksum: 0x0 should be: 0x12d013
              Source: Modrinth.exe.0.drStatic PE information: section name: .didat
              Source: Modrinth App.exe.5.drStatic PE information: section name: _RDATA
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0027E28C push eax; ret 2_2_0027E2AA
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0027ED46 push ecx; ret 2_2_0027ED59
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeCode function: 8_2_00007FF848A700BD pushad ; iretd 8_2_00007FF848A700C1
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeCode function: 39_2_00007FF848A800BD pushad ; iretd 39_2_00007FF848A800C1
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeCode function: 40_2_00007FF848AA00BD pushad ; iretd 40_2_00007FF848AA00C1
              Source: Componentwebfont.exe.2.drStatic PE information: section name: .text entropy: 6.959160573713047
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, jPaTnia40GWt9Coe6yO.csHigh entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'qiRZHj1J4NC7beQbQXK', 'NgaAbB1jRKel81QpJWU', 'T6ey7G1fXFGx6sK2gk0', 'h71wg212LsMLZtgUVit', 'KBsDg81ebU3E7lQLn0v', 'VwtuWo1zvXQUQqUYKmf'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, pbABwJy3EdEOotFyFtR.csHigh entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, IOnjNpyi3WP4VFBLKh7.csHigh entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, Xa39auae6dMXshb8a5I.csHigh entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'j989Rlc7wue7C4kxZP3', 'MrVhfLchwVuVGlbK3mq', 'Qx15hNcitWqMiMYYMC6', 'rWEiKocxLBfd4PWrD3L', 'W80QoWcv4BUhYpx5AOR', 'V7paBccTwYZ2Dt58cOu'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, oouYjcOoPmjrIkWamvv.csHigh entropy of concatenated method names: 'c6YK7Kf2Gg', 'SOMKx0X9Ly', 'SXLe8bqELooqIGhwlyl', 'Hguw4rq4RUUGpVCrGEk', 'GXNnlTqAy9GqD0oJWDj', 'LNeSbTqMpUQnLRW53pk', 's6vqe0qUEhrpgj0aX2s', 'xKf4Rkq0FptPTlScKfK'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, JBFZpRnYyR185c99D9.csHigh entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'Sxn8yMZD2', 'uDXe1OB4PeEwZVybgTR', 'HkocfjBUShjtZygTKvA', 'laSPGlB0OhMiZYIYp4M', 'v7ouDOBrASg4eN5Tspd', 'LI4gInBqYFcgGZQWcW1'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, tDUgcN4cgsla2FKvWQI.csHigh entropy of concatenated method names: 'ziPnogSufS', 'YkgncXSsLT', 'pJNnIOplt5', 'cspnhe0fAX', 'b8jnddn1a6', 'uaenMagvy0', 'SN6nva4vWE', 'x0gnU37YjL', 'NESnnObaxL', 'VnWn7NCBeH'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, ehi0Ar05rwO3rBy5vDQ.csHigh entropy of concatenated method names: 'NnYcrQZwNB', 'rD8cSIqcmm', 'UIlcfceKps', 'gxQcBUYWv1', 'n54cRmT1BQ', 'rkFcgTjThU', '_838', 'vVb', 'g24', '_9oL'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, rhM4tbyHGGaiSwWCOii.csHigh entropy of concatenated method names: 'sLyG2v2GjU', 'qhAoA0hEMdjELBiBxbJ', 'ocRb5xh4kvrV7eGyGV2', 'eGvPqqhAVS4fWLdoW6l', 'PQlwgrhM6ONhtoQPoIS', 'w6fXUaf8SK', 'GHAXnDBgDs', 't1UX7D1p5S', 'YykXx5KOQn', 'T97XklAAx5'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, pK4i05auqbqWopsKsKe.csHigh entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'yXMa7tSK73PIWQTFjaa', 'eKydheSNL2Vryrp8Y3b', 'N5Hw6YSncC2leDxBC3T', 'hioR8GSufvAhlwBQFk8', 'e2E9DFSHAPMLmvnqRZg', 'zbIWLDS3QDaxRawpl2y'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, RQkNuuH7giMLOmlQjLZ.csHigh entropy of concatenated method names: 'oTAos8IXNY', 'sUNoAqLXkj', 'tfqo1yVqmB', 'cBHoPV4Ya5', 'NBtoCcKSvC', 'lLFoipSwjI', 'h435C2Zp7ldb00nwovG', 'QK1GMjZFEREncwFKIlT', 'P79URJZde3G7PNfjPnd', 'HHDU0oZGvAeX232QQ1E'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, fUGbdqtY2ANHoqXkSw.csHigh entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'iHRT2hyMPNtIlRtBXJu', 'leGoNgyEUQZH2sUYRDD', 'JPo0A8y4xcXBbcqsmPy', 'mn19d1yU6jNn2rCUowj', 'yCeHa4y0EMI0gOSeoDc', 'ct4LJnyrh7FKUVKT2BG'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, y0lMUJyhu6CbIcl54jf.csHigh entropy of concatenated method names: 'AwGwxihbh3', 'uuFwksYJEj', 'R4SwJF1yE8', 'mS3wW4trZH', 'RWtwY77dlh', 'JKI0Kix4GfJlFBdtFtV', 'yWU9hnxMUjeNs2t77dR', 'a4pKEHxEPMbm0bdUJNv', 'QECyJ7xUfw5TpSb8w0f', 'TBJYgEx0Ky5ErpBRgOn'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, AAlQZwiJL5Xr5eGvBm.csHigh entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'oYjvQttIPcTGSksMQXP', 'eRnb4OtJwwTItDbVxt9', 'WOqjnotj19SGc3Nncbd', 'HK5sT0tfE4HDbyITp84', 'Vdisfmt2jxT8PVUTo8p', 'YB7HEQteEnAmC5RTf2f'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, e2g5aG0crcxKeJBRoyR.csHigh entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, X2icxDaO12aiUd80oHk.csHigh entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'g19bRf1OghoyYMl3X4u', 'E7If4P1s5jpLRphRyLW', 'sMRaUp1a3viAxylWWqj', 'UC9C3516Ecu1eRm1knu', 'J8Agea1CM26Sy5umLeD', 'SeEaUk1Qa4gw3Ssd7LB'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, yerTdRy2onVId7aJ1TB.csHigh entropy of concatenated method names: 'Jf3EyBHhZ8', 'bUqEHjjnLH', 'zT3E0GCpqG', 'HcCSKUiAGIqNf63wOKD', 'u2xGW6iMUsWMDVJcemg', 'DW37SrikmEKno1X3ibR', 'CCaUNDiXkjk9gqZlpb5', 'eTjEj0iEx1GhTB0b2Ox', 'pueZHwi4Ysifju4XUbq', 'i33LCiiU3BIEJF8h3a1'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, jvGrunOatM8gGptbr4c.csHigh entropy of concatenated method names: 'R3j4vfIKmq', 'nCE4UtyXAs', 'HMd4nWbTxb', 'FPx47epZ0M', 'tGqroEEzHXCOZD1xYfj', 'CZIedaE2oEpXtC2tuY1', 'UG5o6sEelNpYrdQ8JFF', 'NeKsPr4RcA7lIOFbV9p', 'Eq5gEr4VbK3nCyjGgrx', 'wGhBMZ4BUoLfiMdhaR8'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, MNuq87gYHUa13y8H92.csHigh entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'NsFhvgtkaB3brEOQFho', 'aP8GcMtXp1eu6UWHknn', 'Hdt0g3tAoMFLaWwM1Fe', 'kQO2jhtMiCEMsS5Ibgt', 'vScu6atEFEHTbgboLUu', 'msDh3dt4HGJNTg8surA'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, z3DOHTyA3lEDNf5oxRY.csHigh entropy of concatenated method names: 'pwKuiLyPlf', 'RtFukTjeBp', 'CfyuJiXGq3', 'orAuWva9E9', 'p7vuYXwNFQ', 'kKDuDEK5ZT', 'd2eu8rcYG5', 'JHEuL3sWFf', 'Kq4uqVaRD0', 'e6aul2fgS1'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, cmTkICaBFHJIm7DYxk5.csHigh entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'KEXML9g0xdgt3JH0P67', 'V7u8UfgrsPd6n0KOHBu', 'o40BqxgqAx08MiHXTtw', 'EvAKO1g8PoIwBxJAZss', 'oLEtkRg76K7qAgcCpP1', 'NfipMKghPvtvW5fDUNS'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, HnHswkOq2f1bZvlIekv.csHigh entropy of concatenated method names: 'sg9', 'N8Kiq7RbuL', 'UNWKig7xpH', 'IT5i5epuAY', 'p7RnZSqpbJC5u1vFBXF', 'sZtd01qGndaWaCmjAR5', 'T5UGP0qwbXlAiYXt0Fr', 'KFhvHqqF5xwTGeWDU3d', 'At780Aqdjm2kedojLRC', 'Ac4hjcqlZZsww5HCNOS'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, QWFNpB8gAYSNtrLHBq.csHigh entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'hge4Hn9jcfFpcbPRemt', 'hdifgZ9fZXWm7mSPrYx', 'KvelKy92i2mxEyJZdaP', 'ttGQSi9eMie00EKIu3R', 'AQAxXl9z511kcCWXNa3', 'yq1DJxyRtftRKrfYVjE'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, CZ9h0Z44gkQdFuZ5VE.csHigh entropy of concatenated method names: 'oh0wZ4gkQ', 'Mx4mnx69Td7sIJMHYw', 'yyC5NXsX2MM4yfy0Em', 'Bc3wteajJed89ml85x', 'OOxNPnCv9abwcEhbbi', 'AhYiDIQirO5wKRJP1b', 'P09m50WD2', 'B0TOGdG7k', 'tqOyJt0pb', 'su7HLnDU4'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, tRhiRJagZIFjUJYiZPp.csHigh entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'm5e1Nwga0WBFGURebZO', 'IADl1rg6AyOyIUux4Uh', 'yL0qw6gCo3PqysfdaAI', 'DV2J38gQgvPAxDOC81A', 'kbHt9PgLpDQp1AutwXs', 'YRC4uBgZQHnonYQqwug'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, SvlhDembYGB4JLGRZLG.csHigh entropy of concatenated method names: 'GchywuGsjr', 'jRJyuSD52p', 'jYbksuk7Dm1uTtVCUdw', 'SumgaMkhaXWpg4HyjXc', 'Yuo9ItkqXD6UhZ1ZO87', 'Quo860k8WxGwMdrr30Q', 'wbhQaTkiiUipmNgCQCg', 'ub6NAVkxAnYYK2iiDPJ', 'QaNiBnkvHq7nS9W8mcQ', 'AUvIyXkTtV3P1CtOONK'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, eRlfJjaMeelFTnNKSmO.csHigh entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'NHx2qCmLkDJ91FhbHUb', 'KWeSu3mZVwXDtjk5Z8D', 'dVgFxymD3Omt2Wfc4JF', 'lUYBcmmKyC09mLfEOIL', 'YWqDtbmNRsOPOsPKtrQ', 'xDgPDImnhjDTpppYFrN'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, ytAGk70tUHyr5NrLm62.csHigh entropy of concatenated method names: 'PJ1', 'jo3', 'xQZvKPiuGy', 'xLKvXNx8io', 'ztJv3qvMX3', 'EC9', '_74a', '_8pl', '_27D', '_524'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, ykDh1E0TlnGsWgq8ULC.csHigh entropy of concatenated method names: 'IGD', 'CV5', 'g38IoykCX7', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, fs2AfazSVDW7SCGUm1.csHigh entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'rSegpO19WmYBgYWa8y1', 'eUkcAM1y8atp0V0YYev', 'gjvVNf1tjdP2mZH1pi0', 'Iwa7IA119oEPixVRZId', 'xARb6y1Sfwg9BLgZXZC', 'b8SvsS1cRoGxDPcxHnY'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, E5uGIwHkQFsVkfeDTuX.csHigh entropy of concatenated method names: 'xN2c5d5cJa', 'qGqxvKZfO3eUpywdyds', 'miFIcIZJf97c2D5Yqae', 'hT6wCGZjWyuJoT5W10i', 'BNt3KiZ2OmODTP6q8cX', 'xksA2rZe9YPohUkYs86', 'L2t3MmZzVib2E4IkTtB'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, yrHKr0xBqBdvKUoEED.csHigh entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'S1rlnp3H2', 'mPTIwVBQLa7BOeDYVJu', 'A4B0yxBLGknoR9H0g9N', 'HVZTt5BZ4MkZmo6yInu', 'Jm68hdBDWjGFvhLc0O0', 'D9KGgHBKYkRh0ouVc1T'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, BrJmY0aS531i1G0qfyk.csHigh entropy of concatenated method names: 'NWWm3FRQqd', 'frBmG9X1di', 'qRf3EcgP3TnDROfqf4l', 'w9fXplgYc0tt5YnSTym', 'CV7YlqggfTegsd1ybdN', 'xNDdyrg5xKOO04V3jm3', 'qAZWcWgbk612FwleRsP', 'aZeJQfgWUqtpa1CqqbH', 'OO6VFxgkJtugH6cqca3', 'W1BcHVgX0YZlPECBvoG'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, yaoNBCa9ypqycarcC13.csHigh entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'qeRhjeSouDRj7d344vv', 'PCxu8OSIs2QAZk61yXR', 'Y3uIUxSJnEvMnRpVedJ', 'HvR1r8SjsK57hN8S4Zd', 'QYHkJMSff1BBMMC1w53', 'sQaXmsS2s0GaQncqLvP'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, FDvseqmkwBUjoNZgqp1.csHigh entropy of concatenated method names: 'WxDHvvseqw', 'St8IM7A23JCRe0rsrLi', 'c26PTNAewe14xnKVkdn', 'FVpwHyAjUVQoeZkQUVi', 'SD9gYXAfFkPfhZxaqCZ', 'qUj2PEAzUxxpyHZMyNR', 'Dgls7IMRjUahQNCm8cm', 'fXvxFvMVBSqEwgtp0ou', 'wgFTtaMB2FBe470YNah', 'jjBGAiM9fKGxJdPirpf'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, YhPX2JAttI8RINZnZ6.csHigh entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'jNSUqItvKNC8AyXuLYr', 'Ps6lrmtT0G1kKwkLeTG', 'fc2CVjtO3Ly9VOg5bWH', 'CcOhmXtsr38aG1I9v3o', 'LN8umPtaOo3Hu5PTj6e', 'WIZu7Yt65lmQsU9DKm5'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, EnWxliak2oQYuupnive.csHigh entropy of concatenated method names: 'RINaAZnZ6J', 'j0OoPVY7sWCt0Op67E3', 'YtpMQgYhlVBVmfna1F9', 'tIWo9uYqjdwQPFxjeR4', 'NU1l4lY8WJolHJLlksK', 'eCYPjwYiOTj8yfSTw0U', 'QLw', 'YZ8', 'cC5', 'G9C'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, C67BguOzdiiqsGeSaeQ.csHigh entropy of concatenated method names: 'VlYXdOnjNp', 'jWPXM4VFBL', 'ih7Xv5phaG', 'LLe4i27nDEKRwIkeKYi', 'Eh6GLF7uq0APNlbQKtq', 'heuedR7KPidt6DB950u', 'CLEk1D7Na0MhS16cyFW', 'JdJWu67HnoFJVyiIkrA', 'LhIi0D73o3mCKyrrIja', 'nwpMhx7FANl9r1I4uG1'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, M4vNYNy66wGjtdSM6po.csHigh entropy of concatenated method names: '_7zt', 'SHMEQaZ6pc', 'YVnEbHRquP', 'FRVEjUQ7wb', 'GwXEeTEhyi', 'at3EVXhLJx', 'N12ETsQf8q', 'g4El5ViqUHHNfTKu9rC', 'BYvnqSi8R30Wqc5KgIE', 'yxnbPKi0JpbTm2Ej1BW'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, JfrKuFHsZNtOqvNM0Co.csHigh entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, GHVcie0MmULaONBty73.csHigh entropy of concatenated method names: 'drPhK2oeh9', 'f0whXa7HO7', 'HXqh3kWLDS', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'OSJhGkR4o6'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, ew63JKY1CiMnZfNPEn.csHigh entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'rUyiKw9LHX04khhKqLV', 't24dAX9ZEP9tm0F4d3h', 'kADClD9D1Oex0EYsvTw', 'mAZ8aY9KvR1Ij9Uyrms', 'EGhhC69Nx0CVGNl0HJl', 'dVNrSO9n2dnKyWRtC7O'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, NF7WLlStdWsFXqpjDt.csHigh entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'xKtxSryHNnDiGIhx6tH', 'MvTmDHy3cutBvobUIP9', 'wljgs4yFOYPj2LwL5Sf', 'BD8MRcyd5alIKkcqqUa', 'VAkYVjyp2vSbdbDj9Yq', 'CiSn4FyGxVhYsZxScB3'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, vgYy0ZHhWOfM3iUXUdx.csHigh entropy of concatenated method names: 'PYjoDHxRFg', 'XTUo8qvjdn', 'UdfoL3gj3B', 'gywoqbXJ6s', 'mlEoleZbc5', 'bJFh0lZv5pBvbGX5dBq', 'tkeYDZZiwHQD5vWauGc', 'gpQl8aZxGMg1WZH1CrH', 'FWtZ9OZTMged2nsXsto', 'oPccTxZOCNULG9FME52'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, kX3SxSaNFlKodglsQL1.csHigh entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'lI1tdScRjyknXlbLW1m', 'oKsRDocV5LNgul2X0KA', 'lt1jnScBKsRC8Nfg6It', 'TvNWblc9c5yIcGH94rV', 'XqsZy3cyN3AyZ6txeNP', 'adbgGXctwlbdO9Ugupx'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, baYrhAOQ8tHFrFkoH4H.csHigh entropy of concatenated method names: 'CiNKFiO8FK', 'xZgK96DO1c', 'RjQK2LE0w8', 'tND0DBrHltVjjKYKdCe', 'ghgLrtrnJeB0f4sS6vO', 'c38qq6ruL1fuCgusPdT', 'nwZayGr3TddHFk1Rnly', 'xIeK0rTdRo', 'DVIK4d7aJ1', 'wBKKpo6cLL'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, v9DMJtmYa3lXTywSQqC.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'NJBHkb5VoW', 'drcHJYV9DM', 'HtaHW3lXTy', 'mSQHYqCqgS', 'KRxHDZyyf3', 'MxPLq0MmpeysG6LXpof', 'AZG42qMYQKISnC3KbJY', 'tlxPZpMS1lUXJDePvYc'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, vyhBvyaHPjk7CA5wG1Q.csHigh entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'nkeGRa1FO2XxXJRT2Q9', 'O22XSK1dNfOPEdicV67', 'SL2iNv1pQHWQUMDiFEg', 'PAnwcD1GC700Srkitny', 'cCxnGf1wx6gwO2k72MR', 'Em9lK81lfAdY7g0cfBJ'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, MaCyE6a38kLsjZ1UZds.csHigh entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'gpl5PGS4dhtmSp0Cm5b', 'wTmR06SUtjrqKSoMyU4', 'KrrfRDS0Z02ssLHWZIc', 'e4jg4TSr1pkU8WEB6gY', 'bVNHQmSqM5RtbfD0Qdm', 'I9W67xS85TW8U01JdUM'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, RLQ2DGOP2FD3T9fiYdo.csHigh entropy of concatenated method names: 'MqcSHp7Z6bECoP6UoQc', 'rdCRrw7D0uNR34MqcI5', 'LKNnUi7Q5Hugbl3p1Sw', 'g9MZ687L9O381PG3QRF', 'IWF', 'j72', 'ksfX20TaR6', 'MIUXNy3OiI', 'j4z', 'mxqX6hmpQ3'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, PEqsn9aKWioLWYZHsBj.csHigh entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'KAiZYlSSSQVyWP9wB9L', 'fug0c5Scc1o9dfaZSxp', 'NMhLOrSmIhklHwPyita', 'c08IRaSYLYFY6PDZrkg', 'zni4WlSg1brAxnW98nE', 'CMG9BBSPCluv41QqZ0N'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, mL9cTBaZSquppO1akcG.csHigh entropy of concatenated method names: 'ud6mVhQxSE', 'MsnmT9WioL', 'HYZmoHsBjj', 'V3GtiXPgo565QutZbjY', 'FlODb3PmEImQ9h71pXw', 'lXq8ESPYCpN8PgHRmTk', 'b2YeoxPPljIKyPoVH6H', 'RZ8GYpP5SoybBmSb4uD', 'cI9FToPbgQe82OnSrS1', 'xcGbbnPWoP4U0Rlg3jT'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, wyCUFMaQHEmu8qswV5Q.csHigh entropy of concatenated method names: 'fnTavNVQCc', 'ai8vX6cMoAFYPJSBkr4', 'f9dnmbcEdKqrpiBMSTf', 'wL9QO1cXO8CKEjomobY', 'vkQ6nPcAj95qbZy6EkL', 'Cuywsmc40caFf0qYhVO', 'C3qqNucU31X92GAIdCL', 'UpLw2mc0949FQJXuAoO', 'FZpAsFcr4D7frrBFvUq', 'f28'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, KaS3y4aYEAMPTdqr0TA.csHigh entropy of concatenated method names: 'itEainiSbu', 'Ap3rI1YZu2xrGVane0q', 'KvtmEZYDpJxp4gTDYfA', 'X2r83mYQhdGvsG6osKd', 'g0ln4oYL98PI3iNe1FK', 'yrwi9kYKvRFdM3Yndpn', '_3Xh', 'YZ8', '_123', 'G9C'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, SRkpZtaaM4SieWmC3h4.csHigh entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'd4rI6m14iaNIksLMZ65', 'YV0Gw31UPLZvFqxbgB4', 'XOZdXm102gXeOrgySWB', 'kWHnXp1rCicHwhBQ4TA', 'Je4lSd1qJXGgF8uXa4u', 'UgPKmY18ieIlvpEFF7U'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, L8EfPg0haMlLQNup7b9.csHigh entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, bX9w0bBJDIlXEvLJx8.csHigh entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'IA2Jjbt1xLDSIbX0bCN', 'M3j6HAtSXUmVpTXTXGm', 'bPGxSxtc8Y6DdOPU5j3', 'ESeTQUtmEr3bUVbSHpB', 'tbDR0ytYp0aMnqJjjDV', 'z0Z1ohtgPJw6EgHfioj'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, Hg3fDXOgZ4C6FtCmS9i.csHigh entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'LAIX39whE8', 'JyQiT5gvR2', 'zi9XGSY4pR', 'rRBi4Zstgp', 'QJQxYM8DV41vwOmoquS', 'lEQb538KyanmJqKm2k0', 'QZe26Q8LAouw6coabIs'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, OsXtcKyRbxwwJZHGsf0.csHigh entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'fV6uFecuOf', 'buFu9Qw4UZ', 'r8j', 'LS1', '_55S'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, rO2Y6bacTwUsbIPi24J.csHigh entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'ufp5QrcddsE1UIlZtpc', 'WM5fWecpel11vG8QaUq', 'sDB3hbcGK9AonxIR5Bq', 'y7UeCUcw7H7vMV1oAEv', 'JH3Oc8clsIR2gWxM6Uo', 'jgiccfcoQea6IBhJLdQ'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, TaKxNgOXDfBWl81LOax.csHigh entropy of concatenated method names: 'pTRpxmnNIK', 'FxYpk5gPKf', 'lYDpJ10n2b', 'AYRfVA0W8ammCPn7GKT', 'Uc21rq05iV9GCGf9EVK', 'oAC6rt0bK0bEshlmwE9', 'U6jTxu0kPSjlVRnJHPD', 'GR4pFtt7pw', 's3Pp9NacnT', 'tMjp2j4gE1'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, kLA8y1mVcMRImFWnmng.csHigh entropy of concatenated method names: 'm6LyjpWKUF', 'NuayeNEDQh', 'XhbyV21ITj', 'rd5yThaVXZ', 'okpyoJpS4x', 'NWo5iFXR82g46VsHukt', 'A3Y7eDXVs8oByOl34wx', 'wDwv9kkeP1d3FT0D9A2', 'LNGIy4kz6ZQy3L7tjv7', 'nKrboJXBulg9rKCMlAV'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, nqCPI9dVxN5OIosCd7.csHigh entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'QNN94RBg1PEgosgpIkJ', 'rYjVTABPOh2MQdgcAWr', 'wWwWVKB5su0siEkdcsY', 'aTXOJGBbVM7d9H1Lm7n', 'DwbSPOBWxypuy4CERHR', 'G04Bv7BkTEjf8hFAM5S'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, Vya3o7mMxMRGofdtKUY.csHigh entropy of concatenated method names: 'A5RyiQ7rTL', 'WeNyZWqc9K', 'ngvyzlhDeY', 'kB4H5JLGRZ', 'KGLHaipbiy', 'z9qHmn2rKx', 'lNBHOu44NY', 'r30HyagcWw', 'pGqHH3GLA8', 'BEdd61XJt37t5RZs2yC'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, KgoQdKyKgVx0akKguJg.csHigh entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, PxCKSfOySaLxpLpoytV.csHigh entropy of concatenated method names: 'sCe4q1MEHm', 'MPC4lnxNvV', 'OLi4tglObG', 'wxy4rs8D24', 'H0I4S0u7Qa', 'nL14f9ZbNP', 'UDuKPU4Tia8JTDsuTHH', 'i7oyp24xERpin35sxo1', 'VEPWFG4vIfDmILBS7ny', 'ih069p4OwcASXCGAPH0'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, DEFqEoHO3EXg98RHjG8.csHigh entropy of concatenated method names: 'jscVM76qjJq7a2ft9kP', 'rL9fPj68DHa8B5Z9P8E', 'pbEiDF60BQf0JcmuwnX', 'nPdaM76rNFTAbGHGZNi', 'sDbbol6Eun', 'ChN8en6i6L4IbHCDtfd', 'VtYmM96x2BNWZLqARdl', 'eXdW8167CHoVO0mQ6uo', 'GP76aa6hM3T473ARWBD', 'rvCWsi6vFQxU6LSq5Vy'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, utPAkW0xy6H38Tx3NjC.csHigh entropy of concatenated method names: 'gvyYVhHy8yGKv5oUMfl', 'HxiZVgHtwQ5Na7kYrTP', 'VjxV44HBjEUcpNBUAjG', 'NrsX4cH9lLknBnvEJWj', 'lwEhkxsDJ0', 'WM4', '_499', 'c4ZhJgrCT1', 'XK5hWs4haF', 'ViYhYDkEM0'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, dIpulgaU5g1UcsrHg2Q.csHigh entropy of concatenated method names: 't0LarVcZPr', 'Imo2AeYBBg2Hl1kMJuH', 'KweZO9Y9MHIAmLsTFCL', 'redkf7YRn7dv5i4TBWe', 'IhiVGDYVp6DgiIBqwVZ', 'pFegUrYyfCNbGxFweib', 'krpbxdYtGHGbPZ9Wrsf', 'Lxmn7LY1RWLjQDCsieO', 'K7YafHUa13', 'MYoIrJYmYsOlsQXJq5g'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, glfv8ZHUu9FCFGLp7rB.csHigh entropy of concatenated method names: 'TeaofdA7X7', 'AdGoBw3Jhu', 'iQLoRcY5Ne', 'mog8k5ZNmbts9UpBcbb', 'nvBcxiZDpkW9HF7eu5R', 'HrNn2XZKb508H8Xi86t', 'vUTon9ZnslskPYjxLJN', 'Yt9xJKZuEMfRrp5mMmw', 'osfs6mZHFI6088JeJhF', 'GF13QdZ3whJ4TghhTWm'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, orwOpDaPaoTgDmQFEy5.csHigh entropy of concatenated method names: 'rJpmQD3PaT', 'R3FdJaP12mLQ68x4qyh', 'sObiwQPSTVTMZa35lXJ', 'VYTLeKPyXQedNTEcPr5', 'Luh5oRPt0XpKs240TkF', 'QSDr61PcynprHKTwwax', '_5q7', 'YZ8', '_6kf', 'G9C'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, YhLwvym6LwQWlEBpj5Y.csHigh entropy of concatenated method names: 'aDyOzKw7Ba', 'JMjy5OnUe9', 'Mkyyajn78g', 'rXyymkvuQV', 'OUVyOoCm9r', 'mOpyyDaoTg', 'JmQyHFEy5K', 'buVy0ZhsC3', 'soIy43LLco', 'dk2ypAnT8f'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, fFxHrbatjrKUNEfYCKY.csHigh entropy of concatenated method names: '_2WU', 'YZ8', '_743', 'G9C', 'Nflfxtg15lvox6r89tq', 'pKBhIFgSJBRea5bsUpN', 'zgP4kogcxecZ4TyiVVB', 'MhFYLjgmBZfXYDkn3KV', 'foakW2gyFrwDwyWuZqE', 'HcnaEggtw4tQkesxXX6'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, NBqX6CJFHtfbQMZZ8o.csHigh entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'DX27qkB2dMIAcD1AZxy', 'YujAKABeVIUfsTJapBe', 'qwf4geBzTCt1UCJBQtr', 'GGta0w9Rfc6tkVjYhN4', 'YndEQA9VvMZa0l3kTxr', 'bwgap19B5N6IC18OgLN'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, eOSJpoOugwvd9aGR6iX.csHigh entropy of concatenated method names: 'm74plXt0gi', 'xUxptxcDoP', 'UXnprqq1Gb', 'KgopSQdKgV', 'VEyX0i0CA3b3YO8FvBY', 'tZ3d760Qp8ybkys0QyJ', 'FYLmUo0L7TXCCk4sQPH', 'EYpyt30apGaaeEIhDDd', 'RvcOIu06anRGTqwNcd4', 'JlNWnl0ZBQH458SR9Wh'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, YALnWc43BrrHpS0V6ec.csHigh entropy of concatenated method names: 'b2dVhUGGMv64J', 'WaiudAFkuOAiG56wefZ', 'm7rqqXFX9jbmrbHmaOg', 'OsdAvcFAXHqCY52f8gn', 'RIEq0KFMFG7TcXY3XGK', 'Cp3sXWFEhaq5HyBV7FZ', 'HRPLI6FboN9Un9xInEr', 'LcNgqhFW3V8Z31eC5Um', 'qYIphbF4hbtgilv179Z', 'oIsIg9FUWbidxAviGFV'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, UU6wmkHZx02O6yEbYXQ.csHigh entropy of concatenated method names: 'b4FcdEtf29', 'pyJcM2mAQ6', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'njNcvbRgxw', '_5f9', 'A6Y'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, WtocynOE4HM1UXIeqYv.csHigh entropy of concatenated method names: '_223', 'FuSWGZ0MDgsCPuE6NwF', 'NjxZ3C0ED9GoxAjLVew', 'rKBrgR049RpIt0Q3p8W', 'G8smNl0Uk2Kh9wcISBD', 'oWvKHb009IqvWCDSkFB', 'fA5gBd0rP1E2oyvC0TC', 'nwUGTC0qG1IITmJnXLi', 'pM1f3Y08BOfcDiB2KHp', 'n8W7c807tUYv8q0NcYV'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, yWXVOLaEihJpxi07oeZ.csHigh entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'V7rYeqSxKJHohg3NSay', 'pUWmtNSvweZLHMoUo4B', 'bZRxPFSTYaVtW2NievR', 'beeufZSO3wPdYZMftJf', 'p8QDSsSsYKCjxTHRdy6', 'O2byxlSascFZksOACPL'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, TWb4LZOBL50f61GxnNM.csHigh entropy of concatenated method names: '_9YY', '_57I', 'w51', 'FWiise77cI', '_168', 'XrOcEB8hWPN3P1UBWwn', 'DaOStH8iWDJ4m7mFmvT', 'VXZHOy8xPfw4SHf7D6J', 'kAX5Sn8vbxOwdj7I7MX', 'LDvZMb8TNSyYuBRVhdt'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, LbrI1XyoMBocJMtW8Bv.csHigh entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'utPw5AkWy6', '_3il', 'e38waTx3Nj', 'WjWwm4NAml', '_78N', 'z3K'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, witIrrOeJfEY3X4fvZx.csHigh entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'BSkepvqbK3GSj2nPrmt', 'fU8ZcdqWF4bDfHFHlYC', 'G5ZgZLqkku0r4hJLKOh', 'PXMmX9qXsV3NtNh5EfB'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, RfdbvSaLoIy1dNcbb2r.csHigh entropy of concatenated method names: 'HL5maXr5eG', 'CBmmms4eDF', 'gZ7mOuZXBc', 'ao72W0YlvBFMhFu058h', 'g9uaL0Yop3KqqRROnyu', 'lc5i6rYGLtmW8ZS9ygB', 'Gb1EpVYw1XY0EqaZTa5', 'I4q6fmYID85aY6jO7wN', 'jMcx8nYJwbbeIiPqBgm', 'kkBSsqYjtgyR2CbbEw4'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, nKcZg6yjDO1cBjQLE0w.csHigh entropy of concatenated method names: 'AuCExGiaIN', 'gBNEk6LIkD', 'z1EEJlnGsW', 'Sq8EWULCIX', 'EVdEYFBOh5', 'NRgSk4iQa8ShiTlDlyK', 'nPTwgeiLiwjNf3XBMYh', 'JTLAIii6PVyuhfy3nBA', 'BjZMWdiCC63sCJqAo8J', 'FQGfmWiZPYR41ByLIij'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, YxqOp7HKUf5bZiEKh3m.csHigh entropy of concatenated method names: 'LF9obERRb9', 'MDxojQ5177', 'hPPtqMLIBQqA4XjUBFU', 'zXHWliLJaik9PvWYo3p', 'k6Vk2hLj8I617oPooFl', 'A0I0ORLfe0SS8949wJS', 'kyyoI6L26k5p6xPyBVM', 'SCRY63LeUKIAq36JUbo', 'sRKIOPLzAYWj03jLPAJ', 't9BAnEZRAAxe95vKYWu'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, KPDfjZHDMSnPD80LDYG.csHigh entropy of concatenated method names: 'p9aNNrDtaTqCw6Emk1j', 'F4NuXyD1l2HDeRgKQc3', 'i1JhVcD9Xq02fZw6Lxk', 'OGVpMiDy8cA8UQSaG9b', 'hlhYMNDS60qjTM3pbfV', 'VOv7OXDc8qSnZxCqZCD', 'svZlKIDmPmkolxXPihd'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, gmfFAC0n9eeVHmNq55q.csHigh entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'eyQhcgqUlt', 'ynhhIUohH2', 'ANohhjmeho', 'fNbhdNkLhf', 'FWthMHB0hp', 'ovZhvfn9hM', 'YMsVP7uZDPd5q5ge15u'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, NrBQqL0muUynIESFV4h.csHigh entropy of concatenated method names: 'kIBIpa6MVZ', 'UxaIKobBS5', '_8r1', 'ETlIXMo886', 'YsFI376bse', 'YcrIGJaCfF', 'NNwIERdUBF', 'xE4Wd3NXsFPavFUuxDO', 'SwXVTgNA1CmuMGo64XR', 'NATAFpNMDHHPOQqcWuL'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, zNlUbFyECpnsDpnJtoP.csHigh entropy of concatenated method names: 'cCGGJSfRGU', 'A05GW6fdte', 'bAUGY6wmkx', 'f2OGD6yEbY', 'jQtG8FmnOk', 'SV0cSsheJ0yBxP3Z2fk', 'Y3qakrhz6V3Gtxx5LRy', 'y5tf5Ihfjer2oFZW3cl', 'ELxxgkh2iajYoI40LvW', 'b3fkpdiR1nAFZtEsDVU'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, TxHpok0WIWWuOnlBj9g.csHigh entropy of concatenated method names: 'jIUMYZrbmI', 'EitgGaHO3SEQ6d0WBIB', 'X7uRpxHsZahVupv7y6K', 'NlPEjJHvg6Wydo9uK71', 'YDPdTMHT6STPtERAPEo', '_1fi', 'LFTdgGRDVE', '_676', 'IG9', 'mdP'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, FmPsOgOtd5qLIYhhe3w.csHigh entropy of concatenated method names: '_5u9', 'm7jiQMTEPE', 'ERyX5XJw5K', 'xuhiX6tqqW', 'fCo4c2qfYEjW4xvmUe0', 'gbalstq2C1PpsOJGVqL', 'SZ3Itbqeeu4KsR2QGxU', 'wgv0OgqJ3X3XdPjGRsH', 'Rh3D5RqjNt1YeJFWFWt', 'RSmb3cqzK11qT9ma3TA'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, cGiDMSHMR5aXM1HiXTP.csHigh entropy of concatenated method names: 'POLotFP4d2', 'tXJorFmOnU', 'UVkoSi3xNH', 'O7s3T4ZQEVTrFSs4FNx', 'D9a9AjZ6BDBvAktvfW2', 'NFRXcTZCeq7VSL07nag', 'fvPaQAZLLJt680FGnkq', 'cZi3gXZZ7QJ4I6wKRrC'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, ON9Op5V44kY31YT7TY.csHigh entropy of concatenated method names: 'd8Do34deK', 'kcicwLPuT', 'h2IIjvF1m', 'f0QhsXdLq', 'XvjdPF3cC', 'gZHMQdWYG', 'cN3vZ92YA', 'sVD7NdVcQ3hACyWBW0P', 'IUTWF2VmrNogHVbqjV5', 'cn4U5hVYvvvyXkSqfuo'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, A7BSYvmmbAiq4yifMWR.csHigh entropy of concatenated method names: 'w7tmfCNdan', 'SATmByCUFM', 'eEmmRu8qsw', 'v5Qmgn3Pbm', 'YPTmslcniL', 'HSimAx6T5D', 'XKOStg5Mr2KFxvjplEL', 'fbUYEy5Eqm86guYdLdj', 'GXKlOF5XrIbukJTSRcj', 'yPylT35AZiei5V9u2bp'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, yUoUwXONflodC6d2xoh.csHigh entropy of concatenated method names: 'ldEpsOotFy', 'ntRpAmw0pp', 'gN3p1bv84U', 'TmWpPChNlU', 'sFCpCpnsDp', 'vIeHwTr1Fi5hwoc6hBw', 'jgKk1QrSVJdAidURM1f', 'fb5bWRryY0KiJ315OH7', 'KK4mbhrt1xx2KDadjBf', 'MbXI1qrcuRFTF3T30m6'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, J0hpQrmuXnIitsJc6Wc.csHigh entropy of concatenated method names: 'vKjOPRhiRJ', 'SI0pesW9WirAd3aY8mH', 'iprkErWyRSDND3BXsVT', 'OopVvEWVBHLNesHcJKh', 'aWiTEcWBmTexqW2s1cH', 'l2LYErWtLygVCgRmFoC', 'Ac6hqpW19GroDsQAKU0', 'mhNv1EWS41oCS9lFp8O', 'Frd43tWcxP4B6FSnqbp', 'pYTuYFWmrW7uY2yWu12'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, oZCvG54wWRBjDfkFnkO.csHigh entropy of concatenated method names: 'MRgCAxFi4pyiELnGYAn', 'nvvt6ZFx48urytFIyEu', 'V7CN25F7xjQSMBm62dY', 'zcY5f8FhxUIJnQSgLau', 'CGxnukNhs0', 'jKTsB2FOLu9vlOFcoXU', 'Rd51GUFsH99JSIdQUcR', 'f8isuFFaWqiVph4x7jh', 'tP9jD3F6bVHgg2ns9Xo', 'CpYGL2FCKGc1iJhxjwT'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, F0eFFnmKkJZhn55Zvys.csHigh entropy of concatenated method names: 'zNeO7uiZah', 'xlVOxdPnu0', 'YRfOkdbvSo', 'yy1OJdNcbb', 'prOOWxRapI', 'QnIOYWhyod', 'kr6ODxE7YT', 'I0d9jtb7omcYokV1kK7', 'B5LCmhbq3HNpY8sPkpn', 'WQNgy5b8HNeTWQUwVMM'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, FvUSi00RJHkOioJSRTM.csHigh entropy of concatenated method names: 'smGvVcSBap', '_1kO', '_9v4', '_294', 'RXJvTraoO5', 'euj', 'WauvoYrLC6', 'h42vc2ksyy', 'o87', 'fuevIo2wnp'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, DcgbdkHCFc0nwgXcgUH.csHigh entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'Gn6cTMG0CU', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, NpkSvBO9tY9bafnVL2t.csHigh entropy of concatenated method names: 'SPWpBWnPcB', 'Jh2pRguhaI', 'Sv2pgbABwJ', 'qTU82A0FbwDfCL1Q6B3', 'YuroYr0dcv7SHtHEyae', 'Heq4Xp0ppmFHQtY9EHt', 'Mdcw3u0GT78XWXrkYf0', 'vm9AD10wKpsPlisBQnk', 'uBaQAH0lV28IGqeR5qj', 'NQHY4W0osg0soBEe3dk'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, ElUjESmZQO5ijkocpJ4.csHigh entropy of concatenated method names: 'sKe4crgbNw', 'cH5Pc3Ewi1NFjX2LPUo', 'HlSjqtEpNoTjFTdWBOT', 'TXkeNDEGPahdMHNL9Mf', 'wVSF6VElXi4QpMAUVGQ', 'SWE6UdEoNH5lfOYrRH0', 'R5046iTwKe', 'uUX4Q41pXb', 'ymM4bmJd4k', 'Cmo4jqWDff'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, Q1DSX900iYSkfVne7XQ.csHigh entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, UJYcexH1uBfIbSBrvkp.csHigh entropy of concatenated method names: 'jdfcy3c5IJ', 'Tr5cHO8dB0', 'Y2Rc0a6ysi', 'nArc4VfmcZ', 'ixdcpk3K6b', 'iRdcKPGlEC', 'Ln3cXQxWYB', 'ey6c35LtKp', 'D87cGocUg4', 'gu1cEvjNIf'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, g80GQCIoZw6kAVuOrs.csHigh entropy of concatenated method names: 'at6kUkTKy', 'dMjJde88C', 'jhoWdnCTp', 'JTexFbVDbZuxL7Bmo7Z', 'HYVfafVLTWbaRB4qfMC', 'xtYhbpVZloUUUas7rYY', 'xuR6a1VKYE3YcX79PHC', 'I6b3VwVN2W2IcYANYuI', 'MtGSx6Vnxylf9Jyo7IV', 'd5lXmvVuy8xsxoYbuWK'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, m7BaDMaAjOnUe9lkyjn.csHigh entropy of concatenated method names: '_589', 'YZ8', '_491', 'G9C', 'gdPB74gGI7lIZN9LrRR', 'C0jW1YgwTb85ILcADrS', 'PdO8WXglgR9ZwX9XFca', 'YCoLx0go2nbnwxpSv4v', 'cjnjVSgIQ2OHB6Tewli', 'iGE3u6gJNSYywQ7Cr57'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, bmVAxyyP82jM9OnS3v7.csHigh entropy of concatenated method names: 'KFrFcDJLdB', 'LgAFhohT3D', 'up5FwDNCDr', 'NqEFuKSPcI', 'UGYFFDabFh', 'BGQF9kMAAY', 'SxYF2EQv6P', 'sKmFNEUr3r', 'TkVF6nmPsn', 'UqWFQoayBs'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, nTLoROOSeJQOKO9eeS1.csHigh entropy of concatenated method names: 'oYo', '_1Z5', 'wpqijCj0Ot', 'wNqXyLX2EG', 'qucifYmZbm', 'GgNo698bbSvjUjwOjxe', 'esZke38WIrt9T6gBd01', 'bapDSP8kwsRQPkUu1aQ', 'zuSCoV8X9WSEFK58BJV', 'jIeW1C8Amtcx5TiVf0r'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, N7KjFoahxcgut2HyOQs.csHigh entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'qp3DpRce0KEe8hh5r0u', 'o26kxxczUyVJ7Al0TQp', 'oiDLu0mR0x4EeWqFcj6', 'knvVLKmVO36ADpI2xPH', 'whLf7bmBbtlyKfaV6ug', 'l9mE7hm9xFbNdxFEQap'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, mGsjrXm5RJSD52pfjgS.csHigh entropy of concatenated method names: 'maPmcH1BLO', 'O42mICRSp3', 'MaCmhyE68k', 'BZjkoeP63nGAJjAlDTy', 'IPE3L6PCeAvZOkmci1a', 'PC9tlMPQ4Ejw9IkDKZ1', 'WBucHgPLcxuHC1oUXPK', 'wmWLBGPZ8yTdID9W2YV', 'AACfGlPDFGGaAJjOkbU', 'avIlY4PsxUg3yZZPOVQ'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, UI7bGZm8mCiwUqsNasr.csHigh entropy of concatenated method names: 'j3R0pqYeOx', 'U5p0KUr5iQ', 'xQuv5qMJQDIl3JqLJPW', 'O9ivsUMjXqv3VCpfd8P', 'i0urjSMoJfMMMh2k3Ld', 'EV6qryMIStggZaOvQTg', 'MUj02ESQO5', 'RXhd9hERcDnmgbjugWR', 'h3PDHfEVWSnu3a6o7P4', 'QnTNthMekLq3BwB8Yuk'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, XSa8OM0eybbwyS9PrRX.csHigh entropy of concatenated method names: 'AE4IbU6Cd0', 'pWmIjhFTly', 'bRxIegy2Id', 'iVBIVGVBVC', 'OXpITFKpHE', 'pH2AQoNfa1CMsPhVcZQ', 'lxRHGIN2Y9a3ADJhOEJ', 'XsZMDJNe1087P1TZoNy', 'aHp9eSNzIrmuMvHIo8q', 'MyccacnRfVNMdFpABIR'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, Q7lAFSm2hb6e6FsTIfS.csHigh entropy of concatenated method names: 'YPpOiia9oJ', 'eDoOZJiQiI', 'qE9ueJW4J5qsTBhiuYt', 'rwYpHGWUhjcVhwj1JGW', 'wVuhHmW0e6XD5bhZ8uC', 'HVST7kWrVhCrWfhwUxR', 'CyFmhgWqkD3xdaBYAw3', 'RX8NgGW8NGlSf6sPutt', 'z5h4oQW7XpSo4dTMlX5', 'PBTjrFWh9Pb1fSKfXLX'
              Source: 0.3.Modrinth.exe.2aa974c.0.raw.unpack, EDvKZXaTlB3bbN8yLqC.csHigh entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'HUwKPDcQnxc1TkTp0hw', 'GH1Qc4cLN4PI7xoilKp', 'ewQkK4cZpQhHbvsrt1y', 'Ltb4UfcDc8IZ6lxolJC', 'gNIQugcKFI14TobgOmy', 'IvpYXWcNbk7jnT5CSa9'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, jPaTnia40GWt9Coe6yO.csHigh entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'qiRZHj1J4NC7beQbQXK', 'NgaAbB1jRKel81QpJWU', 'T6ey7G1fXFGx6sK2gk0', 'h71wg212LsMLZtgUVit', 'KBsDg81ebU3E7lQLn0v', 'VwtuWo1zvXQUQqUYKmf'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, pbABwJy3EdEOotFyFtR.csHigh entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, IOnjNpyi3WP4VFBLKh7.csHigh entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, Xa39auae6dMXshb8a5I.csHigh entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'j989Rlc7wue7C4kxZP3', 'MrVhfLchwVuVGlbK3mq', 'Qx15hNcitWqMiMYYMC6', 'rWEiKocxLBfd4PWrD3L', 'W80QoWcv4BUhYpx5AOR', 'V7paBccTwYZ2Dt58cOu'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, oouYjcOoPmjrIkWamvv.csHigh entropy of concatenated method names: 'c6YK7Kf2Gg', 'SOMKx0X9Ly', 'SXLe8bqELooqIGhwlyl', 'Hguw4rq4RUUGpVCrGEk', 'GXNnlTqAy9GqD0oJWDj', 'LNeSbTqMpUQnLRW53pk', 's6vqe0qUEhrpgj0aX2s', 'xKf4Rkq0FptPTlScKfK'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, JBFZpRnYyR185c99D9.csHigh entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'Sxn8yMZD2', 'uDXe1OB4PeEwZVybgTR', 'HkocfjBUShjtZygTKvA', 'laSPGlB0OhMiZYIYp4M', 'v7ouDOBrASg4eN5Tspd', 'LI4gInBqYFcgGZQWcW1'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, tDUgcN4cgsla2FKvWQI.csHigh entropy of concatenated method names: 'ziPnogSufS', 'YkgncXSsLT', 'pJNnIOplt5', 'cspnhe0fAX', 'b8jnddn1a6', 'uaenMagvy0', 'SN6nva4vWE', 'x0gnU37YjL', 'NESnnObaxL', 'VnWn7NCBeH'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, ehi0Ar05rwO3rBy5vDQ.csHigh entropy of concatenated method names: 'NnYcrQZwNB', 'rD8cSIqcmm', 'UIlcfceKps', 'gxQcBUYWv1', 'n54cRmT1BQ', 'rkFcgTjThU', '_838', 'vVb', 'g24', '_9oL'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, rhM4tbyHGGaiSwWCOii.csHigh entropy of concatenated method names: 'sLyG2v2GjU', 'qhAoA0hEMdjELBiBxbJ', 'ocRb5xh4kvrV7eGyGV2', 'eGvPqqhAVS4fWLdoW6l', 'PQlwgrhM6ONhtoQPoIS', 'w6fXUaf8SK', 'GHAXnDBgDs', 't1UX7D1p5S', 'YykXx5KOQn', 'T97XklAAx5'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, pK4i05auqbqWopsKsKe.csHigh entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'yXMa7tSK73PIWQTFjaa', 'eKydheSNL2Vryrp8Y3b', 'N5Hw6YSncC2leDxBC3T', 'hioR8GSufvAhlwBQFk8', 'e2E9DFSHAPMLmvnqRZg', 'zbIWLDS3QDaxRawpl2y'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, RQkNuuH7giMLOmlQjLZ.csHigh entropy of concatenated method names: 'oTAos8IXNY', 'sUNoAqLXkj', 'tfqo1yVqmB', 'cBHoPV4Ya5', 'NBtoCcKSvC', 'lLFoipSwjI', 'h435C2Zp7ldb00nwovG', 'QK1GMjZFEREncwFKIlT', 'P79URJZde3G7PNfjPnd', 'HHDU0oZGvAeX232QQ1E'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, fUGbdqtY2ANHoqXkSw.csHigh entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'iHRT2hyMPNtIlRtBXJu', 'leGoNgyEUQZH2sUYRDD', 'JPo0A8y4xcXBbcqsmPy', 'mn19d1yU6jNn2rCUowj', 'yCeHa4y0EMI0gOSeoDc', 'ct4LJnyrh7FKUVKT2BG'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, y0lMUJyhu6CbIcl54jf.csHigh entropy of concatenated method names: 'AwGwxihbh3', 'uuFwksYJEj', 'R4SwJF1yE8', 'mS3wW4trZH', 'RWtwY77dlh', 'JKI0Kix4GfJlFBdtFtV', 'yWU9hnxMUjeNs2t77dR', 'a4pKEHxEPMbm0bdUJNv', 'QECyJ7xUfw5TpSb8w0f', 'TBJYgEx0Ky5ErpBRgOn'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, AAlQZwiJL5Xr5eGvBm.csHigh entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'oYjvQttIPcTGSksMQXP', 'eRnb4OtJwwTItDbVxt9', 'WOqjnotj19SGc3Nncbd', 'HK5sT0tfE4HDbyITp84', 'Vdisfmt2jxT8PVUTo8p', 'YB7HEQteEnAmC5RTf2f'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, e2g5aG0crcxKeJBRoyR.csHigh entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, X2icxDaO12aiUd80oHk.csHigh entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'g19bRf1OghoyYMl3X4u', 'E7If4P1s5jpLRphRyLW', 'sMRaUp1a3viAxylWWqj', 'UC9C3516Ecu1eRm1knu', 'J8Agea1CM26Sy5umLeD', 'SeEaUk1Qa4gw3Ssd7LB'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, yerTdRy2onVId7aJ1TB.csHigh entropy of concatenated method names: 'Jf3EyBHhZ8', 'bUqEHjjnLH', 'zT3E0GCpqG', 'HcCSKUiAGIqNf63wOKD', 'u2xGW6iMUsWMDVJcemg', 'DW37SrikmEKno1X3ibR', 'CCaUNDiXkjk9gqZlpb5', 'eTjEj0iEx1GhTB0b2Ox', 'pueZHwi4Ysifju4XUbq', 'i33LCiiU3BIEJF8h3a1'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, jvGrunOatM8gGptbr4c.csHigh entropy of concatenated method names: 'R3j4vfIKmq', 'nCE4UtyXAs', 'HMd4nWbTxb', 'FPx47epZ0M', 'tGqroEEzHXCOZD1xYfj', 'CZIedaE2oEpXtC2tuY1', 'UG5o6sEelNpYrdQ8JFF', 'NeKsPr4RcA7lIOFbV9p', 'Eq5gEr4VbK3nCyjGgrx', 'wGhBMZ4BUoLfiMdhaR8'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, MNuq87gYHUa13y8H92.csHigh entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'NsFhvgtkaB3brEOQFho', 'aP8GcMtXp1eu6UWHknn', 'Hdt0g3tAoMFLaWwM1Fe', 'kQO2jhtMiCEMsS5Ibgt', 'vScu6atEFEHTbgboLUu', 'msDh3dt4HGJNTg8surA'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, z3DOHTyA3lEDNf5oxRY.csHigh entropy of concatenated method names: 'pwKuiLyPlf', 'RtFukTjeBp', 'CfyuJiXGq3', 'orAuWva9E9', 'p7vuYXwNFQ', 'kKDuDEK5ZT', 'd2eu8rcYG5', 'JHEuL3sWFf', 'Kq4uqVaRD0', 'e6aul2fgS1'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, cmTkICaBFHJIm7DYxk5.csHigh entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'KEXML9g0xdgt3JH0P67', 'V7u8UfgrsPd6n0KOHBu', 'o40BqxgqAx08MiHXTtw', 'EvAKO1g8PoIwBxJAZss', 'oLEtkRg76K7qAgcCpP1', 'NfipMKghPvtvW5fDUNS'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, HnHswkOq2f1bZvlIekv.csHigh entropy of concatenated method names: 'sg9', 'N8Kiq7RbuL', 'UNWKig7xpH', 'IT5i5epuAY', 'p7RnZSqpbJC5u1vFBXF', 'sZtd01qGndaWaCmjAR5', 'T5UGP0qwbXlAiYXt0Fr', 'KFhvHqqF5xwTGeWDU3d', 'At780Aqdjm2kedojLRC', 'Ac4hjcqlZZsww5HCNOS'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, QWFNpB8gAYSNtrLHBq.csHigh entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'hge4Hn9jcfFpcbPRemt', 'hdifgZ9fZXWm7mSPrYx', 'KvelKy92i2mxEyJZdaP', 'ttGQSi9eMie00EKIu3R', 'AQAxXl9z511kcCWXNa3', 'yq1DJxyRtftRKrfYVjE'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, CZ9h0Z44gkQdFuZ5VE.csHigh entropy of concatenated method names: 'oh0wZ4gkQ', 'Mx4mnx69Td7sIJMHYw', 'yyC5NXsX2MM4yfy0Em', 'Bc3wteajJed89ml85x', 'OOxNPnCv9abwcEhbbi', 'AhYiDIQirO5wKRJP1b', 'P09m50WD2', 'B0TOGdG7k', 'tqOyJt0pb', 'su7HLnDU4'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, tRhiRJagZIFjUJYiZPp.csHigh entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'm5e1Nwga0WBFGURebZO', 'IADl1rg6AyOyIUux4Uh', 'yL0qw6gCo3PqysfdaAI', 'DV2J38gQgvPAxDOC81A', 'kbHt9PgLpDQp1AutwXs', 'YRC4uBgZQHnonYQqwug'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, SvlhDembYGB4JLGRZLG.csHigh entropy of concatenated method names: 'GchywuGsjr', 'jRJyuSD52p', 'jYbksuk7Dm1uTtVCUdw', 'SumgaMkhaXWpg4HyjXc', 'Yuo9ItkqXD6UhZ1ZO87', 'Quo860k8WxGwMdrr30Q', 'wbhQaTkiiUipmNgCQCg', 'ub6NAVkxAnYYK2iiDPJ', 'QaNiBnkvHq7nS9W8mcQ', 'AUvIyXkTtV3P1CtOONK'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, eRlfJjaMeelFTnNKSmO.csHigh entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'NHx2qCmLkDJ91FhbHUb', 'KWeSu3mZVwXDtjk5Z8D', 'dVgFxymD3Omt2Wfc4JF', 'lUYBcmmKyC09mLfEOIL', 'YWqDtbmNRsOPOsPKtrQ', 'xDgPDImnhjDTpppYFrN'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, ytAGk70tUHyr5NrLm62.csHigh entropy of concatenated method names: 'PJ1', 'jo3', 'xQZvKPiuGy', 'xLKvXNx8io', 'ztJv3qvMX3', 'EC9', '_74a', '_8pl', '_27D', '_524'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, ykDh1E0TlnGsWgq8ULC.csHigh entropy of concatenated method names: 'IGD', 'CV5', 'g38IoykCX7', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, fs2AfazSVDW7SCGUm1.csHigh entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'rSegpO19WmYBgYWa8y1', 'eUkcAM1y8atp0V0YYev', 'gjvVNf1tjdP2mZH1pi0', 'Iwa7IA119oEPixVRZId', 'xARb6y1Sfwg9BLgZXZC', 'b8SvsS1cRoGxDPcxHnY'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, E5uGIwHkQFsVkfeDTuX.csHigh entropy of concatenated method names: 'xN2c5d5cJa', 'qGqxvKZfO3eUpywdyds', 'miFIcIZJf97c2D5Yqae', 'hT6wCGZjWyuJoT5W10i', 'BNt3KiZ2OmODTP6q8cX', 'xksA2rZe9YPohUkYs86', 'L2t3MmZzVib2E4IkTtB'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, yrHKr0xBqBdvKUoEED.csHigh entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'S1rlnp3H2', 'mPTIwVBQLa7BOeDYVJu', 'A4B0yxBLGknoR9H0g9N', 'HVZTt5BZ4MkZmo6yInu', 'Jm68hdBDWjGFvhLc0O0', 'D9KGgHBKYkRh0ouVc1T'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, BrJmY0aS531i1G0qfyk.csHigh entropy of concatenated method names: 'NWWm3FRQqd', 'frBmG9X1di', 'qRf3EcgP3TnDROfqf4l', 'w9fXplgYc0tt5YnSTym', 'CV7YlqggfTegsd1ybdN', 'xNDdyrg5xKOO04V3jm3', 'qAZWcWgbk612FwleRsP', 'aZeJQfgWUqtpa1CqqbH', 'OO6VFxgkJtugH6cqca3', 'W1BcHVgX0YZlPECBvoG'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, yaoNBCa9ypqycarcC13.csHigh entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'qeRhjeSouDRj7d344vv', 'PCxu8OSIs2QAZk61yXR', 'Y3uIUxSJnEvMnRpVedJ', 'HvR1r8SjsK57hN8S4Zd', 'QYHkJMSff1BBMMC1w53', 'sQaXmsS2s0GaQncqLvP'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, FDvseqmkwBUjoNZgqp1.csHigh entropy of concatenated method names: 'WxDHvvseqw', 'St8IM7A23JCRe0rsrLi', 'c26PTNAewe14xnKVkdn', 'FVpwHyAjUVQoeZkQUVi', 'SD9gYXAfFkPfhZxaqCZ', 'qUj2PEAzUxxpyHZMyNR', 'Dgls7IMRjUahQNCm8cm', 'fXvxFvMVBSqEwgtp0ou', 'wgFTtaMB2FBe470YNah', 'jjBGAiM9fKGxJdPirpf'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, YhPX2JAttI8RINZnZ6.csHigh entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'jNSUqItvKNC8AyXuLYr', 'Ps6lrmtT0G1kKwkLeTG', 'fc2CVjtO3Ly9VOg5bWH', 'CcOhmXtsr38aG1I9v3o', 'LN8umPtaOo3Hu5PTj6e', 'WIZu7Yt65lmQsU9DKm5'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, EnWxliak2oQYuupnive.csHigh entropy of concatenated method names: 'RINaAZnZ6J', 'j0OoPVY7sWCt0Op67E3', 'YtpMQgYhlVBVmfna1F9', 'tIWo9uYqjdwQPFxjeR4', 'NU1l4lY8WJolHJLlksK', 'eCYPjwYiOTj8yfSTw0U', 'QLw', 'YZ8', 'cC5', 'G9C'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, C67BguOzdiiqsGeSaeQ.csHigh entropy of concatenated method names: 'VlYXdOnjNp', 'jWPXM4VFBL', 'ih7Xv5phaG', 'LLe4i27nDEKRwIkeKYi', 'Eh6GLF7uq0APNlbQKtq', 'heuedR7KPidt6DB950u', 'CLEk1D7Na0MhS16cyFW', 'JdJWu67HnoFJVyiIkrA', 'LhIi0D73o3mCKyrrIja', 'nwpMhx7FANl9r1I4uG1'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, M4vNYNy66wGjtdSM6po.csHigh entropy of concatenated method names: '_7zt', 'SHMEQaZ6pc', 'YVnEbHRquP', 'FRVEjUQ7wb', 'GwXEeTEhyi', 'at3EVXhLJx', 'N12ETsQf8q', 'g4El5ViqUHHNfTKu9rC', 'BYvnqSi8R30Wqc5KgIE', 'yxnbPKi0JpbTm2Ej1BW'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, JfrKuFHsZNtOqvNM0Co.csHigh entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, GHVcie0MmULaONBty73.csHigh entropy of concatenated method names: 'drPhK2oeh9', 'f0whXa7HO7', 'HXqh3kWLDS', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'OSJhGkR4o6'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, ew63JKY1CiMnZfNPEn.csHigh entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'rUyiKw9LHX04khhKqLV', 't24dAX9ZEP9tm0F4d3h', 'kADClD9D1Oex0EYsvTw', 'mAZ8aY9KvR1Ij9Uyrms', 'EGhhC69Nx0CVGNl0HJl', 'dVNrSO9n2dnKyWRtC7O'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, NF7WLlStdWsFXqpjDt.csHigh entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'xKtxSryHNnDiGIhx6tH', 'MvTmDHy3cutBvobUIP9', 'wljgs4yFOYPj2LwL5Sf', 'BD8MRcyd5alIKkcqqUa', 'VAkYVjyp2vSbdbDj9Yq', 'CiSn4FyGxVhYsZxScB3'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, vgYy0ZHhWOfM3iUXUdx.csHigh entropy of concatenated method names: 'PYjoDHxRFg', 'XTUo8qvjdn', 'UdfoL3gj3B', 'gywoqbXJ6s', 'mlEoleZbc5', 'bJFh0lZv5pBvbGX5dBq', 'tkeYDZZiwHQD5vWauGc', 'gpQl8aZxGMg1WZH1CrH', 'FWtZ9OZTMged2nsXsto', 'oPccTxZOCNULG9FME52'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, kX3SxSaNFlKodglsQL1.csHigh entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'lI1tdScRjyknXlbLW1m', 'oKsRDocV5LNgul2X0KA', 'lt1jnScBKsRC8Nfg6It', 'TvNWblc9c5yIcGH94rV', 'XqsZy3cyN3AyZ6txeNP', 'adbgGXctwlbdO9Ugupx'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, baYrhAOQ8tHFrFkoH4H.csHigh entropy of concatenated method names: 'CiNKFiO8FK', 'xZgK96DO1c', 'RjQK2LE0w8', 'tND0DBrHltVjjKYKdCe', 'ghgLrtrnJeB0f4sS6vO', 'c38qq6ruL1fuCgusPdT', 'nwZayGr3TddHFk1Rnly', 'xIeK0rTdRo', 'DVIK4d7aJ1', 'wBKKpo6cLL'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, v9DMJtmYa3lXTywSQqC.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'NJBHkb5VoW', 'drcHJYV9DM', 'HtaHW3lXTy', 'mSQHYqCqgS', 'KRxHDZyyf3', 'MxPLq0MmpeysG6LXpof', 'AZG42qMYQKISnC3KbJY', 'tlxPZpMS1lUXJDePvYc'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, vyhBvyaHPjk7CA5wG1Q.csHigh entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'nkeGRa1FO2XxXJRT2Q9', 'O22XSK1dNfOPEdicV67', 'SL2iNv1pQHWQUMDiFEg', 'PAnwcD1GC700Srkitny', 'cCxnGf1wx6gwO2k72MR', 'Em9lK81lfAdY7g0cfBJ'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, MaCyE6a38kLsjZ1UZds.csHigh entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'gpl5PGS4dhtmSp0Cm5b', 'wTmR06SUtjrqKSoMyU4', 'KrrfRDS0Z02ssLHWZIc', 'e4jg4TSr1pkU8WEB6gY', 'bVNHQmSqM5RtbfD0Qdm', 'I9W67xS85TW8U01JdUM'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, RLQ2DGOP2FD3T9fiYdo.csHigh entropy of concatenated method names: 'MqcSHp7Z6bECoP6UoQc', 'rdCRrw7D0uNR34MqcI5', 'LKNnUi7Q5Hugbl3p1Sw', 'g9MZ687L9O381PG3QRF', 'IWF', 'j72', 'ksfX20TaR6', 'MIUXNy3OiI', 'j4z', 'mxqX6hmpQ3'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, PEqsn9aKWioLWYZHsBj.csHigh entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'KAiZYlSSSQVyWP9wB9L', 'fug0c5Scc1o9dfaZSxp', 'NMhLOrSmIhklHwPyita', 'c08IRaSYLYFY6PDZrkg', 'zni4WlSg1brAxnW98nE', 'CMG9BBSPCluv41QqZ0N'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, mL9cTBaZSquppO1akcG.csHigh entropy of concatenated method names: 'ud6mVhQxSE', 'MsnmT9WioL', 'HYZmoHsBjj', 'V3GtiXPgo565QutZbjY', 'FlODb3PmEImQ9h71pXw', 'lXq8ESPYCpN8PgHRmTk', 'b2YeoxPPljIKyPoVH6H', 'RZ8GYpP5SoybBmSb4uD', 'cI9FToPbgQe82OnSrS1', 'xcGbbnPWoP4U0Rlg3jT'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, wyCUFMaQHEmu8qswV5Q.csHigh entropy of concatenated method names: 'fnTavNVQCc', 'ai8vX6cMoAFYPJSBkr4', 'f9dnmbcEdKqrpiBMSTf', 'wL9QO1cXO8CKEjomobY', 'vkQ6nPcAj95qbZy6EkL', 'Cuywsmc40caFf0qYhVO', 'C3qqNucU31X92GAIdCL', 'UpLw2mc0949FQJXuAoO', 'FZpAsFcr4D7frrBFvUq', 'f28'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, KaS3y4aYEAMPTdqr0TA.csHigh entropy of concatenated method names: 'itEainiSbu', 'Ap3rI1YZu2xrGVane0q', 'KvtmEZYDpJxp4gTDYfA', 'X2r83mYQhdGvsG6osKd', 'g0ln4oYL98PI3iNe1FK', 'yrwi9kYKvRFdM3Yndpn', '_3Xh', 'YZ8', '_123', 'G9C'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, SRkpZtaaM4SieWmC3h4.csHigh entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'd4rI6m14iaNIksLMZ65', 'YV0Gw31UPLZvFqxbgB4', 'XOZdXm102gXeOrgySWB', 'kWHnXp1rCicHwhBQ4TA', 'Je4lSd1qJXGgF8uXa4u', 'UgPKmY18ieIlvpEFF7U'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, L8EfPg0haMlLQNup7b9.csHigh entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, bX9w0bBJDIlXEvLJx8.csHigh entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'IA2Jjbt1xLDSIbX0bCN', 'M3j6HAtSXUmVpTXTXGm', 'bPGxSxtc8Y6DdOPU5j3', 'ESeTQUtmEr3bUVbSHpB', 'tbDR0ytYp0aMnqJjjDV', 'z0Z1ohtgPJw6EgHfioj'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, Hg3fDXOgZ4C6FtCmS9i.csHigh entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'LAIX39whE8', 'JyQiT5gvR2', 'zi9XGSY4pR', 'rRBi4Zstgp', 'QJQxYM8DV41vwOmoquS', 'lEQb538KyanmJqKm2k0', 'QZe26Q8LAouw6coabIs'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, OsXtcKyRbxwwJZHGsf0.csHigh entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'fV6uFecuOf', 'buFu9Qw4UZ', 'r8j', 'LS1', '_55S'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, rO2Y6bacTwUsbIPi24J.csHigh entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'ufp5QrcddsE1UIlZtpc', 'WM5fWecpel11vG8QaUq', 'sDB3hbcGK9AonxIR5Bq', 'y7UeCUcw7H7vMV1oAEv', 'JH3Oc8clsIR2gWxM6Uo', 'jgiccfcoQea6IBhJLdQ'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, TaKxNgOXDfBWl81LOax.csHigh entropy of concatenated method names: 'pTRpxmnNIK', 'FxYpk5gPKf', 'lYDpJ10n2b', 'AYRfVA0W8ammCPn7GKT', 'Uc21rq05iV9GCGf9EVK', 'oAC6rt0bK0bEshlmwE9', 'U6jTxu0kPSjlVRnJHPD', 'GR4pFtt7pw', 's3Pp9NacnT', 'tMjp2j4gE1'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, kLA8y1mVcMRImFWnmng.csHigh entropy of concatenated method names: 'm6LyjpWKUF', 'NuayeNEDQh', 'XhbyV21ITj', 'rd5yThaVXZ', 'okpyoJpS4x', 'NWo5iFXR82g46VsHukt', 'A3Y7eDXVs8oByOl34wx', 'wDwv9kkeP1d3FT0D9A2', 'LNGIy4kz6ZQy3L7tjv7', 'nKrboJXBulg9rKCMlAV'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, nqCPI9dVxN5OIosCd7.csHigh entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'QNN94RBg1PEgosgpIkJ', 'rYjVTABPOh2MQdgcAWr', 'wWwWVKB5su0siEkdcsY', 'aTXOJGBbVM7d9H1Lm7n', 'DwbSPOBWxypuy4CERHR', 'G04Bv7BkTEjf8hFAM5S'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, Vya3o7mMxMRGofdtKUY.csHigh entropy of concatenated method names: 'A5RyiQ7rTL', 'WeNyZWqc9K', 'ngvyzlhDeY', 'kB4H5JLGRZ', 'KGLHaipbiy', 'z9qHmn2rKx', 'lNBHOu44NY', 'r30HyagcWw', 'pGqHH3GLA8', 'BEdd61XJt37t5RZs2yC'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, KgoQdKyKgVx0akKguJg.csHigh entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, PxCKSfOySaLxpLpoytV.csHigh entropy of concatenated method names: 'sCe4q1MEHm', 'MPC4lnxNvV', 'OLi4tglObG', 'wxy4rs8D24', 'H0I4S0u7Qa', 'nL14f9ZbNP', 'UDuKPU4Tia8JTDsuTHH', 'i7oyp24xERpin35sxo1', 'VEPWFG4vIfDmILBS7ny', 'ih069p4OwcASXCGAPH0'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, DEFqEoHO3EXg98RHjG8.csHigh entropy of concatenated method names: 'jscVM76qjJq7a2ft9kP', 'rL9fPj68DHa8B5Z9P8E', 'pbEiDF60BQf0JcmuwnX', 'nPdaM76rNFTAbGHGZNi', 'sDbbol6Eun', 'ChN8en6i6L4IbHCDtfd', 'VtYmM96x2BNWZLqARdl', 'eXdW8167CHoVO0mQ6uo', 'GP76aa6hM3T473ARWBD', 'rvCWsi6vFQxU6LSq5Vy'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, utPAkW0xy6H38Tx3NjC.csHigh entropy of concatenated method names: 'gvyYVhHy8yGKv5oUMfl', 'HxiZVgHtwQ5Na7kYrTP', 'VjxV44HBjEUcpNBUAjG', 'NrsX4cH9lLknBnvEJWj', 'lwEhkxsDJ0', 'WM4', '_499', 'c4ZhJgrCT1', 'XK5hWs4haF', 'ViYhYDkEM0'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, dIpulgaU5g1UcsrHg2Q.csHigh entropy of concatenated method names: 't0LarVcZPr', 'Imo2AeYBBg2Hl1kMJuH', 'KweZO9Y9MHIAmLsTFCL', 'redkf7YRn7dv5i4TBWe', 'IhiVGDYVp6DgiIBqwVZ', 'pFegUrYyfCNbGxFweib', 'krpbxdYtGHGbPZ9Wrsf', 'Lxmn7LY1RWLjQDCsieO', 'K7YafHUa13', 'MYoIrJYmYsOlsQXJq5g'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, glfv8ZHUu9FCFGLp7rB.csHigh entropy of concatenated method names: 'TeaofdA7X7', 'AdGoBw3Jhu', 'iQLoRcY5Ne', 'mog8k5ZNmbts9UpBcbb', 'nvBcxiZDpkW9HF7eu5R', 'HrNn2XZKb508H8Xi86t', 'vUTon9ZnslskPYjxLJN', 'Yt9xJKZuEMfRrp5mMmw', 'osfs6mZHFI6088JeJhF', 'GF13QdZ3whJ4TghhTWm'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, orwOpDaPaoTgDmQFEy5.csHigh entropy of concatenated method names: 'rJpmQD3PaT', 'R3FdJaP12mLQ68x4qyh', 'sObiwQPSTVTMZa35lXJ', 'VYTLeKPyXQedNTEcPr5', 'Luh5oRPt0XpKs240TkF', 'QSDr61PcynprHKTwwax', '_5q7', 'YZ8', '_6kf', 'G9C'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, YhLwvym6LwQWlEBpj5Y.csHigh entropy of concatenated method names: 'aDyOzKw7Ba', 'JMjy5OnUe9', 'Mkyyajn78g', 'rXyymkvuQV', 'OUVyOoCm9r', 'mOpyyDaoTg', 'JmQyHFEy5K', 'buVy0ZhsC3', 'soIy43LLco', 'dk2ypAnT8f'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, fFxHrbatjrKUNEfYCKY.csHigh entropy of concatenated method names: '_2WU', 'YZ8', '_743', 'G9C', 'Nflfxtg15lvox6r89tq', 'pKBhIFgSJBRea5bsUpN', 'zgP4kogcxecZ4TyiVVB', 'MhFYLjgmBZfXYDkn3KV', 'foakW2gyFrwDwyWuZqE', 'HcnaEggtw4tQkesxXX6'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, NBqX6CJFHtfbQMZZ8o.csHigh entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'DX27qkB2dMIAcD1AZxy', 'YujAKABeVIUfsTJapBe', 'qwf4geBzTCt1UCJBQtr', 'GGta0w9Rfc6tkVjYhN4', 'YndEQA9VvMZa0l3kTxr', 'bwgap19B5N6IC18OgLN'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, eOSJpoOugwvd9aGR6iX.csHigh entropy of concatenated method names: 'm74plXt0gi', 'xUxptxcDoP', 'UXnprqq1Gb', 'KgopSQdKgV', 'VEyX0i0CA3b3YO8FvBY', 'tZ3d760Qp8ybkys0QyJ', 'FYLmUo0L7TXCCk4sQPH', 'EYpyt30apGaaeEIhDDd', 'RvcOIu06anRGTqwNcd4', 'JlNWnl0ZBQH458SR9Wh'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, YALnWc43BrrHpS0V6ec.csHigh entropy of concatenated method names: 'b2dVhUGGMv64J', 'WaiudAFkuOAiG56wefZ', 'm7rqqXFX9jbmrbHmaOg', 'OsdAvcFAXHqCY52f8gn', 'RIEq0KFMFG7TcXY3XGK', 'Cp3sXWFEhaq5HyBV7FZ', 'HRPLI6FboN9Un9xInEr', 'LcNgqhFW3V8Z31eC5Um', 'qYIphbF4hbtgilv179Z', 'oIsIg9FUWbidxAviGFV'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, UU6wmkHZx02O6yEbYXQ.csHigh entropy of concatenated method names: 'b4FcdEtf29', 'pyJcM2mAQ6', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'njNcvbRgxw', '_5f9', 'A6Y'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, WtocynOE4HM1UXIeqYv.csHigh entropy of concatenated method names: '_223', 'FuSWGZ0MDgsCPuE6NwF', 'NjxZ3C0ED9GoxAjLVew', 'rKBrgR049RpIt0Q3p8W', 'G8smNl0Uk2Kh9wcISBD', 'oWvKHb009IqvWCDSkFB', 'fA5gBd0rP1E2oyvC0TC', 'nwUGTC0qG1IITmJnXLi', 'pM1f3Y08BOfcDiB2KHp', 'n8W7c807tUYv8q0NcYV'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, yWXVOLaEihJpxi07oeZ.csHigh entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'V7rYeqSxKJHohg3NSay', 'pUWmtNSvweZLHMoUo4B', 'bZRxPFSTYaVtW2NievR', 'beeufZSO3wPdYZMftJf', 'p8QDSsSsYKCjxTHRdy6', 'O2byxlSascFZksOACPL'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, TWb4LZOBL50f61GxnNM.csHigh entropy of concatenated method names: '_9YY', '_57I', 'w51', 'FWiise77cI', '_168', 'XrOcEB8hWPN3P1UBWwn', 'DaOStH8iWDJ4m7mFmvT', 'VXZHOy8xPfw4SHf7D6J', 'kAX5Sn8vbxOwdj7I7MX', 'LDvZMb8TNSyYuBRVhdt'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, LbrI1XyoMBocJMtW8Bv.csHigh entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'utPw5AkWy6', '_3il', 'e38waTx3Nj', 'WjWwm4NAml', '_78N', 'z3K'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, witIrrOeJfEY3X4fvZx.csHigh entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'BSkepvqbK3GSj2nPrmt', 'fU8ZcdqWF4bDfHFHlYC', 'G5ZgZLqkku0r4hJLKOh', 'PXMmX9qXsV3NtNh5EfB'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, RfdbvSaLoIy1dNcbb2r.csHigh entropy of concatenated method names: 'HL5maXr5eG', 'CBmmms4eDF', 'gZ7mOuZXBc', 'ao72W0YlvBFMhFu058h', 'g9uaL0Yop3KqqRROnyu', 'lc5i6rYGLtmW8ZS9ygB', 'Gb1EpVYw1XY0EqaZTa5', 'I4q6fmYID85aY6jO7wN', 'jMcx8nYJwbbeIiPqBgm', 'kkBSsqYjtgyR2CbbEw4'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, nKcZg6yjDO1cBjQLE0w.csHigh entropy of concatenated method names: 'AuCExGiaIN', 'gBNEk6LIkD', 'z1EEJlnGsW', 'Sq8EWULCIX', 'EVdEYFBOh5', 'NRgSk4iQa8ShiTlDlyK', 'nPTwgeiLiwjNf3XBMYh', 'JTLAIii6PVyuhfy3nBA', 'BjZMWdiCC63sCJqAo8J', 'FQGfmWiZPYR41ByLIij'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, YxqOp7HKUf5bZiEKh3m.csHigh entropy of concatenated method names: 'LF9obERRb9', 'MDxojQ5177', 'hPPtqMLIBQqA4XjUBFU', 'zXHWliLJaik9PvWYo3p', 'k6Vk2hLj8I617oPooFl', 'A0I0ORLfe0SS8949wJS', 'kyyoI6L26k5p6xPyBVM', 'SCRY63LeUKIAq36JUbo', 'sRKIOPLzAYWj03jLPAJ', 't9BAnEZRAAxe95vKYWu'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, KPDfjZHDMSnPD80LDYG.csHigh entropy of concatenated method names: 'p9aNNrDtaTqCw6Emk1j', 'F4NuXyD1l2HDeRgKQc3', 'i1JhVcD9Xq02fZw6Lxk', 'OGVpMiDy8cA8UQSaG9b', 'hlhYMNDS60qjTM3pbfV', 'VOv7OXDc8qSnZxCqZCD', 'svZlKIDmPmkolxXPihd'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, gmfFAC0n9eeVHmNq55q.csHigh entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'eyQhcgqUlt', 'ynhhIUohH2', 'ANohhjmeho', 'fNbhdNkLhf', 'FWthMHB0hp', 'ovZhvfn9hM', 'YMsVP7uZDPd5q5ge15u'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, NrBQqL0muUynIESFV4h.csHigh entropy of concatenated method names: 'kIBIpa6MVZ', 'UxaIKobBS5', '_8r1', 'ETlIXMo886', 'YsFI376bse', 'YcrIGJaCfF', 'NNwIERdUBF', 'xE4Wd3NXsFPavFUuxDO', 'SwXVTgNA1CmuMGo64XR', 'NATAFpNMDHHPOQqcWuL'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, zNlUbFyECpnsDpnJtoP.csHigh entropy of concatenated method names: 'cCGGJSfRGU', 'A05GW6fdte', 'bAUGY6wmkx', 'f2OGD6yEbY', 'jQtG8FmnOk', 'SV0cSsheJ0yBxP3Z2fk', 'Y3qakrhz6V3Gtxx5LRy', 'y5tf5Ihfjer2oFZW3cl', 'ELxxgkh2iajYoI40LvW', 'b3fkpdiR1nAFZtEsDVU'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, TxHpok0WIWWuOnlBj9g.csHigh entropy of concatenated method names: 'jIUMYZrbmI', 'EitgGaHO3SEQ6d0WBIB', 'X7uRpxHsZahVupv7y6K', 'NlPEjJHvg6Wydo9uK71', 'YDPdTMHT6STPtERAPEo', '_1fi', 'LFTdgGRDVE', '_676', 'IG9', 'mdP'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, FmPsOgOtd5qLIYhhe3w.csHigh entropy of concatenated method names: '_5u9', 'm7jiQMTEPE', 'ERyX5XJw5K', 'xuhiX6tqqW', 'fCo4c2qfYEjW4xvmUe0', 'gbalstq2C1PpsOJGVqL', 'SZ3Itbqeeu4KsR2QGxU', 'wgv0OgqJ3X3XdPjGRsH', 'Rh3D5RqjNt1YeJFWFWt', 'RSmb3cqzK11qT9ma3TA'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, cGiDMSHMR5aXM1HiXTP.csHigh entropy of concatenated method names: 'POLotFP4d2', 'tXJorFmOnU', 'UVkoSi3xNH', 'O7s3T4ZQEVTrFSs4FNx', 'D9a9AjZ6BDBvAktvfW2', 'NFRXcTZCeq7VSL07nag', 'fvPaQAZLLJt680FGnkq', 'cZi3gXZZ7QJ4I6wKRrC'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, ON9Op5V44kY31YT7TY.csHigh entropy of concatenated method names: 'd8Do34deK', 'kcicwLPuT', 'h2IIjvF1m', 'f0QhsXdLq', 'XvjdPF3cC', 'gZHMQdWYG', 'cN3vZ92YA', 'sVD7NdVcQ3hACyWBW0P', 'IUTWF2VmrNogHVbqjV5', 'cn4U5hVYvvvyXkSqfuo'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, A7BSYvmmbAiq4yifMWR.csHigh entropy of concatenated method names: 'w7tmfCNdan', 'SATmByCUFM', 'eEmmRu8qsw', 'v5Qmgn3Pbm', 'YPTmslcniL', 'HSimAx6T5D', 'XKOStg5Mr2KFxvjplEL', 'fbUYEy5Eqm86guYdLdj', 'GXKlOF5XrIbukJTSRcj', 'yPylT35AZiei5V9u2bp'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, yUoUwXONflodC6d2xoh.csHigh entropy of concatenated method names: 'ldEpsOotFy', 'ntRpAmw0pp', 'gN3p1bv84U', 'TmWpPChNlU', 'sFCpCpnsDp', 'vIeHwTr1Fi5hwoc6hBw', 'jgKk1QrSVJdAidURM1f', 'fb5bWRryY0KiJ315OH7', 'KK4mbhrt1xx2KDadjBf', 'MbXI1qrcuRFTF3T30m6'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, J0hpQrmuXnIitsJc6Wc.csHigh entropy of concatenated method names: 'vKjOPRhiRJ', 'SI0pesW9WirAd3aY8mH', 'iprkErWyRSDND3BXsVT', 'OopVvEWVBHLNesHcJKh', 'aWiTEcWBmTexqW2s1cH', 'l2LYErWtLygVCgRmFoC', 'Ac6hqpW19GroDsQAKU0', 'mhNv1EWS41oCS9lFp8O', 'Frd43tWcxP4B6FSnqbp', 'pYTuYFWmrW7uY2yWu12'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, oZCvG54wWRBjDfkFnkO.csHigh entropy of concatenated method names: 'MRgCAxFi4pyiELnGYAn', 'nvvt6ZFx48urytFIyEu', 'V7CN25F7xjQSMBm62dY', 'zcY5f8FhxUIJnQSgLau', 'CGxnukNhs0', 'jKTsB2FOLu9vlOFcoXU', 'Rd51GUFsH99JSIdQUcR', 'f8isuFFaWqiVph4x7jh', 'tP9jD3F6bVHgg2ns9Xo', 'CpYGL2FCKGc1iJhxjwT'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, F0eFFnmKkJZhn55Zvys.csHigh entropy of concatenated method names: 'zNeO7uiZah', 'xlVOxdPnu0', 'YRfOkdbvSo', 'yy1OJdNcbb', 'prOOWxRapI', 'QnIOYWhyod', 'kr6ODxE7YT', 'I0d9jtb7omcYokV1kK7', 'B5LCmhbq3HNpY8sPkpn', 'WQNgy5b8HNeTWQUwVMM'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, FvUSi00RJHkOioJSRTM.csHigh entropy of concatenated method names: 'smGvVcSBap', '_1kO', '_9v4', '_294', 'RXJvTraoO5', 'euj', 'WauvoYrLC6', 'h42vc2ksyy', 'o87', 'fuevIo2wnp'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, DcgbdkHCFc0nwgXcgUH.csHigh entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'Gn6cTMG0CU', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, NpkSvBO9tY9bafnVL2t.csHigh entropy of concatenated method names: 'SPWpBWnPcB', 'Jh2pRguhaI', 'Sv2pgbABwJ', 'qTU82A0FbwDfCL1Q6B3', 'YuroYr0dcv7SHtHEyae', 'Heq4Xp0ppmFHQtY9EHt', 'Mdcw3u0GT78XWXrkYf0', 'vm9AD10wKpsPlisBQnk', 'uBaQAH0lV28IGqeR5qj', 'NQHY4W0osg0soBEe3dk'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, ElUjESmZQO5ijkocpJ4.csHigh entropy of concatenated method names: 'sKe4crgbNw', 'cH5Pc3Ewi1NFjX2LPUo', 'HlSjqtEpNoTjFTdWBOT', 'TXkeNDEGPahdMHNL9Mf', 'wVSF6VElXi4QpMAUVGQ', 'SWE6UdEoNH5lfOYrRH0', 'R5046iTwKe', 'uUX4Q41pXb', 'ymM4bmJd4k', 'Cmo4jqWDff'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, Q1DSX900iYSkfVne7XQ.csHigh entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, UJYcexH1uBfIbSBrvkp.csHigh entropy of concatenated method names: 'jdfcy3c5IJ', 'Tr5cHO8dB0', 'Y2Rc0a6ysi', 'nArc4VfmcZ', 'ixdcpk3K6b', 'iRdcKPGlEC', 'Ln3cXQxWYB', 'ey6c35LtKp', 'D87cGocUg4', 'gu1cEvjNIf'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, g80GQCIoZw6kAVuOrs.csHigh entropy of concatenated method names: 'at6kUkTKy', 'dMjJde88C', 'jhoWdnCTp', 'JTexFbVDbZuxL7Bmo7Z', 'HYVfafVLTWbaRB4qfMC', 'xtYhbpVZloUUUas7rYY', 'xuR6a1VKYE3YcX79PHC', 'I6b3VwVN2W2IcYANYuI', 'MtGSx6Vnxylf9Jyo7IV', 'd5lXmvVuy8xsxoYbuWK'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, m7BaDMaAjOnUe9lkyjn.csHigh entropy of concatenated method names: '_589', 'YZ8', '_491', 'G9C', 'gdPB74gGI7lIZN9LrRR', 'C0jW1YgwTb85ILcADrS', 'PdO8WXglgR9ZwX9XFca', 'YCoLx0go2nbnwxpSv4v', 'cjnjVSgIQ2OHB6Tewli', 'iGE3u6gJNSYywQ7Cr57'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, bmVAxyyP82jM9OnS3v7.csHigh entropy of concatenated method names: 'KFrFcDJLdB', 'LgAFhohT3D', 'up5FwDNCDr', 'NqEFuKSPcI', 'UGYFFDabFh', 'BGQF9kMAAY', 'SxYF2EQv6P', 'sKmFNEUr3r', 'TkVF6nmPsn', 'UqWFQoayBs'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, nTLoROOSeJQOKO9eeS1.csHigh entropy of concatenated method names: 'oYo', '_1Z5', 'wpqijCj0Ot', 'wNqXyLX2EG', 'qucifYmZbm', 'GgNo698bbSvjUjwOjxe', 'esZke38WIrt9T6gBd01', 'bapDSP8kwsRQPkUu1aQ', 'zuSCoV8X9WSEFK58BJV', 'jIeW1C8Amtcx5TiVf0r'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, N7KjFoahxcgut2HyOQs.csHigh entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'qp3DpRce0KEe8hh5r0u', 'o26kxxczUyVJ7Al0TQp', 'oiDLu0mR0x4EeWqFcj6', 'knvVLKmVO36ADpI2xPH', 'whLf7bmBbtlyKfaV6ug', 'l9mE7hm9xFbNdxFEQap'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, mGsjrXm5RJSD52pfjgS.csHigh entropy of concatenated method names: 'maPmcH1BLO', 'O42mICRSp3', 'MaCmhyE68k', 'BZjkoeP63nGAJjAlDTy', 'IPE3L6PCeAvZOkmci1a', 'PC9tlMPQ4Ejw9IkDKZ1', 'WBucHgPLcxuHC1oUXPK', 'wmWLBGPZ8yTdID9W2YV', 'AACfGlPDFGGaAJjOkbU', 'avIlY4PsxUg3yZZPOVQ'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, UI7bGZm8mCiwUqsNasr.csHigh entropy of concatenated method names: 'j3R0pqYeOx', 'U5p0KUr5iQ', 'xQuv5qMJQDIl3JqLJPW', 'O9ivsUMjXqv3VCpfd8P', 'i0urjSMoJfMMMh2k3Ld', 'EV6qryMIStggZaOvQTg', 'MUj02ESQO5', 'RXhd9hERcDnmgbjugWR', 'h3PDHfEVWSnu3a6o7P4', 'QnTNthMekLq3BwB8Yuk'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, XSa8OM0eybbwyS9PrRX.csHigh entropy of concatenated method names: 'AE4IbU6Cd0', 'pWmIjhFTly', 'bRxIegy2Id', 'iVBIVGVBVC', 'OXpITFKpHE', 'pH2AQoNfa1CMsPhVcZQ', 'lxRHGIN2Y9a3ADJhOEJ', 'XsZMDJNe1087P1TZoNy', 'aHp9eSNzIrmuMvHIo8q', 'MyccacnRfVNMdFpABIR'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, Q7lAFSm2hb6e6FsTIfS.csHigh entropy of concatenated method names: 'YPpOiia9oJ', 'eDoOZJiQiI', 'qE9ueJW4J5qsTBhiuYt', 'rwYpHGWUhjcVhwj1JGW', 'wVuhHmW0e6XD5bhZ8uC', 'HVST7kWrVhCrWfhwUxR', 'CyFmhgWqkD3xdaBYAw3', 'RX8NgGW8NGlSf6sPutt', 'z5h4oQW7XpSo4dTMlX5', 'PBTjrFWh9Pb1fSKfXLX'
              Source: 2.3.Modrinth.exe.535873d.1.raw.unpack, EDvKZXaTlB3bbN8yLqC.csHigh entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'HUwKPDcQnxc1TkTp0hw', 'GH1Qc4cLN4PI7xoilKp', 'ewQkK4cZpQhHbvsrt1y', 'Ltb4UfcDc8IZ6lxolJC', 'gNIQugcKFI14TobgOmy', 'IvpYXWcNbk7jnT5CSa9'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, jPaTnia40GWt9Coe6yO.csHigh entropy of concatenated method names: '_6H9', 'YZ8', '_66N', 'G9C', 'qiRZHj1J4NC7beQbQXK', 'NgaAbB1jRKel81QpJWU', 'T6ey7G1fXFGx6sK2gk0', 'h71wg212LsMLZtgUVit', 'KBsDg81ebU3E7lQLn0v', 'VwtuWo1zvXQUQqUYKmf'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, pbABwJy3EdEOotFyFtR.csHigh entropy of concatenated method names: '_4J6', '_5Di', '_1y5', '_77a', '_1X1', '_7fn', 'OUK', '_8S4', 'wUn', '_447'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, IOnjNpyi3WP4VFBLKh7.csHigh entropy of concatenated method names: 'ICU', 'j9U', 'IBK', '_6qM', 'Amn', 'Mc2', 'og6', 'z6i', '_5G6', 'r11'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, Xa39auae6dMXshb8a5I.csHigh entropy of concatenated method names: 'gHL', 'YZ8', 'vF9', 'G9C', 'j989Rlc7wue7C4kxZP3', 'MrVhfLchwVuVGlbK3mq', 'Qx15hNcitWqMiMYYMC6', 'rWEiKocxLBfd4PWrD3L', 'W80QoWcv4BUhYpx5AOR', 'V7paBccTwYZ2Dt58cOu'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, oouYjcOoPmjrIkWamvv.csHigh entropy of concatenated method names: 'c6YK7Kf2Gg', 'SOMKx0X9Ly', 'SXLe8bqELooqIGhwlyl', 'Hguw4rq4RUUGpVCrGEk', 'GXNnlTqAy9GqD0oJWDj', 'LNeSbTqMpUQnLRW53pk', 's6vqe0qUEhrpgj0aX2s', 'xKf4Rkq0FptPTlScKfK'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, JBFZpRnYyR185c99D9.csHigh entropy of concatenated method names: '_52Y', 'YZ8', 'Eg4', 'G9C', 'Sxn8yMZD2', 'uDXe1OB4PeEwZVybgTR', 'HkocfjBUShjtZygTKvA', 'laSPGlB0OhMiZYIYp4M', 'v7ouDOBrASg4eN5Tspd', 'LI4gInBqYFcgGZQWcW1'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, tDUgcN4cgsla2FKvWQI.csHigh entropy of concatenated method names: 'ziPnogSufS', 'YkgncXSsLT', 'pJNnIOplt5', 'cspnhe0fAX', 'b8jnddn1a6', 'uaenMagvy0', 'SN6nva4vWE', 'x0gnU37YjL', 'NESnnObaxL', 'VnWn7NCBeH'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, ehi0Ar05rwO3rBy5vDQ.csHigh entropy of concatenated method names: 'NnYcrQZwNB', 'rD8cSIqcmm', 'UIlcfceKps', 'gxQcBUYWv1', 'n54cRmT1BQ', 'rkFcgTjThU', '_838', 'vVb', 'g24', '_9oL'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, rhM4tbyHGGaiSwWCOii.csHigh entropy of concatenated method names: 'sLyG2v2GjU', 'qhAoA0hEMdjELBiBxbJ', 'ocRb5xh4kvrV7eGyGV2', 'eGvPqqhAVS4fWLdoW6l', 'PQlwgrhM6ONhtoQPoIS', 'w6fXUaf8SK', 'GHAXnDBgDs', 't1UX7D1p5S', 'YykXx5KOQn', 'T97XklAAx5'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, pK4i05auqbqWopsKsKe.csHigh entropy of concatenated method names: 'rU3', 'YZ8', 'M54', 'G9C', 'yXMa7tSK73PIWQTFjaa', 'eKydheSNL2Vryrp8Y3b', 'N5Hw6YSncC2leDxBC3T', 'hioR8GSufvAhlwBQFk8', 'e2E9DFSHAPMLmvnqRZg', 'zbIWLDS3QDaxRawpl2y'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, RQkNuuH7giMLOmlQjLZ.csHigh entropy of concatenated method names: 'oTAos8IXNY', 'sUNoAqLXkj', 'tfqo1yVqmB', 'cBHoPV4Ya5', 'NBtoCcKSvC', 'lLFoipSwjI', 'h435C2Zp7ldb00nwovG', 'QK1GMjZFEREncwFKIlT', 'P79URJZde3G7PNfjPnd', 'HHDU0oZGvAeX232QQ1E'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, fUGbdqtY2ANHoqXkSw.csHigh entropy of concatenated method names: '_468', 'YZ8', '_2M1', 'G9C', 'iHRT2hyMPNtIlRtBXJu', 'leGoNgyEUQZH2sUYRDD', 'JPo0A8y4xcXBbcqsmPy', 'mn19d1yU6jNn2rCUowj', 'yCeHa4y0EMI0gOSeoDc', 'ct4LJnyrh7FKUVKT2BG'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, y0lMUJyhu6CbIcl54jf.csHigh entropy of concatenated method names: 'AwGwxihbh3', 'uuFwksYJEj', 'R4SwJF1yE8', 'mS3wW4trZH', 'RWtwY77dlh', 'JKI0Kix4GfJlFBdtFtV', 'yWU9hnxMUjeNs2t77dR', 'a4pKEHxEPMbm0bdUJNv', 'QECyJ7xUfw5TpSb8w0f', 'TBJYgEx0Ky5ErpBRgOn'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, AAlQZwiJL5Xr5eGvBm.csHigh entropy of concatenated method names: '_52U', 'YZ8', 'M5A', 'G9C', 'oYjvQttIPcTGSksMQXP', 'eRnb4OtJwwTItDbVxt9', 'WOqjnotj19SGc3Nncbd', 'HK5sT0tfE4HDbyITp84', 'Vdisfmt2jxT8PVUTo8p', 'YB7HEQteEnAmC5RTf2f'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, e2g5aG0crcxKeJBRoyR.csHigh entropy of concatenated method names: '_7tu', '_8ge', 'DyU', '_58f', '_254', '_6Q3', '_7f4', 'B3I', '_75k', 'd4G'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, X2icxDaO12aiUd80oHk.csHigh entropy of concatenated method names: 'R1x', 'YZ8', '_8U7', 'G9C', 'g19bRf1OghoyYMl3X4u', 'E7If4P1s5jpLRphRyLW', 'sMRaUp1a3viAxylWWqj', 'UC9C3516Ecu1eRm1knu', 'J8Agea1CM26Sy5umLeD', 'SeEaUk1Qa4gw3Ssd7LB'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, yerTdRy2onVId7aJ1TB.csHigh entropy of concatenated method names: 'Jf3EyBHhZ8', 'bUqEHjjnLH', 'zT3E0GCpqG', 'HcCSKUiAGIqNf63wOKD', 'u2xGW6iMUsWMDVJcemg', 'DW37SrikmEKno1X3ibR', 'CCaUNDiXkjk9gqZlpb5', 'eTjEj0iEx1GhTB0b2Ox', 'pueZHwi4Ysifju4XUbq', 'i33LCiiU3BIEJF8h3a1'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, jvGrunOatM8gGptbr4c.csHigh entropy of concatenated method names: 'R3j4vfIKmq', 'nCE4UtyXAs', 'HMd4nWbTxb', 'FPx47epZ0M', 'tGqroEEzHXCOZD1xYfj', 'CZIedaE2oEpXtC2tuY1', 'UG5o6sEelNpYrdQ8JFF', 'NeKsPr4RcA7lIOFbV9p', 'Eq5gEr4VbK3nCyjGgrx', 'wGhBMZ4BUoLfiMdhaR8'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, MNuq87gYHUa13y8H92.csHigh entropy of concatenated method names: '_8Ok', 'YZ8', 'InF', 'G9C', 'NsFhvgtkaB3brEOQFho', 'aP8GcMtXp1eu6UWHknn', 'Hdt0g3tAoMFLaWwM1Fe', 'kQO2jhtMiCEMsS5Ibgt', 'vScu6atEFEHTbgboLUu', 'msDh3dt4HGJNTg8surA'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, z3DOHTyA3lEDNf5oxRY.csHigh entropy of concatenated method names: 'pwKuiLyPlf', 'RtFukTjeBp', 'CfyuJiXGq3', 'orAuWva9E9', 'p7vuYXwNFQ', 'kKDuDEK5ZT', 'd2eu8rcYG5', 'JHEuL3sWFf', 'Kq4uqVaRD0', 'e6aul2fgS1'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, cmTkICaBFHJIm7DYxk5.csHigh entropy of concatenated method names: '_625', 'YZ8', '_9pX', 'G9C', 'KEXML9g0xdgt3JH0P67', 'V7u8UfgrsPd6n0KOHBu', 'o40BqxgqAx08MiHXTtw', 'EvAKO1g8PoIwBxJAZss', 'oLEtkRg76K7qAgcCpP1', 'NfipMKghPvtvW5fDUNS'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, HnHswkOq2f1bZvlIekv.csHigh entropy of concatenated method names: 'sg9', 'N8Kiq7RbuL', 'UNWKig7xpH', 'IT5i5epuAY', 'p7RnZSqpbJC5u1vFBXF', 'sZtd01qGndaWaCmjAR5', 'T5UGP0qwbXlAiYXt0Fr', 'KFhvHqqF5xwTGeWDU3d', 'At780Aqdjm2kedojLRC', 'Ac4hjcqlZZsww5HCNOS'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, QWFNpB8gAYSNtrLHBq.csHigh entropy of concatenated method names: '_23T', 'YZ8', 'ELp', 'G9C', 'hge4Hn9jcfFpcbPRemt', 'hdifgZ9fZXWm7mSPrYx', 'KvelKy92i2mxEyJZdaP', 'ttGQSi9eMie00EKIu3R', 'AQAxXl9z511kcCWXNa3', 'yq1DJxyRtftRKrfYVjE'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, CZ9h0Z44gkQdFuZ5VE.csHigh entropy of concatenated method names: 'oh0wZ4gkQ', 'Mx4mnx69Td7sIJMHYw', 'yyC5NXsX2MM4yfy0Em', 'Bc3wteajJed89ml85x', 'OOxNPnCv9abwcEhbbi', 'AhYiDIQirO5wKRJP1b', 'P09m50WD2', 'B0TOGdG7k', 'tqOyJt0pb', 'su7HLnDU4'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, tRhiRJagZIFjUJYiZPp.csHigh entropy of concatenated method names: '_7v4', 'YZ8', '_888', 'G9C', 'm5e1Nwga0WBFGURebZO', 'IADl1rg6AyOyIUux4Uh', 'yL0qw6gCo3PqysfdaAI', 'DV2J38gQgvPAxDOC81A', 'kbHt9PgLpDQp1AutwXs', 'YRC4uBgZQHnonYQqwug'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, SvlhDembYGB4JLGRZLG.csHigh entropy of concatenated method names: 'GchywuGsjr', 'jRJyuSD52p', 'jYbksuk7Dm1uTtVCUdw', 'SumgaMkhaXWpg4HyjXc', 'Yuo9ItkqXD6UhZ1ZO87', 'Quo860k8WxGwMdrr30Q', 'wbhQaTkiiUipmNgCQCg', 'ub6NAVkxAnYYK2iiDPJ', 'QaNiBnkvHq7nS9W8mcQ', 'AUvIyXkTtV3P1CtOONK'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, eRlfJjaMeelFTnNKSmO.csHigh entropy of concatenated method names: 'GvP', 'YZ8', 'bp6', 'G9C', 'NHx2qCmLkDJ91FhbHUb', 'KWeSu3mZVwXDtjk5Z8D', 'dVgFxymD3Omt2Wfc4JF', 'lUYBcmmKyC09mLfEOIL', 'YWqDtbmNRsOPOsPKtrQ', 'xDgPDImnhjDTpppYFrN'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, ytAGk70tUHyr5NrLm62.csHigh entropy of concatenated method names: 'PJ1', 'jo3', 'xQZvKPiuGy', 'xLKvXNx8io', 'ztJv3qvMX3', 'EC9', '_74a', '_8pl', '_27D', '_524'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, ykDh1E0TlnGsWgq8ULC.csHigh entropy of concatenated method names: 'IGD', 'CV5', 'g38IoykCX7', '_3k4', 'elq', 'hlH', 'yc1', 'Y17', '_2QC', 'En1'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, fs2AfazSVDW7SCGUm1.csHigh entropy of concatenated method names: 'Y29', 'YZ8', 'jn6', 'G9C', 'rSegpO19WmYBgYWa8y1', 'eUkcAM1y8atp0V0YYev', 'gjvVNf1tjdP2mZH1pi0', 'Iwa7IA119oEPixVRZId', 'xARb6y1Sfwg9BLgZXZC', 'b8SvsS1cRoGxDPcxHnY'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, E5uGIwHkQFsVkfeDTuX.csHigh entropy of concatenated method names: 'xN2c5d5cJa', 'qGqxvKZfO3eUpywdyds', 'miFIcIZJf97c2D5Yqae', 'hT6wCGZjWyuJoT5W10i', 'BNt3KiZ2OmODTP6q8cX', 'xksA2rZe9YPohUkYs86', 'L2t3MmZzVib2E4IkTtB'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, yrHKr0xBqBdvKUoEED.csHigh entropy of concatenated method names: 'g25', 'YZ8', '_23T', 'G9C', 'S1rlnp3H2', 'mPTIwVBQLa7BOeDYVJu', 'A4B0yxBLGknoR9H0g9N', 'HVZTt5BZ4MkZmo6yInu', 'Jm68hdBDWjGFvhLc0O0', 'D9KGgHBKYkRh0ouVc1T'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, BrJmY0aS531i1G0qfyk.csHigh entropy of concatenated method names: 'NWWm3FRQqd', 'frBmG9X1di', 'qRf3EcgP3TnDROfqf4l', 'w9fXplgYc0tt5YnSTym', 'CV7YlqggfTegsd1ybdN', 'xNDdyrg5xKOO04V3jm3', 'qAZWcWgbk612FwleRsP', 'aZeJQfgWUqtpa1CqqbH', 'OO6VFxgkJtugH6cqca3', 'W1BcHVgX0YZlPECBvoG'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, yaoNBCa9ypqycarcC13.csHigh entropy of concatenated method names: '_981', 'YZ8', 'd52', 'G9C', 'qeRhjeSouDRj7d344vv', 'PCxu8OSIs2QAZk61yXR', 'Y3uIUxSJnEvMnRpVedJ', 'HvR1r8SjsK57hN8S4Zd', 'QYHkJMSff1BBMMC1w53', 'sQaXmsS2s0GaQncqLvP'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, FDvseqmkwBUjoNZgqp1.csHigh entropy of concatenated method names: 'WxDHvvseqw', 'St8IM7A23JCRe0rsrLi', 'c26PTNAewe14xnKVkdn', 'FVpwHyAjUVQoeZkQUVi', 'SD9gYXAfFkPfhZxaqCZ', 'qUj2PEAzUxxpyHZMyNR', 'Dgls7IMRjUahQNCm8cm', 'fXvxFvMVBSqEwgtp0ou', 'wgFTtaMB2FBe470YNah', 'jjBGAiM9fKGxJdPirpf'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, YhPX2JAttI8RINZnZ6.csHigh entropy of concatenated method names: 'pHw', 'YZ8', 'v2R', 'G9C', 'jNSUqItvKNC8AyXuLYr', 'Ps6lrmtT0G1kKwkLeTG', 'fc2CVjtO3Ly9VOg5bWH', 'CcOhmXtsr38aG1I9v3o', 'LN8umPtaOo3Hu5PTj6e', 'WIZu7Yt65lmQsU9DKm5'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, EnWxliak2oQYuupnive.csHigh entropy of concatenated method names: 'RINaAZnZ6J', 'j0OoPVY7sWCt0Op67E3', 'YtpMQgYhlVBVmfna1F9', 'tIWo9uYqjdwQPFxjeR4', 'NU1l4lY8WJolHJLlksK', 'eCYPjwYiOTj8yfSTw0U', 'QLw', 'YZ8', 'cC5', 'G9C'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, C67BguOzdiiqsGeSaeQ.csHigh entropy of concatenated method names: 'VlYXdOnjNp', 'jWPXM4VFBL', 'ih7Xv5phaG', 'LLe4i27nDEKRwIkeKYi', 'Eh6GLF7uq0APNlbQKtq', 'heuedR7KPidt6DB950u', 'CLEk1D7Na0MhS16cyFW', 'JdJWu67HnoFJVyiIkrA', 'LhIi0D73o3mCKyrrIja', 'nwpMhx7FANl9r1I4uG1'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, M4vNYNy66wGjtdSM6po.csHigh entropy of concatenated method names: '_7zt', 'SHMEQaZ6pc', 'YVnEbHRquP', 'FRVEjUQ7wb', 'GwXEeTEhyi', 'at3EVXhLJx', 'N12ETsQf8q', 'g4El5ViqUHHNfTKu9rC', 'BYvnqSi8R30Wqc5KgIE', 'yxnbPKi0JpbTm2Ej1BW'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, JfrKuFHsZNtOqvNM0Co.csHigh entropy of concatenated method names: '_14Y', 'b41', 'D7Y', 'xMq', 'i39', '_77u', '_4PG', '_5u8', 'h12', '_2KT'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, GHVcie0MmULaONBty73.csHigh entropy of concatenated method names: 'drPhK2oeh9', 'f0whXa7HO7', 'HXqh3kWLDS', '_3Gf', '_4XH', '_3mv', '_684', '_555', 'Z9E', 'OSJhGkR4o6'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, ew63JKY1CiMnZfNPEn.csHigh entropy of concatenated method names: '_59M', 'YZ8', '_1zA', 'G9C', 'rUyiKw9LHX04khhKqLV', 't24dAX9ZEP9tm0F4d3h', 'kADClD9D1Oex0EYsvTw', 'mAZ8aY9KvR1Ij9Uyrms', 'EGhhC69Nx0CVGNl0HJl', 'dVNrSO9n2dnKyWRtC7O'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, NF7WLlStdWsFXqpjDt.csHigh entropy of concatenated method names: 'P37', 'YZ8', 'b2I', 'G9C', 'xKtxSryHNnDiGIhx6tH', 'MvTmDHy3cutBvobUIP9', 'wljgs4yFOYPj2LwL5Sf', 'BD8MRcyd5alIKkcqqUa', 'VAkYVjyp2vSbdbDj9Yq', 'CiSn4FyGxVhYsZxScB3'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, vgYy0ZHhWOfM3iUXUdx.csHigh entropy of concatenated method names: 'PYjoDHxRFg', 'XTUo8qvjdn', 'UdfoL3gj3B', 'gywoqbXJ6s', 'mlEoleZbc5', 'bJFh0lZv5pBvbGX5dBq', 'tkeYDZZiwHQD5vWauGc', 'gpQl8aZxGMg1WZH1CrH', 'FWtZ9OZTMged2nsXsto', 'oPccTxZOCNULG9FME52'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, kX3SxSaNFlKodglsQL1.csHigh entropy of concatenated method names: 'yiQ', 'YZ8', '_5li', 'G9C', 'lI1tdScRjyknXlbLW1m', 'oKsRDocV5LNgul2X0KA', 'lt1jnScBKsRC8Nfg6It', 'TvNWblc9c5yIcGH94rV', 'XqsZy3cyN3AyZ6txeNP', 'adbgGXctwlbdO9Ugupx'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, baYrhAOQ8tHFrFkoH4H.csHigh entropy of concatenated method names: 'CiNKFiO8FK', 'xZgK96DO1c', 'RjQK2LE0w8', 'tND0DBrHltVjjKYKdCe', 'ghgLrtrnJeB0f4sS6vO', 'c38qq6ruL1fuCgusPdT', 'nwZayGr3TddHFk1Rnly', 'xIeK0rTdRo', 'DVIK4d7aJ1', 'wBKKpo6cLL'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, v9DMJtmYa3lXTywSQqC.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'NJBHkb5VoW', 'drcHJYV9DM', 'HtaHW3lXTy', 'mSQHYqCqgS', 'KRxHDZyyf3', 'MxPLq0MmpeysG6LXpof', 'AZG42qMYQKISnC3KbJY', 'tlxPZpMS1lUXJDePvYc'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, vyhBvyaHPjk7CA5wG1Q.csHigh entropy of concatenated method names: 'K55', 'YZ8', '_9yX', 'G9C', 'nkeGRa1FO2XxXJRT2Q9', 'O22XSK1dNfOPEdicV67', 'SL2iNv1pQHWQUMDiFEg', 'PAnwcD1GC700Srkitny', 'cCxnGf1wx6gwO2k72MR', 'Em9lK81lfAdY7g0cfBJ'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, MaCyE6a38kLsjZ1UZds.csHigh entropy of concatenated method names: '_6U6', 'YZ8', '_694', 'G9C', 'gpl5PGS4dhtmSp0Cm5b', 'wTmR06SUtjrqKSoMyU4', 'KrrfRDS0Z02ssLHWZIc', 'e4jg4TSr1pkU8WEB6gY', 'bVNHQmSqM5RtbfD0Qdm', 'I9W67xS85TW8U01JdUM'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, RLQ2DGOP2FD3T9fiYdo.csHigh entropy of concatenated method names: 'MqcSHp7Z6bECoP6UoQc', 'rdCRrw7D0uNR34MqcI5', 'LKNnUi7Q5Hugbl3p1Sw', 'g9MZ687L9O381PG3QRF', 'IWF', 'j72', 'ksfX20TaR6', 'MIUXNy3OiI', 'j4z', 'mxqX6hmpQ3'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, PEqsn9aKWioLWYZHsBj.csHigh entropy of concatenated method names: '_3fO', 'YZ8', '_48A', 'G9C', 'KAiZYlSSSQVyWP9wB9L', 'fug0c5Scc1o9dfaZSxp', 'NMhLOrSmIhklHwPyita', 'c08IRaSYLYFY6PDZrkg', 'zni4WlSg1brAxnW98nE', 'CMG9BBSPCluv41QqZ0N'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, mL9cTBaZSquppO1akcG.csHigh entropy of concatenated method names: 'ud6mVhQxSE', 'MsnmT9WioL', 'HYZmoHsBjj', 'V3GtiXPgo565QutZbjY', 'FlODb3PmEImQ9h71pXw', 'lXq8ESPYCpN8PgHRmTk', 'b2YeoxPPljIKyPoVH6H', 'RZ8GYpP5SoybBmSb4uD', 'cI9FToPbgQe82OnSrS1', 'xcGbbnPWoP4U0Rlg3jT'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, wyCUFMaQHEmu8qswV5Q.csHigh entropy of concatenated method names: 'fnTavNVQCc', 'ai8vX6cMoAFYPJSBkr4', 'f9dnmbcEdKqrpiBMSTf', 'wL9QO1cXO8CKEjomobY', 'vkQ6nPcAj95qbZy6EkL', 'Cuywsmc40caFf0qYhVO', 'C3qqNucU31X92GAIdCL', 'UpLw2mc0949FQJXuAoO', 'FZpAsFcr4D7frrBFvUq', 'f28'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, KaS3y4aYEAMPTdqr0TA.csHigh entropy of concatenated method names: 'itEainiSbu', 'Ap3rI1YZu2xrGVane0q', 'KvtmEZYDpJxp4gTDYfA', 'X2r83mYQhdGvsG6osKd', 'g0ln4oYL98PI3iNe1FK', 'yrwi9kYKvRFdM3Yndpn', '_3Xh', 'YZ8', '_123', 'G9C'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, SRkpZtaaM4SieWmC3h4.csHigh entropy of concatenated method names: 'tO4', 'YZ8', '_4kf', 'G9C', 'd4rI6m14iaNIksLMZ65', 'YV0Gw31UPLZvFqxbgB4', 'XOZdXm102gXeOrgySWB', 'kWHnXp1rCicHwhBQ4TA', 'Je4lSd1qJXGgF8uXa4u', 'UgPKmY18ieIlvpEFF7U'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, L8EfPg0haMlLQNup7b9.csHigh entropy of concatenated method names: 'D4M', '_4DP', 'HU2', '_4Ke', '_5C9', '_7b1', 'lV5', 'H7p', 'V5L', '_736'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, bX9w0bBJDIlXEvLJx8.csHigh entropy of concatenated method names: 'kcq', 'YZ8', '_4bQ', 'G9C', 'IA2Jjbt1xLDSIbX0bCN', 'M3j6HAtSXUmVpTXTXGm', 'bPGxSxtc8Y6DdOPU5j3', 'ESeTQUtmEr3bUVbSHpB', 'tbDR0ytYp0aMnqJjjDV', 'z0Z1ohtgPJw6EgHfioj'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, Hg3fDXOgZ4C6FtCmS9i.csHigh entropy of concatenated method names: '_3VT', 'O5t', '_1W5', 'LAIX39whE8', 'JyQiT5gvR2', 'zi9XGSY4pR', 'rRBi4Zstgp', 'QJQxYM8DV41vwOmoquS', 'lEQb538KyanmJqKm2k0', 'QZe26Q8LAouw6coabIs'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, OsXtcKyRbxwwJZHGsf0.csHigh entropy of concatenated method names: 'P29', '_3xW', 'bOP', 'Th1', '_36d', 'fV6uFecuOf', 'buFu9Qw4UZ', 'r8j', 'LS1', '_55S'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, rO2Y6bacTwUsbIPi24J.csHigh entropy of concatenated method names: 'p23', 'YZ8', 'Gog', 'G9C', 'ufp5QrcddsE1UIlZtpc', 'WM5fWecpel11vG8QaUq', 'sDB3hbcGK9AonxIR5Bq', 'y7UeCUcw7H7vMV1oAEv', 'JH3Oc8clsIR2gWxM6Uo', 'jgiccfcoQea6IBhJLdQ'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, TaKxNgOXDfBWl81LOax.csHigh entropy of concatenated method names: 'pTRpxmnNIK', 'FxYpk5gPKf', 'lYDpJ10n2b', 'AYRfVA0W8ammCPn7GKT', 'Uc21rq05iV9GCGf9EVK', 'oAC6rt0bK0bEshlmwE9', 'U6jTxu0kPSjlVRnJHPD', 'GR4pFtt7pw', 's3Pp9NacnT', 'tMjp2j4gE1'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, kLA8y1mVcMRImFWnmng.csHigh entropy of concatenated method names: 'm6LyjpWKUF', 'NuayeNEDQh', 'XhbyV21ITj', 'rd5yThaVXZ', 'okpyoJpS4x', 'NWo5iFXR82g46VsHukt', 'A3Y7eDXVs8oByOl34wx', 'wDwv9kkeP1d3FT0D9A2', 'LNGIy4kz6ZQy3L7tjv7', 'nKrboJXBulg9rKCMlAV'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, nqCPI9dVxN5OIosCd7.csHigh entropy of concatenated method names: 'T43', 'YZ8', '_56i', 'G9C', 'QNN94RBg1PEgosgpIkJ', 'rYjVTABPOh2MQdgcAWr', 'wWwWVKB5su0siEkdcsY', 'aTXOJGBbVM7d9H1Lm7n', 'DwbSPOBWxypuy4CERHR', 'G04Bv7BkTEjf8hFAM5S'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, Vya3o7mMxMRGofdtKUY.csHigh entropy of concatenated method names: 'A5RyiQ7rTL', 'WeNyZWqc9K', 'ngvyzlhDeY', 'kB4H5JLGRZ', 'KGLHaipbiy', 'z9qHmn2rKx', 'lNBHOu44NY', 'r30HyagcWw', 'pGqHH3GLA8', 'BEdd61XJt37t5RZs2yC'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, KgoQdKyKgVx0akKguJg.csHigh entropy of concatenated method names: 'uxk', 'q7W', '_327', '_958', '_4Oz', 'r6z', 'r7o', 'Z83', 'L5N', 'VTw'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, PxCKSfOySaLxpLpoytV.csHigh entropy of concatenated method names: 'sCe4q1MEHm', 'MPC4lnxNvV', 'OLi4tglObG', 'wxy4rs8D24', 'H0I4S0u7Qa', 'nL14f9ZbNP', 'UDuKPU4Tia8JTDsuTHH', 'i7oyp24xERpin35sxo1', 'VEPWFG4vIfDmILBS7ny', 'ih069p4OwcASXCGAPH0'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, DEFqEoHO3EXg98RHjG8.csHigh entropy of concatenated method names: 'jscVM76qjJq7a2ft9kP', 'rL9fPj68DHa8B5Z9P8E', 'pbEiDF60BQf0JcmuwnX', 'nPdaM76rNFTAbGHGZNi', 'sDbbol6Eun', 'ChN8en6i6L4IbHCDtfd', 'VtYmM96x2BNWZLqARdl', 'eXdW8167CHoVO0mQ6uo', 'GP76aa6hM3T473ARWBD', 'rvCWsi6vFQxU6LSq5Vy'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, utPAkW0xy6H38Tx3NjC.csHigh entropy of concatenated method names: 'gvyYVhHy8yGKv5oUMfl', 'HxiZVgHtwQ5Na7kYrTP', 'VjxV44HBjEUcpNBUAjG', 'NrsX4cH9lLknBnvEJWj', 'lwEhkxsDJ0', 'WM4', '_499', 'c4ZhJgrCT1', 'XK5hWs4haF', 'ViYhYDkEM0'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, dIpulgaU5g1UcsrHg2Q.csHigh entropy of concatenated method names: 't0LarVcZPr', 'Imo2AeYBBg2Hl1kMJuH', 'KweZO9Y9MHIAmLsTFCL', 'redkf7YRn7dv5i4TBWe', 'IhiVGDYVp6DgiIBqwVZ', 'pFegUrYyfCNbGxFweib', 'krpbxdYtGHGbPZ9Wrsf', 'Lxmn7LY1RWLjQDCsieO', 'K7YafHUa13', 'MYoIrJYmYsOlsQXJq5g'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, glfv8ZHUu9FCFGLp7rB.csHigh entropy of concatenated method names: 'TeaofdA7X7', 'AdGoBw3Jhu', 'iQLoRcY5Ne', 'mog8k5ZNmbts9UpBcbb', 'nvBcxiZDpkW9HF7eu5R', 'HrNn2XZKb508H8Xi86t', 'vUTon9ZnslskPYjxLJN', 'Yt9xJKZuEMfRrp5mMmw', 'osfs6mZHFI6088JeJhF', 'GF13QdZ3whJ4TghhTWm'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, orwOpDaPaoTgDmQFEy5.csHigh entropy of concatenated method names: 'rJpmQD3PaT', 'R3FdJaP12mLQ68x4qyh', 'sObiwQPSTVTMZa35lXJ', 'VYTLeKPyXQedNTEcPr5', 'Luh5oRPt0XpKs240TkF', 'QSDr61PcynprHKTwwax', '_5q7', 'YZ8', '_6kf', 'G9C'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, YhLwvym6LwQWlEBpj5Y.csHigh entropy of concatenated method names: 'aDyOzKw7Ba', 'JMjy5OnUe9', 'Mkyyajn78g', 'rXyymkvuQV', 'OUVyOoCm9r', 'mOpyyDaoTg', 'JmQyHFEy5K', 'buVy0ZhsC3', 'soIy43LLco', 'dk2ypAnT8f'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, fFxHrbatjrKUNEfYCKY.csHigh entropy of concatenated method names: '_2WU', 'YZ8', '_743', 'G9C', 'Nflfxtg15lvox6r89tq', 'pKBhIFgSJBRea5bsUpN', 'zgP4kogcxecZ4TyiVVB', 'MhFYLjgmBZfXYDkn3KV', 'foakW2gyFrwDwyWuZqE', 'HcnaEggtw4tQkesxXX6'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, NBqX6CJFHtfbQMZZ8o.csHigh entropy of concatenated method names: '_3OK', 'YZ8', '_321', 'G9C', 'DX27qkB2dMIAcD1AZxy', 'YujAKABeVIUfsTJapBe', 'qwf4geBzTCt1UCJBQtr', 'GGta0w9Rfc6tkVjYhN4', 'YndEQA9VvMZa0l3kTxr', 'bwgap19B5N6IC18OgLN'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, eOSJpoOugwvd9aGR6iX.csHigh entropy of concatenated method names: 'm74plXt0gi', 'xUxptxcDoP', 'UXnprqq1Gb', 'KgopSQdKgV', 'VEyX0i0CA3b3YO8FvBY', 'tZ3d760Qp8ybkys0QyJ', 'FYLmUo0L7TXCCk4sQPH', 'EYpyt30apGaaeEIhDDd', 'RvcOIu06anRGTqwNcd4', 'JlNWnl0ZBQH458SR9Wh'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, YALnWc43BrrHpS0V6ec.csHigh entropy of concatenated method names: 'b2dVhUGGMv64J', 'WaiudAFkuOAiG56wefZ', 'm7rqqXFX9jbmrbHmaOg', 'OsdAvcFAXHqCY52f8gn', 'RIEq0KFMFG7TcXY3XGK', 'Cp3sXWFEhaq5HyBV7FZ', 'HRPLI6FboN9Un9xInEr', 'LcNgqhFW3V8Z31eC5Um', 'qYIphbF4hbtgilv179Z', 'oIsIg9FUWbidxAviGFV'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, UU6wmkHZx02O6yEbYXQ.csHigh entropy of concatenated method names: 'b4FcdEtf29', 'pyJcM2mAQ6', 'F8e', 'bLw', 'U96', '_71a', 'O52', 'njNcvbRgxw', '_5f9', 'A6Y'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, WtocynOE4HM1UXIeqYv.csHigh entropy of concatenated method names: '_223', 'FuSWGZ0MDgsCPuE6NwF', 'NjxZ3C0ED9GoxAjLVew', 'rKBrgR049RpIt0Q3p8W', 'G8smNl0Uk2Kh9wcISBD', 'oWvKHb009IqvWCDSkFB', 'fA5gBd0rP1E2oyvC0TC', 'nwUGTC0qG1IITmJnXLi', 'pM1f3Y08BOfcDiB2KHp', 'n8W7c807tUYv8q0NcYV'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, yWXVOLaEihJpxi07oeZ.csHigh entropy of concatenated method names: 'd43', 'YZ8', 'g67', 'G9C', 'V7rYeqSxKJHohg3NSay', 'pUWmtNSvweZLHMoUo4B', 'bZRxPFSTYaVtW2NievR', 'beeufZSO3wPdYZMftJf', 'p8QDSsSsYKCjxTHRdy6', 'O2byxlSascFZksOACPL'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, TWb4LZOBL50f61GxnNM.csHigh entropy of concatenated method names: '_9YY', '_57I', 'w51', 'FWiise77cI', '_168', 'XrOcEB8hWPN3P1UBWwn', 'DaOStH8iWDJ4m7mFmvT', 'VXZHOy8xPfw4SHf7D6J', 'kAX5Sn8vbxOwdj7I7MX', 'LDvZMb8TNSyYuBRVhdt'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, LbrI1XyoMBocJMtW8Bv.csHigh entropy of concatenated method names: '_45b', 'ne2', '_115', '_3vY', 'utPw5AkWy6', '_3il', 'e38waTx3Nj', 'WjWwm4NAml', '_78N', 'z3K'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, witIrrOeJfEY3X4fvZx.csHigh entropy of concatenated method names: '_525', 'L97', '_3t2', 'UL2', '_6V2', '_968', 'BSkepvqbK3GSj2nPrmt', 'fU8ZcdqWF4bDfHFHlYC', 'G5ZgZLqkku0r4hJLKOh', 'PXMmX9qXsV3NtNh5EfB'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, RfdbvSaLoIy1dNcbb2r.csHigh entropy of concatenated method names: 'HL5maXr5eG', 'CBmmms4eDF', 'gZ7mOuZXBc', 'ao72W0YlvBFMhFu058h', 'g9uaL0Yop3KqqRROnyu', 'lc5i6rYGLtmW8ZS9ygB', 'Gb1EpVYw1XY0EqaZTa5', 'I4q6fmYID85aY6jO7wN', 'jMcx8nYJwbbeIiPqBgm', 'kkBSsqYjtgyR2CbbEw4'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, nKcZg6yjDO1cBjQLE0w.csHigh entropy of concatenated method names: 'AuCExGiaIN', 'gBNEk6LIkD', 'z1EEJlnGsW', 'Sq8EWULCIX', 'EVdEYFBOh5', 'NRgSk4iQa8ShiTlDlyK', 'nPTwgeiLiwjNf3XBMYh', 'JTLAIii6PVyuhfy3nBA', 'BjZMWdiCC63sCJqAo8J', 'FQGfmWiZPYR41ByLIij'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, YxqOp7HKUf5bZiEKh3m.csHigh entropy of concatenated method names: 'LF9obERRb9', 'MDxojQ5177', 'hPPtqMLIBQqA4XjUBFU', 'zXHWliLJaik9PvWYo3p', 'k6Vk2hLj8I617oPooFl', 'A0I0ORLfe0SS8949wJS', 'kyyoI6L26k5p6xPyBVM', 'SCRY63LeUKIAq36JUbo', 'sRKIOPLzAYWj03jLPAJ', 't9BAnEZRAAxe95vKYWu'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, KPDfjZHDMSnPD80LDYG.csHigh entropy of concatenated method names: 'p9aNNrDtaTqCw6Emk1j', 'F4NuXyD1l2HDeRgKQc3', 'i1JhVcD9Xq02fZw6Lxk', 'OGVpMiDy8cA8UQSaG9b', 'hlhYMNDS60qjTM3pbfV', 'VOv7OXDc8qSnZxCqZCD', 'svZlKIDmPmkolxXPihd'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, gmfFAC0n9eeVHmNq55q.csHigh entropy of concatenated method names: '_159', 'rI9', '_2Cj', 'eyQhcgqUlt', 'ynhhIUohH2', 'ANohhjmeho', 'fNbhdNkLhf', 'FWthMHB0hp', 'ovZhvfn9hM', 'YMsVP7uZDPd5q5ge15u'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, NrBQqL0muUynIESFV4h.csHigh entropy of concatenated method names: 'kIBIpa6MVZ', 'UxaIKobBS5', '_8r1', 'ETlIXMo886', 'YsFI376bse', 'YcrIGJaCfF', 'NNwIERdUBF', 'xE4Wd3NXsFPavFUuxDO', 'SwXVTgNA1CmuMGo64XR', 'NATAFpNMDHHPOQqcWuL'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, zNlUbFyECpnsDpnJtoP.csHigh entropy of concatenated method names: 'cCGGJSfRGU', 'A05GW6fdte', 'bAUGY6wmkx', 'f2OGD6yEbY', 'jQtG8FmnOk', 'SV0cSsheJ0yBxP3Z2fk', 'Y3qakrhz6V3Gtxx5LRy', 'y5tf5Ihfjer2oFZW3cl', 'ELxxgkh2iajYoI40LvW', 'b3fkpdiR1nAFZtEsDVU'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, TxHpok0WIWWuOnlBj9g.csHigh entropy of concatenated method names: 'jIUMYZrbmI', 'EitgGaHO3SEQ6d0WBIB', 'X7uRpxHsZahVupv7y6K', 'NlPEjJHvg6Wydo9uK71', 'YDPdTMHT6STPtERAPEo', '_1fi', 'LFTdgGRDVE', '_676', 'IG9', 'mdP'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, FmPsOgOtd5qLIYhhe3w.csHigh entropy of concatenated method names: '_5u9', 'm7jiQMTEPE', 'ERyX5XJw5K', 'xuhiX6tqqW', 'fCo4c2qfYEjW4xvmUe0', 'gbalstq2C1PpsOJGVqL', 'SZ3Itbqeeu4KsR2QGxU', 'wgv0OgqJ3X3XdPjGRsH', 'Rh3D5RqjNt1YeJFWFWt', 'RSmb3cqzK11qT9ma3TA'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, cGiDMSHMR5aXM1HiXTP.csHigh entropy of concatenated method names: 'POLotFP4d2', 'tXJorFmOnU', 'UVkoSi3xNH', 'O7s3T4ZQEVTrFSs4FNx', 'D9a9AjZ6BDBvAktvfW2', 'NFRXcTZCeq7VSL07nag', 'fvPaQAZLLJt680FGnkq', 'cZi3gXZZ7QJ4I6wKRrC'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, ON9Op5V44kY31YT7TY.csHigh entropy of concatenated method names: 'd8Do34deK', 'kcicwLPuT', 'h2IIjvF1m', 'f0QhsXdLq', 'XvjdPF3cC', 'gZHMQdWYG', 'cN3vZ92YA', 'sVD7NdVcQ3hACyWBW0P', 'IUTWF2VmrNogHVbqjV5', 'cn4U5hVYvvvyXkSqfuo'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, A7BSYvmmbAiq4yifMWR.csHigh entropy of concatenated method names: 'w7tmfCNdan', 'SATmByCUFM', 'eEmmRu8qsw', 'v5Qmgn3Pbm', 'YPTmslcniL', 'HSimAx6T5D', 'XKOStg5Mr2KFxvjplEL', 'fbUYEy5Eqm86guYdLdj', 'GXKlOF5XrIbukJTSRcj', 'yPylT35AZiei5V9u2bp'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, yUoUwXONflodC6d2xoh.csHigh entropy of concatenated method names: 'ldEpsOotFy', 'ntRpAmw0pp', 'gN3p1bv84U', 'TmWpPChNlU', 'sFCpCpnsDp', 'vIeHwTr1Fi5hwoc6hBw', 'jgKk1QrSVJdAidURM1f', 'fb5bWRryY0KiJ315OH7', 'KK4mbhrt1xx2KDadjBf', 'MbXI1qrcuRFTF3T30m6'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, J0hpQrmuXnIitsJc6Wc.csHigh entropy of concatenated method names: 'vKjOPRhiRJ', 'SI0pesW9WirAd3aY8mH', 'iprkErWyRSDND3BXsVT', 'OopVvEWVBHLNesHcJKh', 'aWiTEcWBmTexqW2s1cH', 'l2LYErWtLygVCgRmFoC', 'Ac6hqpW19GroDsQAKU0', 'mhNv1EWS41oCS9lFp8O', 'Frd43tWcxP4B6FSnqbp', 'pYTuYFWmrW7uY2yWu12'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, oZCvG54wWRBjDfkFnkO.csHigh entropy of concatenated method names: 'MRgCAxFi4pyiELnGYAn', 'nvvt6ZFx48urytFIyEu', 'V7CN25F7xjQSMBm62dY', 'zcY5f8FhxUIJnQSgLau', 'CGxnukNhs0', 'jKTsB2FOLu9vlOFcoXU', 'Rd51GUFsH99JSIdQUcR', 'f8isuFFaWqiVph4x7jh', 'tP9jD3F6bVHgg2ns9Xo', 'CpYGL2FCKGc1iJhxjwT'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, F0eFFnmKkJZhn55Zvys.csHigh entropy of concatenated method names: 'zNeO7uiZah', 'xlVOxdPnu0', 'YRfOkdbvSo', 'yy1OJdNcbb', 'prOOWxRapI', 'QnIOYWhyod', 'kr6ODxE7YT', 'I0d9jtb7omcYokV1kK7', 'B5LCmhbq3HNpY8sPkpn', 'WQNgy5b8HNeTWQUwVMM'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, FvUSi00RJHkOioJSRTM.csHigh entropy of concatenated method names: 'smGvVcSBap', '_1kO', '_9v4', '_294', 'RXJvTraoO5', 'euj', 'WauvoYrLC6', 'h42vc2ksyy', 'o87', 'fuevIo2wnp'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, DcgbdkHCFc0nwgXcgUH.csHigh entropy of concatenated method names: 'q4Y', '_71O', '_6H6', 'Gn6cTMG0CU', '_13H', 'I64', '_67a', '_71t', 'fEj', '_9OJ'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, NpkSvBO9tY9bafnVL2t.csHigh entropy of concatenated method names: 'SPWpBWnPcB', 'Jh2pRguhaI', 'Sv2pgbABwJ', 'qTU82A0FbwDfCL1Q6B3', 'YuroYr0dcv7SHtHEyae', 'Heq4Xp0ppmFHQtY9EHt', 'Mdcw3u0GT78XWXrkYf0', 'vm9AD10wKpsPlisBQnk', 'uBaQAH0lV28IGqeR5qj', 'NQHY4W0osg0soBEe3dk'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, ElUjESmZQO5ijkocpJ4.csHigh entropy of concatenated method names: 'sKe4crgbNw', 'cH5Pc3Ewi1NFjX2LPUo', 'HlSjqtEpNoTjFTdWBOT', 'TXkeNDEGPahdMHNL9Mf', 'wVSF6VElXi4QpMAUVGQ', 'SWE6UdEoNH5lfOYrRH0', 'R5046iTwKe', 'uUX4Q41pXb', 'ymM4bmJd4k', 'Cmo4jqWDff'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, Q1DSX900iYSkfVne7XQ.csHigh entropy of concatenated method names: 'Qkp', '_72e', 'R26', '_7w6', 'Awi', 'n73', 'cek', 'ro1', '_9j4', '_453'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, UJYcexH1uBfIbSBrvkp.csHigh entropy of concatenated method names: 'jdfcy3c5IJ', 'Tr5cHO8dB0', 'Y2Rc0a6ysi', 'nArc4VfmcZ', 'ixdcpk3K6b', 'iRdcKPGlEC', 'Ln3cXQxWYB', 'ey6c35LtKp', 'D87cGocUg4', 'gu1cEvjNIf'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, g80GQCIoZw6kAVuOrs.csHigh entropy of concatenated method names: 'at6kUkTKy', 'dMjJde88C', 'jhoWdnCTp', 'JTexFbVDbZuxL7Bmo7Z', 'HYVfafVLTWbaRB4qfMC', 'xtYhbpVZloUUUas7rYY', 'xuR6a1VKYE3YcX79PHC', 'I6b3VwVN2W2IcYANYuI', 'MtGSx6Vnxylf9Jyo7IV', 'd5lXmvVuy8xsxoYbuWK'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, m7BaDMaAjOnUe9lkyjn.csHigh entropy of concatenated method names: '_589', 'YZ8', '_491', 'G9C', 'gdPB74gGI7lIZN9LrRR', 'C0jW1YgwTb85ILcADrS', 'PdO8WXglgR9ZwX9XFca', 'YCoLx0go2nbnwxpSv4v', 'cjnjVSgIQ2OHB6Tewli', 'iGE3u6gJNSYywQ7Cr57'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, bmVAxyyP82jM9OnS3v7.csHigh entropy of concatenated method names: 'KFrFcDJLdB', 'LgAFhohT3D', 'up5FwDNCDr', 'NqEFuKSPcI', 'UGYFFDabFh', 'BGQF9kMAAY', 'SxYF2EQv6P', 'sKmFNEUr3r', 'TkVF6nmPsn', 'UqWFQoayBs'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, nTLoROOSeJQOKO9eeS1.csHigh entropy of concatenated method names: 'oYo', '_1Z5', 'wpqijCj0Ot', 'wNqXyLX2EG', 'qucifYmZbm', 'GgNo698bbSvjUjwOjxe', 'esZke38WIrt9T6gBd01', 'bapDSP8kwsRQPkUu1aQ', 'zuSCoV8X9WSEFK58BJV', 'jIeW1C8Amtcx5TiVf0r'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, N7KjFoahxcgut2HyOQs.csHigh entropy of concatenated method names: 'Ai7', 'YZ8', '_56U', 'G9C', 'qp3DpRce0KEe8hh5r0u', 'o26kxxczUyVJ7Al0TQp', 'oiDLu0mR0x4EeWqFcj6', 'knvVLKmVO36ADpI2xPH', 'whLf7bmBbtlyKfaV6ug', 'l9mE7hm9xFbNdxFEQap'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, mGsjrXm5RJSD52pfjgS.csHigh entropy of concatenated method names: 'maPmcH1BLO', 'O42mICRSp3', 'MaCmhyE68k', 'BZjkoeP63nGAJjAlDTy', 'IPE3L6PCeAvZOkmci1a', 'PC9tlMPQ4Ejw9IkDKZ1', 'WBucHgPLcxuHC1oUXPK', 'wmWLBGPZ8yTdID9W2YV', 'AACfGlPDFGGaAJjOkbU', 'avIlY4PsxUg3yZZPOVQ'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, UI7bGZm8mCiwUqsNasr.csHigh entropy of concatenated method names: 'j3R0pqYeOx', 'U5p0KUr5iQ', 'xQuv5qMJQDIl3JqLJPW', 'O9ivsUMjXqv3VCpfd8P', 'i0urjSMoJfMMMh2k3Ld', 'EV6qryMIStggZaOvQTg', 'MUj02ESQO5', 'RXhd9hERcDnmgbjugWR', 'h3PDHfEVWSnu3a6o7P4', 'QnTNthMekLq3BwB8Yuk'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, XSa8OM0eybbwyS9PrRX.csHigh entropy of concatenated method names: 'AE4IbU6Cd0', 'pWmIjhFTly', 'bRxIegy2Id', 'iVBIVGVBVC', 'OXpITFKpHE', 'pH2AQoNfa1CMsPhVcZQ', 'lxRHGIN2Y9a3ADJhOEJ', 'XsZMDJNe1087P1TZoNy', 'aHp9eSNzIrmuMvHIo8q', 'MyccacnRfVNMdFpABIR'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, Q7lAFSm2hb6e6FsTIfS.csHigh entropy of concatenated method names: 'YPpOiia9oJ', 'eDoOZJiQiI', 'qE9ueJW4J5qsTBhiuYt', 'rwYpHGWUhjcVhwj1JGW', 'wVuhHmW0e6XD5bhZ8uC', 'HVST7kWrVhCrWfhwUxR', 'CyFmhgWqkD3xdaBYAw3', 'RX8NgGW8NGlSf6sPutt', 'z5h4oQW7XpSo4dTMlX5', 'PBTjrFWh9Pb1fSKfXLX'
              Source: 2.3.Modrinth.exe.6a0f73d.0.raw.unpack, EDvKZXaTlB3bbN8yLqC.csHigh entropy of concatenated method names: 'kNf', 'YZ8', 'U31', 'G9C', 'HUwKPDcQnxc1TkTp0hw', 'GH1Qc4cLN4PI7xoilKp', 'ewQkK4cZpQhHbvsrt1y', 'Ltb4UfcDc8IZ6lxolJC', 'gNIQugcKFI14TobgOmy', 'IvpYXWcNbk7jnT5CSa9'

              Persistence and Installation Behavior

              barindex
              Creates processes via WMI
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
              Drops PE files with benign system names
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Windows\en-US\csrss.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Program Files (x86)\Windows Multimedia Platform\wininit.exeJump to dropped file
              Drops executable to a common third party application directory
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile written: C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeFile created: C:\intosessionperfcrtSvc\Componentwebfont.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Program Files\Reference Assemblies\Microsoft\Framework\DVoCIYUveQTPKsllMirxd.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Windows\en-US\csrss.exeJump to dropped file
              Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC694.tmpJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Users\Default\SearchApp.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Users\Default\DVoCIYUveQTPKsllMirxd.exeJump to dropped file
              Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIEB83.tmpJump to dropped file
              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Modrinth App\Modrinth App.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Program Files (x86)\MSECache\OfficeKMS\win7\DVoCIYUveQTPKsllMirxd.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\intosessionperfcrtSvc\RuntimeBroker.exeJump to dropped file
              Source: C:\Users\user\Desktop\Modrinth.exeFile created: C:\Users\user\AppData\Local\Temp\Modrinth.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Windows\Vss\Writers\Application\RuntimeBroker.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Program Files\Windows Photo Viewer\en-GB\System.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Program Files (x86)\Windows Multimedia Platform\wininit.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Users\Default\SearchApp.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Users\Default\DVoCIYUveQTPKsllMirxd.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Windows\en-US\csrss.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Windows\Vss\Writers\Application\RuntimeBroker.exeJump to dropped file

              Boot Survival

              barindex
              Drops PE files to the user root directory
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Users\Default\SearchApp.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile created: C:\Users\Default\DVoCIYUveQTPKsllMirxd.exeJump to dropped file
              Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modrinth AppJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modrinth App\Modrinth App.lnkJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modrinth App\~odrinth App.tmpJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modrinth App\Modrinth App.lnk~RF6edb84.TMPJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeMemory allocated: 1310000 memory reserve | memory write watchJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeMemory allocated: 1B360000 memory reserve | memory write watchJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeMemory allocated: 1550000 memory reserve | memory write watchJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeMemory allocated: 1AFD0000 memory reserve | memory write watchJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeMemory allocated: 18C0000 memory reserve | memory write watch
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeMemory allocated: 1B230000 memory reserve | memory write watch
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWindow / User API: threadDelayed 1467Jump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeWindow / User API: threadDelayed 455Jump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeWindow / User API: threadDelayed 359Jump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeWindow / User API: threadDelayed 363
              Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIC694.tmpJump to dropped file
              Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIEB83.tmpJump to dropped file
              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Modrinth App\Modrinth App.exeJump to dropped file
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exe TID: 4304Thread sleep count: 1467 > 30Jump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exe TID: 4304Thread sleep count: 455 > 30Jump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exe TID: 3372Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe TID: 7980Thread sleep count: 359 > 30Jump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe TID: 7568Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe TID: 7968Thread sleep count: 363 > 30
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe TID: 7180Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0026A5F4 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,2_2_0026A5F4
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0027B8E0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,2_2_0027B8E0
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0028AAA8 FindFirstFileExA,2_2_0028AAA8
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0027DD72 VirtualQuery,GetSystemInfo,2_2_0027DD72
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeThread delayed: delay time: 922337203685477
              Source: Modrinth.exe, 00000002.00000003.2027142990.0000000003057000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}&
              Source: Modrinth.exe, 00000002.00000003.2026432843.0000000003057000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Q
              Source: Componentwebfont.exe, 00000008.00000002.2134420425.000000001C7E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}|
              Source: wscript.exe, 00000004.00000002.2084446416.0000000002F44000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
              Source: wscript.exe, 00000004.00000002.2084446416.0000000002F44000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}K:r
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeAPI call chain: ExitProcess graph end nodegraph_2-24541
              Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0028866F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0028866F
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0028753D mov eax, dword ptr fs:[00000030h]2_2_0028753D
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0028B710 GetProcessHeap,2_2_0028B710
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess token adjusted: DebugJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess token adjusted: DebugJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeProcess token adjusted: Debug
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0027F063 SetUnhandledExceptionFilter,2_2_0027F063
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0027F22B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0027F22B
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0028866F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0028866F
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0027EF05 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0027EF05
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeMemory allocated: page read and write | page guardJump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeProcess created: C:\Users\user\AppData\Local\Temp\Modrinth.exe "C:\Users\user\AppData\Local\Temp\Modrinth.exe" Jump to behavior
              Source: C:\Users\user\Desktop\Modrinth.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\Modrinth App_0.7.1_x64_en-US.msi" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\intosessionperfcrtSvc\x6qhfc.vbe" Jump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\intosessionperfcrtSvc\QvJVxLMgIdUXKZXo3vjvMJd9h.bat" "Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\intosessionperfcrtSvc\Componentwebfont.exe "C:\intosessionperfcrtSvc\Componentwebfont.exe"Jump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeProcess created: unknown unknownJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0027ED5B cpuid 2_2_0027ED5B
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: GetLocaleInfoW,GetNumberFormatW,2_2_0027A63C
              Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeQueries volume information: C:\intosessionperfcrtSvc\Componentwebfont.exe VolumeInformationJump to behavior
              Source: C:\intosessionperfcrtSvc\Componentwebfont.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeQueries volume information: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe VolumeInformationJump to behavior
              Source: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exeQueries volume information: C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0027D5D4 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,2_2_0027D5D4
              Source: C:\Users\user\AppData\Local\Temp\Modrinth.exeCode function: 2_2_0026ACF5 GetVersionExW,2_2_0026ACF5
              Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected DCRat
              Source: Yara matchFile source: 00000028.00000002.2226399767.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2120796404.000000000381D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000028.00000002.2226399767.000000000326E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000027.00000002.2226297047.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2120796404.0000000003361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2123867809.000000001336F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Componentwebfont.exe PID: 1308, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: DVoCIYUveQTPKsllMirxd.exe PID: 2716, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: DVoCIYUveQTPKsllMirxd.exe PID: 4436, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected DCRat
              Source: Yara matchFile source: 00000028.00000002.2226399767.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2120796404.000000000381D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000028.00000002.2226399767.000000000326E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000027.00000002.2226297047.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2120796404.0000000003361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2123867809.000000001336F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Componentwebfont.exe PID: 1308, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: DVoCIYUveQTPKsllMirxd.exe PID: 2716, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: DVoCIYUveQTPKsllMirxd.exe PID: 4436, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information11
              Scripting              		1
              Replication Through Removable Media              		11
              Windows Management Instrumentation              		11
              Scripting              		1
              DLL Side-Loading              		1
              Disable or Modify Tools              		11
              Input Capture              		1
              System Time Discovery              		Remote Services11
              Archive Collected Data              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter              		1
              DLL Side-Loading              		1
              Windows Service              		11
              Deobfuscate/Decode Files or Information              		LSASS Memory11
              Peripheral Device Discovery              		Remote Desktop Protocol11
              Input Capture              		1
              Non-Application Layer Protocol              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAt1
              Windows Service              		11
              Process Injection              		3
              Obfuscated Files or Information              		Security Account Manager2
              File and Directory Discovery              		SMB/Windows Admin SharesData from Network Shared Drive11
              Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCron1
              Registry Run Keys / Startup Folder              		1
              Registry Run Keys / Startup Folder              		22
              Software Packing              		NTDS37
              System Information Discovery              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              DLL Side-Loading              		LSA Secrets121
              Security Software Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              File Deletion              		Cached Domain Credentials1
              Process Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items333
              Masquerading              		DCSync31
              Virtualization/Sandbox Evasion              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
              Virtualization/Sandbox Evasion              		Proc Filesystem1
              Application Window Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
              Process Injection              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467847 Sample: Modrinth.exe Startdate: 04/07/2024 Architecture: WINDOWS Score: 74 57 chrome.cloudflare-dns.com 2->57 59 cdn.modrinth.com 2->59 61 cdn-raw.modrinth.com 2->61 71 Snort IDS alert for network traffic 2->71 73 Found malware configuration 2->73 75 Antivirus detection for dropped file 2->75 77 12 other signatures 2->77 10 Modrinth.exe 8 3 2->10         started        13 DVoCIYUveQTPKsllMirxd.exe 2 2->13         started        16 msiexec.exe 114 44 2->16         started        18 DVoCIYUveQTPKsllMirxd.exe 2->18         started        signatures3 process4 file5 53 C:\Users\user\AppData\Local\...\Modrinth.exe, PE32 10->53 dropped 20 Modrinth.exe 2 6 10->20         started        24 msiexec.exe 7 10->24         started        87 Multi AV Scanner detection for dropped file 13->87 55 C:\Program Files\...\Modrinth App.exe, PE32+ 16->55 dropped 26 msiexec.exe 1 16->26         started        signatures6 process7 file8 47 C:\...\Componentwebfont.exe, PE32 20->47 dropped 79 Antivirus detection for dropped file 20->79 81 Multi AV Scanner detection for dropped file 20->81 83 Machine Learning detection for dropped file 20->83 28 wscript.exe 1 20->28         started        49 C:\Users\user\AppData\Local\...\MSIEB83.tmp, PE32 24->49 dropped 51 C:\Users\user\AppData\Local\...\MSIC694.tmp, PE32 24->51 dropped signatures9 process10 signatures11 85 Windows Scripting host queries suspicious COM object (likely to drop second stage) 28->85 31 cmd.exe 1 28->31         started        process12 process13 33 Componentwebfont.exe 1 26 31->33         started        37 conhost.exe 31->37         started        file14 39 C:\intosessionperfcrtSvc\RuntimeBroker.exe, PE32 33->39 dropped 41 C:\...\DVoCIYUveQTPKsllMirxd.exe, PE32 33->41 dropped 43 C:\Windows\en-US\csrss.exe, PE32 33->43 dropped 45 8 other malicious files 33->45 dropped 63 Multi AV Scanner detection for dropped file 33->63 65 Drops PE files to the user root directory 33->65 67 Creates processes via WMI 33->67 69 2 other signatures 33->69 signatures15

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Modrinth.exe97%ReversingLabsWin32.Backdoor.DCRat
              Modrinth.exe100%AviraVBS/Runner.VPG
              Modrinth.exe100%AviraVBS/Runner.VPG
              Modrinth.exe100%AviraHEUR/AGEN.1323984
              Modrinth.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Windows\Vss\Writers\Application\RuntimeBroker.exe100%AviraHEUR/AGEN.1323984
              C:\Program Files (x86)\Windows Multimedia Platform\wininit.exe100%AviraHEUR/AGEN.1323984
              C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exe100%AviraHEUR/AGEN.1323984
              C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exe100%AviraHEUR/AGEN.1323984
              C:\Users\Default\SearchApp.exe100%AviraHEUR/AGEN.1323984
              C:\Program Files\Windows Photo Viewer\en-GB\System.exe100%AviraHEUR/AGEN.1323984
              C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exe100%AviraHEUR/AGEN.1323984
              C:\Users\user\AppData\Local\Temp\Modrinth.exe100%AviraVBS/Runner.VPG
              C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exe100%AviraHEUR/AGEN.1323984
              C:\Windows\Vss\Writers\Application\RuntimeBroker.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Windows Multimedia Platform\wininit.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exe100%Joe Sandbox ML
              C:\Users\Default\SearchApp.exe100%Joe Sandbox ML
              C:\Program Files\Windows Photo Viewer\en-GB\System.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Temp\Modrinth.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exe100%Joe Sandbox ML
              C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exe88%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Program Files (x86)\MSECache\OfficeKMS\win7\DVoCIYUveQTPKsllMirxd.exe88%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Program Files (x86)\Windows Multimedia Platform\wininit.exe88%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Program Files\Modrinth App\Modrinth App.exe0%ReversingLabs
              C:\Program Files\Reference Assemblies\Microsoft\Framework\DVoCIYUveQTPKsllMirxd.exe88%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Program Files\Windows Photo Viewer\en-GB\System.exe88%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Users\Default\DVoCIYUveQTPKsllMirxd.exe88%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Users\Default\SearchApp.exe88%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Users\user\AppData\Local\Temp\MSIC694.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\MSIEB83.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\Modrinth.exe62%ReversingLabsByteCode-MSIL.Trojan.Uztuby
              C:\Windows\Vss\Writers\Application\RuntimeBroker.exe88%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\Windows\en-US\csrss.exe88%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\intosessionperfcrtSvc\Componentwebfont.exe88%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe88%ReversingLabsByteCode-MSIL.Ransomware.Prometheus
              C:\intosessionperfcrtSvc\RuntimeBroker.exe88%ReversingLabsByteCode-MSIL.Ransomware.Prometheus

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://www.youtube.com0%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
              https://discord.com0%Avira URL Cloudsafe
              http://html4/loose.dtd0%Avira URL Cloudsafe
              https://tauri.app/docs/api/config#tauri.allowlist)0%Avira URL Cloudsafe
              https://libraries.minecraft.net/(0%Avira URL Cloudsafe
              https://cdn-raw.modrinth.com/fonts/inter/;0%Avira URL Cloudsafe
              https://api.minecraftservices.com/entitlements/license?requestId=0%Avira URL Cloudsafe
              https://modrinth.com0%Avira URL Cloudsafe
              https://asset.localhost;0%Avira URL Cloudsafe
              https://github.com/rust-windowing/tao0%Avira URL Cloudsafe
              https://resources.download.minecraft.net/0%Avira URL Cloudsafe
              https://api.mclo.gs;0%Avira URL Cloudsafe
              https://meta.modrinth.com0%Avira URL Cloudsafe
              https://docs.rs/tauri/1/tauri/scope/struct.IpcScope.html#method.configure_remote_access0%Avira URL Cloudsafe
              https://sisu.xboxlive.com/authorize/authorizet=M0%Avira URL Cloudsafe
              https://cdn.modrle_relative_pathprofile_relative0%Avira URL Cloudsafe
              https://docs.rs/getrandom#nodejs-es-module-supportC:0%Avira URL Cloudsafe
              http://.css0%Avira URL Cloudsafe
              https://xsts.auth.xboxlive.com/xsts/authorize/xsts/authorizerp://api.minecraftservices.com/0%Avira URL Cloudsafe
              https://launcher-files.modrinth.com/detect.txtcheck_internettimeout0%Avira URL Cloudsafe
              https://api.azul.com/metadata/v1/zulu/packages?arch=&java_version=&os=&archive_type=zip&javafx_bundl0%Avira URL Cloudsafe
              https://sisu.xboxlive.com/authenticate/authenticatecode_challenge_methodX-SessionId0%Avira URL Cloudsafe
              https://www.youtube-nocookie.com0%Avira URL Cloudsafe
              https://api.modrinth.com/v2/0%Avira URL Cloudsafe
              https://api.minecraftservices.com/launcher/loginXBL3.00%Avira URL Cloudsafe
              https://api.modrinth.com/analytics/playtimeTried0%Avira URL Cloudsafe
              https://tauri.app/docs/api/config#tauri.allowlist)PlatformOsTypeTempdirLocaleGetAppVersionGetAppName0%Avira URL Cloudsafe
              https://sisu.xboxlive.com/authorize/authorizet=0%Avira URL Cloudsafe
              http://wixtoolset.org0%Avira URL Cloudsafe
              http://auth.xboxlive.com0%Avira URL Cloudsafe
              https://device.auth.xboxlive.com/device/authenticate/device/authenticateProofOfPossession0%Avira URL Cloudsafe
              https://device.auth.xboxlive.com/device/authenticate/device/authenticateProofOfPossession5q0%Avira URL Cloudsafe
              http://cz36357.tw1.ru/@=cDMmNzNiFGO0%Avira URL Cloudsafe
              https://github.com/tauri-apps/tauri/issues/2549#issuecomment-12500369080%Avira URL Cloudsafe
              https://piston-meta.mojang.com/mc/game/version_manifest_v2.json0%Avira URL Cloudsafe
              https://github.com/tauri-apps/tauri/issues/8306)0%Avira URL Cloudsafe
              https://api.minecraftservices.com/minecraft/profile0%Avira URL Cloudsafe
              https://tauri.app/v1/api/config/#securityconfig.dangerousremotedomainipcaccess0%Avira URL Cloudsafe
              http://.jpg0%Avira URL Cloudsafe
              https://meta.modrinth.comx0%Avira URL Cloudsafe
              http://localhost:1420/../dist/assets/index-WeuSTy9x.css0%Avira URL Cloudsafe
              https://launcher-files.modrinth.com/updates.jsondefault-src0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              chrome.cloudflare-dns.com
              		162.159.61.3
              		truefalse
                		unknown
                cdn.modrinth.com
                		104.18.22.35
                		truefalse
                  		unknown
                  cdn-raw.modrinth.com
                  		104.18.23.35
                  		truefalse
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://cz36357.tw1.ru/@=cDMmNzNiFGOtrue
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://html4/loose.dtdModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://discord.comModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://asset.localhost;Modrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://resources.download.minecraft.net/Modrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://cdn-raw.modrinth.com/fonts/inter/;Modrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://tauri.app/docs/api/config#tauri.allowlist)Modrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.com/rust-windowing/taoModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://libraries.minecraft.net/(Modrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://modrinth.comModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.minecraftservices.com/entitlements/license?requestId=Modrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.mclo.gs;Modrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://cdn.modrle_relative_pathprofile_relativeModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://docs.rs/tauri/1/tauri/scope/struct.IpcScope.html#method.configure_remote_accessModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://docs.rs/getrandom#nodejs-es-module-supportC:Modrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://sisu.xboxlive.com/authorize/authorizet=MModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://meta.modrinth.comModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://xsts.auth.xboxlive.com/xsts/authorize/xsts/authorizerp://api.minecraftservices.com/Modrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://.cssModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://launcher-files.modrinth.com/detect.txtcheck_internettimeoutModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.azul.com/metadata/v1/zulu/packages?arch=&java_version=&os=&archive_type=zip&javafx_bundlModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://sisu.xboxlive.com/authenticate/authenticatecode_challenge_methodX-SessionIdModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.youtube-nocookie.comModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.modrinth.com/v2/Modrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.youtube.comModrinth App.exe.5.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.minecraftservices.com/launcher/loginXBL3.0Modrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.modrinth.com/analytics/playtimeTriedModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://sisu.xboxlive.com/authorize/authorizet=Modrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://tauri.app/docs/api/config#tauri.allowlist)PlatformOsTypeTempdirLocaleGetAppVersionGetAppNameModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://auth.xboxlive.comModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://wixtoolset.orgModrinth.exe, Modrinth App_0.7.1_x64_en-US.msi.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://device.auth.xboxlive.com/device/authenticate/device/authenticateProofOfPossessionModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://device.auth.xboxlive.com/device/authenticate/device/authenticateProofOfPossession5qModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.com/tauri-apps/tauri/issues/2549#issuecomment-1250036908Modrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://piston-meta.mojang.com/mc/game/version_manifest_v2.jsonModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.com/tauri-apps/tauri/issues/8306)Modrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://meta.modrinth.comxModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.minecraftservices.com/minecraft/profileModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://tauri.app/v1/api/config/#securityconfig.dangerousremotedomainipcaccessModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameComponentwebfont.exe, 00000008.00000002.2120796404.0000000003825000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://.jpgModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://localhost:1420/../dist/assets/index-WeuSTy9x.cssModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://launcher-files.modrinth.com/updates.jsondefault-srcModrinth App.exe.5.drfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    No contacted IP infos

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1467847
                    Start date and time:2024-07-04 21:56:09 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 7m 25s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:43
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:Modrinth.exe
                    Detection:MAL
                    Classification:mal74.troj.evad.winEXE@20/57@8/0
                    EGA Information:
                    • Successful, ratio: 25%
                    HCA Information:
                    • Successful, ratio: 67%
                    • Number of executed functions: 290
                    • Number of non-executed functions: 98
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, csrss.exe, schtasks.exe
                    • Excluded IPs from analysis (whitelisted): 13.107.42.16
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, meta.modrinth.com, ctldl.windowsupdate.com, cz36357.tw1.ru, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, ipinfo.io, api.modrinth.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, l-0007.l-msedge.net, config.edge.skype.com, launcher-files.modrinth.com
                    • Execution Graph export aborted for target Componentwebfont.exe, PID 1308 because it is empty
                    • Execution Graph export aborted for target DVoCIYUveQTPKsllMirxd.exe, PID 2716 because it is empty
                    • Execution Graph export aborted for target DVoCIYUveQTPKsllMirxd.exe, PID 4436 because it is empty
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • VT rate limit hit for: Modrinth.exe

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    21:57:06Task SchedulerRun new task: csrss path: "C:\Windows\en-US\csrss.exe"
                    21:57:06Task SchedulerRun new task: csrssc path: "C:\Windows\en-US\csrss.exe"
                    21:57:06Task SchedulerRun new task: DVoCIYUveQTPKsllMirxd path: "C:\Users\Default\DVoCIYUveQTPKsllMirxd.exe"
                    21:57:06Task SchedulerRun new task: DVoCIYUveQTPKsllMirxdD path: "C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe"
                    21:57:06Task SchedulerRun new task: RuntimeBroker path: "C:\intosessionperfcrtSvc\RuntimeBroker.exe"
                    21:57:06Task SchedulerRun new task: RuntimeBrokerR path: "C:\intosessionperfcrtSvc\RuntimeBroker.exe"
                    21:57:06Task SchedulerRun new task: SearchApp path: "C:\Users\Default User\SearchApp.exe"
                    21:57:06Task SchedulerRun new task: SearchAppS path: "C:\Users\Default User\SearchApp.exe"
                    21:57:06Task SchedulerRun new task: System path: "C:\Program Files\Windows Photo Viewer\en-GB\System.exe"
                    21:57:06Task SchedulerRun new task: SystemS path: "C:\Program Files\Windows Photo Viewer\en-GB\System.exe"
                    21:57:06Task SchedulerRun new task: wininit path: "C:\Program Files (x86)\windows multimedia platform\wininit.exe"
                    21:57:06Task SchedulerRun new task: wininitw path: "C:\Program Files (x86)\windows multimedia platform\wininit.exe"
                    21:57:09Task SchedulerRun new task: Idle path: "C:\intosessionperfcrtSvc\Idle.exe"
                    21:57:09Task SchedulerRun new task: IdleI path: "C:\intosessionperfcrtSvc\Idle.exe"
                    21:57:09Task SchedulerRun new task: WmiPrvSE path: "C:\intosessionperfcrtSvc\WmiPrvSE.exe"
                    21:57:09Task SchedulerRun new task: WmiPrvSEW path: "C:\intosessionperfcrtSvc\WmiPrvSE.exe"

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    chrome.cloudflare-dns.comYour file name without extension goes here.exeGet hashmaliciousFormBookBrowse
                    • 172.64.41.3
                    https://www.filemail.com/t/RuKZYfeBGet hashmaliciousHTMLPhisherBrowse
                    • 172.64.41.3
                    https://drive.google.com/file/d/1oaUV_AYvIbADa3ZE9hN0L577wBlVV4IF/view?usp=sharingGet hashmaliciousUnknownBrowse
                    • 162.159.61.3
                    List of Required items and services.zipGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                    • 172.64.41.3
                    http://links.notification.intuit.com/ls/click?upn=u001.4HBRtPy8j6uXsK2aeX2RzAh5EFPhCIIFV3VEN-2Fx7CtL7yL0rqbEG5To4Yn7gWqQ9aLy0xQjXtfA1aWI51jOBcgZZmdPU7rNXiI9qBQrw0Fh0XMUzwxEuUgv3ZFNQWIem-2BNTPYnrL9k9a1nDRjz4a88WPYyDduqTuKohuiQXsusYwJ-2FidZWWf8oC-2Bke5XZf6maHD-2Fd7ablYFhYAopCg9-2FJ24-2F8yZwA220wlNNRUX0yppVttR34V4P26behAEAgmPnWgi1QdqkcH8GVovfzu4LIw-3D-3DQBy7_5Y9C-2B-2Fzbmi1Z8AZ1P0Xb45Ep-2FzkkH96c1HQoTeKyfF3Cy9GA0JrKF-2FtBKU7Gy7tV6PIIEw2aSpbKuiOE5zUrdfKHijLS1CrX6di2rdCWz3230MnOWYRyIFetWhrSPF9k5LzSphdJmNETjrHElDpdShj1s4ILnQWpWcU1acTiMnif850-2BYV-2F5lXeG2jTC-2BOwApN8qupRmwT8fNNE9PPcwErJLxahBxSpmSq91gTlumLJlQuv6Mi-2FueOgXZeZsKYVaksXeYc4hm3iYcmZyYCYz0c5CytX-2FkcYDgjcEPGcMdE4wdmef7F34ZhNuR1BzXUZca-2BlM-2FSHy6Wcv-2B44fNGLavW0-2FgwmkSe7DWrN2Qxs4-2BbmqEK8zVd2B-2F-2BfhLv7s-2BwUYCFzSfpco2w0S0EkPk2QiaigfgYJrhsDWFQrr8XAjN8LEK9fzOOYMlKBdNBCCovn1-2BQdoVowInLACYcfv7UF18ixzp9yjXcoI2GtVtXTFy0zwL-2BunyW6y6aLD3UTkKp7eGuS-2Fs2l9K233QQTHOgsxIsW5yOnAipuno6Jz4FUupJjvG-2FSd7m5GLY99tPmOlknWYVUdaS4l4nbH7zNFdVoP-2Fmr7J9FoB812uhszre4JhgikLbqFLMCT1av4GEdnKOwpstUkw9rVNgxd2MHPktA30uhIQeOnTGGKgw66UsPvJvw-3DGet hashmaliciousUnknownBrowse
                    • 172.64.41.3
                    https://bpecuniaimmobili.com/J0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MzY/Get hashmaliciousUnknownBrowse
                    • 162.159.61.3
                    https://crystaliteinc-my.sharepoint.com/:f:/p/johnnyh/EuQdaH3lBSRDvT82TdxqsUoBzZkMIoxp10kCm6OSWVzrDQ?e=3jMitIGet hashmaliciousHTMLPhisherBrowse
                    • 162.159.61.3
                    http://links.notification.intuit.com/ls/click?upn=u001.4HBRtPy8j6uXsK2aeX2RzAh5EFPhCIIFV3VEN-2Fx7CtL7yL0rqbEG5To4Yn7gWqQ9aLy0xQjXtfA1aWI51jOBcvFwiHPBctasT-2BH37s9DQLpYSA3V6kvcYxrb7i-2BW8869Q1AGQsZwMcBFwggfxD9wPuhkpoXPP2pH6Pxft2r68KNXUwn2qNhgWf7iXpRttiZ5jzU77VQHpIqd4UDCGklg6jQVCx1Oz-2B-2FG6EwwrWjdoYXadXNzwr0x4oWqhIvw24YDIrzldaWxTDIPBd4uSs4-2FCQ-3D-3DSO17_UfA4evWKMrf20oDy6KduEL1jjI7kjtsJu923coTX4Wh-2Bxk-2BuyU2sy8PIpJ673-2F-2BOqvMYiwiGKNODq2U4UR8POyjkqSPj7JudLQSEVfRLgMIpzEDpZ4WPWAS25RJP1aZrBg-2FjaXSOMuugRDfHaXUc0LY8jkyj3yMFv3-2B-2FFbzvkvQNt-2BVtvjFKyKwWi3x48HBUrwGpJcCi5ZQI4Yt471jYEeUTKcOdlSsN9TQeF8QZwgPh4sSFpyle7tuGyi8Qmngm3Q5Lx9-2BUANPnHT-2F2L5frEl-2FLovj4Zizb741nQh-2Fam0LMBSzatG3ByaqfsFpta1tPEUd0Z7sCSubGdKzRdymNGAENantcWpNwODIPErY-2BM-2F1Tsq0xkeLGwXcPld9-2FptsG0IGHbS7ipYNIKEQKRCqB74jBgPZVYbU1-2BgCQoqQZ5uDAL-2FgpR4kU-2B4BRT6OYYZRr4wuukYaQmSKj6mWZylILrDBxPAy6UJVWh-2B-2FHKKs2lxJrqHr48p9gBUD3FQM76TbewpS6314nGR-2BAB8Mecp5fZTAV78NmhdHSCmZvh9fYxeiqoYLLBZnI1yBAxdUAGIZkFBE6A1Kld8Sf7EYniBsuoXuo1uyNdE6C847KpiAFo3H71N1KK1i6x9u1qhUOu5WSQOWcXwUtlbMkSUEw8zRNX-2BUGjNxy8LBRQfwqf9jHjJhwt4tUDPZl-2BMXCOGro5OGYGet hashmaliciousUnknownBrowse
                    • 162.159.61.3
                    https://uploads-ssl.webflow.com/64f19dbeb7bd18d4e09517f8/656158fdb0748ff4745b2553_11416187425.pdfGet hashmaliciousUnknownBrowse
                    • 162.159.61.3
                    Payment Confirmation june 27.svgGet hashmaliciousUnknownBrowse
                    • 172.64.41.3

                    ASNs

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    C:\Users\user\AppData\Local\Temp\MSIC694.tmpBizCloud_3.2.0.2453.msiGet hashmaliciousUnknownBrowse
                      https://epicgames-download1.akamaized.net/Builds/UnrealEngineLauncher/Installers/Win32/EpicInstaller-15.17.1.msi?launcherfilename=EpicInstaller-15.17.1-unrealEngine.msiGet hashmaliciousUnknownBrowse
                        https://github.com/qupath/qupath/releases/download/v0.5.1/QuPath-v0.5.1-Windows.msiGet hashmaliciousUnknownBrowse
                          https://wetransfer.com/downloads/500e7f36ea6ce7e88cbd439526ad9f2e20240603080738/09d4ab8c84f1760fdcaa29af1c10b2c420240603080754/8b8539?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousUnknownBrowse
                            https://wetransfer.com/downloads/500e7f36ea6ce7e88cbd439526ad9f2e20240603080738/09d4ab8c84f1760fdcaa29af1c10b2c420240603080754/8b8539?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousUnknownBrowse
                              EmbravaConnect.msiGet hashmaliciousPrivateLoaderBrowse
                                https://symless.com/synergy/synergy/api/download/synergy-win_x64-v3.0.79.1-rc3.msiGet hashmaliciousUnknownBrowse
                                  https://github.com/StrawberryPerl/Perl-Dist-Strawberry/releases/download/SP_53822_64bit/strawberry-perl-5.38.2.2-64bit.msiGet hashmaliciousUnknownBrowse
                                    https://github.com/StrawberryPerl/Perl-Dist-Strawberry/releases/download/SP_53822_64bit/strawberry-perl-5.38.2.2-64bit.msiGet hashmaliciousUnknownBrowse
                                      SecuriteInfo.com.Trojan-PSW.Agent.32564.30919.msiGet hashmaliciousXmrigBrowse

                                        Created / dropped Files

                                        C:\Config.Msi\6ed635.rbs

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:data
                                        Category:modified
                                        Size (bytes):13277
                                        Entropy (8bit):5.495026863417716
                                        Encrypted:false
                                        SSDEEP:192:29ffrshySU0nUfyw/0uhnqedfaiHGjaiHhaq4ZFGR1GWiikgpK:29ffrshzm0AB2BbiaXW
                                        MD5:815A9F280E83B3FFFC38D6157E9E0F25
                                        SHA1:4ABAA374A21EE3818F05880A3AF598FFD4A9FD14
                                        SHA-256:109829964A25949E468A504C0A8F0648DCCA76907577DBC38802D55C37EAD6A3
                                        SHA-512:FCB96DB4B83B6AAACAD4E0B7F4C0712E79E7D8EE68650B23CC980C74858B1ED9E560C7020CA8D643AB80667485E7385DC1B27D4800786C1EEBA855A304FEFA9E
                                        Malicious:false
                                        Reputation:low
                                        Preview:...@IXOS.@.....@%..X.@.....@.....@.....@.....@.....@......&.{67E35770-3BE7-49CB-BE18-C8626CE846EE}..Modrinth App .Modrinth App_0.7.1_x64_en-US.msi.@.....@.....@.....@......ProductIcon..&.{C760B5F9-74CA-4082-83C4-12F6B36A93BB}.....@.....@.....@.....@.......@.....@.....@.......@......Modrinth App......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{2E37D8FF-ECDE-559E-8E0B-74257058D78B}&.{67E35770-3BE7-49CB-BE18-C8626CE846EE}.@......&.{A85DF90F-5FA4-530D-9BFA-C33807C29A55}&.{67E35770-3BE7-49CB-BE18-C8626CE846EE}.@......&.{8FBB1E5B-CACC-5447-BF83-51C73D6B4C3C}&.{67E35770-3BE7-49CB-BE18-C8626CE846EE}.@......&.{ABDBD5A5-D66D-5E6D-AF6E-CBB2D92B1885}&.{67E35770-3BE7-49CB-BE18-C8626CE846EE}.@......&.{7D1A1628-06F9-586F-AACD-E5A1ABE59028}&.{67E35770-3BE7-49CB-BE18-C8626CE846EE}.@......&.{220711B7-E0E0-5D9A-9BCC-810B1073EFE0}&.{67E35770-3BE7-49CB-BE18-C8626CE846EE}.@........InstallFiles..Copying new f

                                        C:\Program Files (x86)\Internet Explorer\SIGNUP\510335ec8a3ea2

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:ASCII text, with very long lines (633), with no line terminators
                                        Category:dropped
                                        Size (bytes):633
                                        Entropy (8bit):5.893043753060876
                                        Encrypted:false
                                        SSDEEP:12:bXIuoKOLzEpeq1/O+fxxi4ym2j34CagQG9hkgEx1nK3O5DWrtWLGJlLJhfP9Q:bXiG1/O+fr9OV1VTUgcEW6H1h39Q
                                        MD5:9EB356B2D51B612B7642DB6DC14AB885
                                        SHA1:A142AAE35C1624CA4369A92D8CF2498246B24726
                                        SHA-256:989EA88B8BEDE4B87EFD3C7CEB41E2581A3EA88CDB1369EEF64718F0442D0E5A
                                        SHA-512:A5B1FCAFE9A3834D31B3DF1BC625FBE001DD65745BD6FD66A1AC65A70756EED73981724E67CB7709E0955B1D5793C27EED0F8D8A7E2BAB3DAFC49B1A9015AAAB
                                        Malicious:false
                                        Reputation:low
                                        Preview:da4CAdgVYblZ6h7v7RnaEaglyFstLlWWPGTXgn9LniYaZ2Eklqm3RdjD3SO5uwJwFOJzOkPURbwfCGM6BHHe9cFwhPeNYEb0YlVLsOWBbSl0qDBwGS4mopxmIXR8FB5NA6HavANwvGDq1PGeOrHGKyLtysCV7X5ZXYzt6kBFEI1ilGv3QxuY3yDLvXlC82yYKnTcZWinqCBC7nHr7JEKnhfjVo8i98GMTdX7xSd4OGs1wAOHQ4FyxounHtGvX9or5ztePJ3opK5hyowUZ0SF2RZosu0DMshObA57Ru2GAbJntNyd7wVgrjynZEweTzc6mqFyszCp8LEbIv4e6XGZWAg1LShM8XxK9MACIAuItqigfXfoKSi6tCkmJOmaRzqkY4c5v2V6m8qqcAWyx3Cqz0b6mY34XU03A8Il4j2R6mTvW3KJ1xnYwAvhcgTX9biSHwpe2v4OAvuMhqksNtCkqcGANkIYPfSeEBnjNqRG3ZYBPiAw5lJPY7lpppRRnf8ecPIgCAehc6rRDEuokVcoWDGGZ74iZ9dXa3jAaet5GlwcQUlk5mqRCUHYJBGFF6IddT1JftOGmgiuQnzFVTmwSLUGwL1YXozJdT87dcFLXkpfwWHfLBtwUVKR8

                                        C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exe

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1229312
                                        Entropy (8bit):6.925393739149001
                                        Encrypted:false
                                        SSDEEP:24576:UKnjvPHZThrFbOO2mpYXU65cVoh/IPj2UFBF3Lju7HreWL6U:UKnjTrIrLMBFXc
                                        MD5:4830C66C5387BFAA6373A25814227C96
                                        SHA1:078B04372A13022208DFE05E40377E76B03FC3E2
                                        SHA-256:B9BF137B0CA0AA62F1BDF06327B54D32E26E51B821FA812F5121E8918186FC7F
                                        SHA-512:ED42CE5FAD26561ED76C181BEAC01BBC0C9D88EA631E6AF6920C04115887E24C8261658842FC3A8CFB9294B86A7008493D9F9C11A72908ABC95AF48B58F0D5EB
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Reputation:low
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......>.... ........@.. .......................@............@....................................K............................ ....................................................... ............... ..H............text...D.... ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Program Files (x86)\MSECache\OfficeKMS\win7\510335ec8a3ea2

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):115
                                        Entropy (8bit):5.39216236444778
                                        Encrypted:false
                                        SSDEEP:3:PZCoK9cRHFKonwmY58vOQHC26LnBDcgzv:xCz+OoLVyD5D
                                        MD5:63407EB6EA15EBFECBF2653649A49F6D
                                        SHA1:B7288FC8C85B77DBF4846150A9FA7F7688003531
                                        SHA-256:6FAA64D5D96EB14F66BE482C9ADBB294F7676F49E37F27364DAE80B75E4AB226
                                        SHA-512:C018FBB3E2871C28628EAD51CDE5F65C5F3E2E4885703C0033161E4534870785751E05E7AFB72F2A451C5A9C46DD196FAFCE3217D367BC589F52998BFAE03500
                                        Malicious:false
                                        Reputation:low
                                        Preview:LAt4qtYRmBvGhMF5NDN9tbvegGKnRojPpF2XCDT3ftS2Yep6UEU5MqWtPPYkiv98bgabTs2JtTdAJ2GBaNSNUoC8sJIxpsUttTa1DNmlLKL2MWjWJWJ

                                        C:\Program Files (x86)\MSECache\OfficeKMS\win7\DVoCIYUveQTPKsllMirxd.exe

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1229312
                                        Entropy (8bit):6.925393739149001
                                        Encrypted:false
                                        SSDEEP:24576:UKnjvPHZThrFbOO2mpYXU65cVoh/IPj2UFBF3Lju7HreWL6U:UKnjTrIrLMBFXc
                                        MD5:4830C66C5387BFAA6373A25814227C96
                                        SHA1:078B04372A13022208DFE05E40377E76B03FC3E2
                                        SHA-256:B9BF137B0CA0AA62F1BDF06327B54D32E26E51B821FA812F5121E8918186FC7F
                                        SHA-512:ED42CE5FAD26561ED76C181BEAC01BBC0C9D88EA631E6AF6920C04115887E24C8261658842FC3A8CFB9294B86A7008493D9F9C11A72908ABC95AF48B58F0D5EB
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Reputation:low
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......>.... ........@.. .......................@............@....................................K............................ ....................................................... ............... ..H............text...D.... ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Program Files (x86)\Windows Multimedia Platform\56085415360792

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:ASCII text, with very long lines (445), with no line terminators
                                        Category:dropped
                                        Size (bytes):445
                                        Entropy (8bit):5.845148819993958
                                        Encrypted:false
                                        SSDEEP:12:PAjcFWwGS6MzubG0niQHEfnV5eR5gddWPfDUrzn:Ib26I0NkwQdWPfDUrL
                                        MD5:E99DE109F0F2E5A4D1ACB82F97B5BC2D
                                        SHA1:D9C388203CB2184021E13A42AC3AED96A604889C
                                        SHA-256:166E4BC66495865E10307303D06CF5B05543FB8A3BE37931CC257CBBD57EB2A6
                                        SHA-512:4C1643CA56449B03846721EB06FA17BE61AE16CE37C4AF428CCB731D8BB6762C34F6935FEFB5A19DC00E564097CC9FEAFFE8C7FC7B48164C873F98313624D02A
                                        Malicious:false
                                        Reputation:low
                                        Preview:vyA1YAs8ycKkmSDKprTtWAJnV92yn4Z1p8asXvFWsKRcYBdaIqz0aIEvoWgZH3U3CS5n2Uw3l7AMsrPTgcq7Fjbg3oEBOqOzzYZFGzhy45OdI2C7HM2pNXyd1YtNQvp5sKWURJNq41CJU8YBmG3Bxjmck6OrFUhIQTv7fsq89MuVUoJ3AslJ2oIIi3uU5gkkU43BNaf3a5ClyQI5wUqXsYQmLmYm7VCclKBZvIqjMrs7lhURvzhkzM15oR0kB35F2j9oPsJooGLBpSAnSG0IxbmYSFveSFhSvnEChpCCp36sB0PVQMS4DwSb6lVJ7oWji3PCO8GmExd3f3XczZNGwmP8VnF6U2FAhXKHkNHSFq0PTY6DO2ThbQw5oQrk2KRLscWHtP1mS4AGw9p7rCrbjijRkOdUgga4Zpg1ByT8BrOgPqJolt30czmK3Fhfv

                                        C:\Program Files (x86)\Windows Multimedia Platform\wininit.exe

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1229312
                                        Entropy (8bit):6.925393739149001
                                        Encrypted:false
                                        SSDEEP:24576:UKnjvPHZThrFbOO2mpYXU65cVoh/IPj2UFBF3Lju7HreWL6U:UKnjTrIrLMBFXc
                                        MD5:4830C66C5387BFAA6373A25814227C96
                                        SHA1:078B04372A13022208DFE05E40377E76B03FC3E2
                                        SHA-256:B9BF137B0CA0AA62F1BDF06327B54D32E26E51B821FA812F5121E8918186FC7F
                                        SHA-512:ED42CE5FAD26561ED76C181BEAC01BBC0C9D88EA631E6AF6920C04115887E24C8261658842FC3A8CFB9294B86A7008493D9F9C11A72908ABC95AF48B58F0D5EB
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......>.... ........@.. .......................@............@....................................K............................ ....................................................... ............... ..H............text...D.... ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Program Files\Modrinth App\Modrinth App.exe

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):10292856
                                        Entropy (8bit):6.425652307974438
                                        Encrypted:false
                                        SSDEEP:98304:7BQhlPhW0W3zmFVHHb9zKMZ08LC2le/NmijwSvWH:V+lPo07v08LCAsNfx0
                                        MD5:9C91D4E56002B6395D6CDAD016AB65FB
                                        SHA1:97AF80CDD148E85FE50CF934ED6A224E12FB8122
                                        SHA-256:F9A00B54DEE51FB3B86BBFB3236A5A53C12A3CEB5FF37063A4013606E485C31C
                                        SHA-512:B6228EAAF7C9C33163FAB4CBD84FC5DD8DD36800F940851FE6590ADBA6760D41F65776067F6CBDD8B7C02F1E525BFBA4811E98DEEC4EFC45D2EDF2DF596711C8
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l .[(Aa.(Aa.(Aa.!9..8Aa..?d..Aa..?e.&Aa..?b.!Aa.c9`.+Aa.(A`..@a.>>e.pAa.(Aa..Aa.>>..)Aa.>>c.)Aa.Rich(Aa.........................PE..d...75(f.........."....$..s..T)......Eq........@.............................`............`..................................................!.......`..........D;.....x(...@..p...............................(.......@.............s..............................text...@.s.......s................. ..`.rdata..H.$...s...$...s.............@..@.data........`...~...B..............@....pdata..D;.......<..................@..@_RDATA..\....P......................@..@.rsrc........`......................@..@.reloc..p....@.....................@..B........................................................................................................................................................................................................

                                        C:\Program Files\Modrinth App\Uninstall Modrinth App.lnk

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Sat Dec 7 08:09:44 2019, mtime=Thu Jul 4 18:56:58 2024, atime=Sat Dec 7 08:09:44 2019, length=69632, window=hide
                                        Category:dropped
                                        Size (bytes):957
                                        Entropy (8bit):4.714102865937756
                                        Encrypted:false
                                        SSDEEP:12:80iCM0m/+M4RllXhUVSXVlSQn1M4pxQ3C8RJjAtP1BdKG8gEoW+UcS4lSlD4c7C5:8lJWd28Z8bAJdK7+/+QVwBCyfm
                                        MD5:4EF5DCCFA9119D60012472725C23C0FC
                                        SHA1:86F8ECBEF003FFDEB6E492D5E55BD4C375D7BC72
                                        SHA-256:842AFB7BB2E4A4A96368CB3CDC6FB6367FEC296E7AB8AB8E67AA3F0D72AAA5AE
                                        SHA-512:51510E8D656A2B7EFB9A91E7DFD33E94AD8806C0F8D0EA86CB5A3329EB0F0A7B60872BC48837A3004BFD66D95CCB43CC4EC8E8F1ED5C8594AA41A7231747EB4B
                                        Malicious:false
                                        Preview:L..................F.... ...........C'TL..................................A....P.O. .:i.....+00.../C:\...................V.1.....DW.r..Windows.@......OwH.X......3........................W.i.n.d.o.w.s.....Z.1......X....System32..B......OwH.X.............................gx.S.y.s.t.e.m.3.2.....b.2......O7I .msiexec.exe.H......O7I.X .....:...........x............m.s.i.e.x.e.c...e.x.e.......N...............-.......M............b.<.....C:\Windows\System32\msiexec.exe....U.n.i.n.s.t.a.l.l.s. .M.o.d.r.i.n.t.h. .A.p.p.".....\.....\.W.i.n.d.o.w.s.\.S.y.s.t.e.m.3.2.\.m.s.i.e.x.e.c...e.x.e.)./.x. .{.6.7.E.3.5.7.7.0.-.3.B.E.7.-.4.9.C.B.-.B.E.1.8.-.C.8.6.2.6.C.E.8.4.6.E.E.}.........%...............wN....]N.D...Q......`.......X.......103386...........hT..CrF.f4... .A.2=.b...,...W..hT..CrF.f4... .A.2=.b...,...W.........A...1SPS.XF.L8C....&.m.%................S.-.1.-.5.-.1.8.........9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                        C:\Program Files\Reference Assemblies\Microsoft\Framework\510335ec8a3ea2

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:ASCII text, with very long lines (649), with no line terminators
                                        Category:dropped
                                        Size (bytes):649
                                        Entropy (8bit):5.8778862820882924
                                        Encrypted:false
                                        SSDEEP:12:2pRvTdZ+XmGQVQ12RB9I5yIz6yHie4Mvv1RqHrU2/QivcpYKW34m:2pRvE7QVgeI8IocvbwVnvMYKW34m
                                        MD5:D1E008E646A7582CF402263EE9C8C03C
                                        SHA1:D3A550D9BDB0A0EEAEE74C79FCCDF2FD1751BB45
                                        SHA-256:3004CCFE5084A55CA180F29188DD1FB318BC0349E4EA209AC9073393B8575B00
                                        SHA-512:BB98DDF519CBFDD1AE7A5528E21A0DC717B65B3EDAB9D0292490AE719A2934847578931DE243DEB0D78B6C6DEA54AC5FFCE84BB22165079CE506466200D00F47
                                        Malicious:false
                                        Preview:6BqvLJX6SZVIAGevWWn08ysMyXiFLsa2dtw1aJzDHauIWMSMpbDE3FpHSe6xkSuj8dpQTmVMgjtiEjzmFWZtpW8XEoi6NBdypKJ3hB2CG0iUWGDtoUsO3A3meRMpDZ9eG433Z6FEdXnyxnB7lzR2TP5oQgYPyN8q1DOcNJTsPnufXFy0QPDOHGL09Pm3hzPPY67uZiubgjnqfZRLri9jJuju1Xd8haLaXeHaHDbrfmrhdeVj7aL90qGnXN3BFw4GYNSAR1EoGREhDBQXC3AGOLjrYeC4KZmsskJQMURGWh2imjjW6f9Lvx1MnkmwyJdrpVyc2AKrl3trTBFy5q8oZa74t6nlrfSMDK3QuHd6VRk2EJ2lfx1ILyROY4t6WiAGlgoIIyEyMBTI0F0jDBG4nJBP3o20XhjwRdQhfudrtD5JeIYSEJ2VcFdbfYPd5Napcg1XySEThZKjN1uuQjwOoOULAyBHeAvfnQr8RBevFjxD53NonfNVbLAOLpW9R6yhno67KwcOFBJFbRQGlWd9wZEcQcwloedIuPaQ7Qe1C8QaB4x4ZPY4dzuNkeqr90kkhBVL0AJU2m6yJoaVp1MYFjo4fMpcjw1LYp2AjlDYGEB036D6EUBIoLe8WaqoUquFvvZevZwDx

                                        C:\Program Files\Reference Assemblies\Microsoft\Framework\DVoCIYUveQTPKsllMirxd.exe

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1229312
                                        Entropy (8bit):6.925393739149001
                                        Encrypted:false
                                        SSDEEP:24576:UKnjvPHZThrFbOO2mpYXU65cVoh/IPj2UFBF3Lju7HreWL6U:UKnjTrIrLMBFXc
                                        MD5:4830C66C5387BFAA6373A25814227C96
                                        SHA1:078B04372A13022208DFE05E40377E76B03FC3E2
                                        SHA-256:B9BF137B0CA0AA62F1BDF06327B54D32E26E51B821FA812F5121E8918186FC7F
                                        SHA-512:ED42CE5FAD26561ED76C181BEAC01BBC0C9D88EA631E6AF6920C04115887E24C8261658842FC3A8CFB9294B86A7008493D9F9C11A72908ABC95AF48B58F0D5EB
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......>.... ........@.. .......................@............@....................................K............................ ....................................................... ............... ..H............text...D.... ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Program Files\Windows Photo Viewer\en-GB\27d1bcfc3c54e0

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:ASCII text, with very long lines (463), with no line terminators
                                        Category:dropped
                                        Size (bytes):463
                                        Entropy (8bit):5.831807304920588
                                        Encrypted:false
                                        SSDEEP:12:Ar7VH7o+GKIYnLUGr4n6gvtxAdADy2AxahU:WDEXvtxooscU
                                        MD5:F33F62939A7F94E4786BD23F2C020379
                                        SHA1:2111D75725E25479E3E42741ECFD26858C5860CB
                                        SHA-256:52ECB597E4EEC55DA849FB31967B6472549F34DFDBE5AFB46FA87911C7414261
                                        SHA-512:BBB5B1E8CA8058783C5104A3A7A2FBD04DE4F7FEB50F702859BD7728D4CAA2F7C1B241B6414A1EC76A6AB40F08F8072365AF87AECD00EF7234C0392AD541DF0B
                                        Malicious:false
                                        Preview:OdSFPuDLNd2nodsgSIpqPi2dGiCBJ7hmAoh4jQsYibKs10z5RsQolyMqky9qsCBP5Pm95y6CaRHyXKmPtGubr3BMb1TuRBpga5wlOzAcvOOTqYTaMt6lRjhBNaiDfMuYllXbXAB4GRpdprfCh2iiEEO0XuXxR67jdzsFA1CMrCfA3EWg4ffmnMThWhEmmNmJUGAz9aBqzV0CiO6SY13vaV5QfLsdwakdZVpxEghddzwSVR8IlvOuU1t9LtTxsi3ZvXmMiJO2UZRkin4OMk2ALzIimqmUMtv55Xg8pwjchWa4jIbhyFlIq2N6ODk1g3pkoWpKG6jaAadzYO9dPEgGHnPCKjtlLr5nqzQMdQa2gLHPZXh9EGmcXicAHmAgM7OSfzJi8wA9nnk6f9nwBugEFdQIXPF0Q3qi6zujO9BRGnyu8gfH9NecaJMCiBLtrKst6BAqPDhCsP8cogJ

                                        C:\Program Files\Windows Photo Viewer\en-GB\System.exe

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1229312
                                        Entropy (8bit):6.925393739149001
                                        Encrypted:false
                                        SSDEEP:24576:UKnjvPHZThrFbOO2mpYXU65cVoh/IPj2UFBF3Lju7HreWL6U:UKnjTrIrLMBFXc
                                        MD5:4830C66C5387BFAA6373A25814227C96
                                        SHA1:078B04372A13022208DFE05E40377E76B03FC3E2
                                        SHA-256:B9BF137B0CA0AA62F1BDF06327B54D32E26E51B821FA812F5121E8918186FC7F
                                        SHA-512:ED42CE5FAD26561ED76C181BEAC01BBC0C9D88EA631E6AF6920C04115887E24C8261658842FC3A8CFB9294B86A7008493D9F9C11A72908ABC95AF48B58F0D5EB
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......>.... ........@.. .......................@............@....................................K............................ ....................................................... ............... ..H............text...D.... ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modrinth App\Modrinth App.lnk

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Apr 23 18:26:12 2024, mtime=Thu Jul 4 18:57:09 2024, atime=Tue Apr 23 18:26:12 2024, length=10292856, window=hide
                                        Category:dropped
                                        Size (bytes):1998
                                        Entropy (8bit):3.643384842255135
                                        Encrypted:false
                                        SSDEEP:24:84dvZp+WKiUARWdRdP+Mhj5uSeImy4Whj5hJnBSyfm:84dvZEWBjAdRdP5CSXmNWr
                                        MD5:7D3E5C34F041EADD63FF5F3BB4D86048
                                        SHA1:1F6DDE95A808FEC4C22D4918FCC1B00B1DEB9B4A
                                        SHA-256:1A6753E1579FC86F7F4E29D8E6DA26F20E9C7055C2E9BB71F126BB4179C81569
                                        SHA-512:96BCCB5DC10BAF5F43AFBA47F057982B003C57EEED5AB57F7532AFC3263EB2CF0453B35C6D238D03C2537467FDF958B4896A41C2A0E65704252362B3FA1BACF1
                                        Malicious:false
                                        Preview:L..................F.@.. ....b.........ZL....b......x............................P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X#.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....b.1......X%...MODRIN~1..J.......X%..X%......=......................?.M.o.d.r.i.n.t.h. .A.p.p.....n.2.x....XF. .MODRIN~1.EXE..R......XF..X%......=........................M.o.d.r.i.n.t.h. .A.p.p...e.x.e.......]...............-.......\............b.<.....C:\Program Files\Modrinth App\Modrinth App.exe....R.u.n.s. .M.o.d.r.i.n.t.h. .A.p.p.=.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.d.r.i.n.t.h. .A.p.p.\.M.o.d.r.i.n.t.h. .A.p.p...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.d.r.i.n.t.h. .A.p.p.\.G.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.6.7.E.3.5.7.7.0.-.3.B.E.7.-.4.9.C.B.-.B.E.1.8.-.C.8.6.2.6.C.E.8.4.6.E.E.}.\.P.r.o.d.u.c.t.I.c.o.n.........%SystemRoot%\Installer\{67E35770-3BE7-49CB-BE18-C8626CE846EE

                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modrinth App\Modrinth App.lnk~RF6edb84.TMP (copy)

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Apr 23 18:26:12 2024, mtime=Thu Jul 4 18:57:09 2024, atime=Tue Apr 23 18:26:12 2024, length=10292856, window=hide
                                        Category:dropped
                                        Size (bytes):1998
                                        Entropy (8bit):3.643384842255135
                                        Encrypted:false
                                        SSDEEP:24:84dvZp+WKiUARWdRdP+Mhj5uSeImy4Whj5hJnBSyfm:84dvZEWBjAdRdP5CSXmNWr
                                        MD5:7D3E5C34F041EADD63FF5F3BB4D86048
                                        SHA1:1F6DDE95A808FEC4C22D4918FCC1B00B1DEB9B4A
                                        SHA-256:1A6753E1579FC86F7F4E29D8E6DA26F20E9C7055C2E9BB71F126BB4179C81569
                                        SHA-512:96BCCB5DC10BAF5F43AFBA47F057982B003C57EEED5AB57F7532AFC3263EB2CF0453B35C6D238D03C2537467FDF958B4896A41C2A0E65704252362B3FA1BACF1
                                        Malicious:false
                                        Preview:L..................F.@.. ....b.........ZL....b......x............................P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X#.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....b.1......X%...MODRIN~1..J.......X%..X%......=......................?.M.o.d.r.i.n.t.h. .A.p.p.....n.2.x....XF. .MODRIN~1.EXE..R......XF..X%......=........................M.o.d.r.i.n.t.h. .A.p.p...e.x.e.......]...............-.......\............b.<.....C:\Program Files\Modrinth App\Modrinth App.exe....R.u.n.s. .M.o.d.r.i.n.t.h. .A.p.p.=.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.d.r.i.n.t.h. .A.p.p.\.M.o.d.r.i.n.t.h. .A.p.p...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.d.r.i.n.t.h. .A.p.p.\.G.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.6.7.E.3.5.7.7.0.-.3.B.E.7.-.4.9.C.B.-.B.E.1.8.-.C.8.6.2.6.C.E.8.4.6.E.E.}.\.P.r.o.d.u.c.t.I.c.o.n.........%SystemRoot%\Installer\{67E35770-3BE7-49CB-BE18-C8626CE846EE

                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modrinth App\~odrinth App.tmp

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Apr 23 18:26:12 2024, mtime=Thu Jul 4 18:57:09 2024, atime=Tue Apr 23 18:26:12 2024, length=10292856, window=hide
                                        Category:dropped
                                        Size (bytes):2087
                                        Entropy (8bit):3.689547928053264
                                        Encrypted:false
                                        SSDEEP:24:84dvZp+WKiUARWdRdP+Mhj5uSeImy4Whj5hJnBxyiEm:84dvZEWBjAdRdP5CSXmNWzE
                                        MD5:2FEB325B555FE16C28376259FDDF6AD7
                                        SHA1:D51239E8F1C6084C1A5CAD9CDC9DC11A83AB02E8
                                        SHA-256:EEEDFCD298AC2D0A814AC25175B87EFAD0495D07D22B221CCA595D7FA37840D4
                                        SHA-512:F5023BB99B42383C1D94EA5DEF5B34F9F4557517F60FDE22BD11711D51D12950CD18C87D97D89FF018C0A10326BD214E69A4F498FA8A4FB1606F9074BBA2014A
                                        Malicious:false
                                        Preview:L..................F.@.. ....b.........ZL....b......x............................P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X#.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....b.1......X%...MODRIN~1..J.......X%..X%......=......................?.M.o.d.r.i.n.t.h. .A.p.p.....n.2.x....XF. .MODRIN~1.EXE..R......XF..X%......=........................M.o.d.r.i.n.t.h. .A.p.p...e.x.e.......]...............-.......\............b.<.....C:\Program Files\Modrinth App\Modrinth App.exe....R.u.n.s. .M.o.d.r.i.n.t.h. .A.p.p.=.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.d.r.i.n.t.h. .A.p.p.\.M.o.d.r.i.n.t.h. .A.p.p...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.d.r.i.n.t.h. .A.p.p.\.G.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.6.7.E.3.5.7.7.0.-.3.B.E.7.-.4.9.C.B.-.B.E.1.8.-.C.8.6.2.6.C.E.8.4.6.E.E.}.\.P.r.o.d.u.c.t.I.c.o.n.........%SystemRoot%\Installer\{67E35770-3BE7-49CB-BE18-C8626CE846EE

                                        C:\Users\Default\38384e6a620884

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:ASCII text, with very long lines (851), with no line terminators
                                        Category:dropped
                                        Size (bytes):851
                                        Entropy (8bit):5.908973003815525
                                        Encrypted:false
                                        SSDEEP:24:Dob/PWdfN4wMuPJCVK1HeJt917pbTcTB3c9P+gX:DeGBNMVh91lgTB3c5r
                                        MD5:97EC9EE320FDF5A7FD4D3368F8FB9FA0
                                        SHA1:F344C93FA090B40FB338B1D342F7F9D4784100E2
                                        SHA-256:3B64FAAE0C01D9648237567D92210E7288F192DAE5052380EDA2A898A9134BCF
                                        SHA-512:C991BCEE2A835C88328DDB696C937C413B8089511C264B3793A635757B093DAB9A60DE90634EA086BA2D2C14E330A2C170C60211B72E85DE9DFC4F8A9FEA5A48
                                        Malicious:false
                                        Preview:MKzRVheaapQZ4QnCE85tKJh2DABbKbAI6FLdsjT6PzpOiX22qBk0GAqCm7NVgDP9oHcyEKTfp9eUeTTqIJuJ1KC6YJ0vV8ZMjqka4DxgsFKGgVhTnhMXSGIdFgZ5TiJrjRvyt2vFWObv95ZDlhHyvC4chGVYn1NJ5dhOktjuvHBEpWdJGWTvaV5gXSQmhXbeAR0gYLc28WCoB0xLmMSRhbtjhA1Sc6NYqgDYf7u44bxESReheF9UEK6ihQ8XUKZBIo8fwYppbXWGooQQgTxW73Tgje0O9XkuBw5oT9uGaU2qx042Ar1AWDEPUb5SiaqExmE1tm7hjr6mAnstj7ORfkX8spU1EchAox3KwCJYuUbpHbPrtLskLYjMOFJERGdGJ58Mti7gy0hLIs1QanI2t7yPOq5q3FGn1UfLdC7KOLvV1XDgO2oo8kXLHs8CmQntu3UyMqxXp7nhLdX0mZbAacpQ6TDuE5i7hCl8CPTiFQ9A7zAoUHZNznSRNE12mCTuZp9J2ZxXF34KcoSHTZZ7fVI4tTu8Xb5C7OlR00v5TCH6sIzivujNmVPEhFZjpz9o71MNDBQcnencNMLleLMm2sal9huubMQdCd816lfudGjIsw0V3yFdnWwObkOgRfBaOJZtNUp3qbJvJS3NqY1mHw0pruZVW9d7EI3iWHHiJMxLNAEJrAz2oZTcTuCd4Tgq8LqBYV0jRSd59pbrpQoWJlTpzbOmEonzpGNCTDuVJQkV6XdnSVyopJhW1BL7GOenonP2cZXlgSM2A7tb8lUt09Kgi0LS2wP5v7rSHkL27MIW7oV3Ru9f3vxpdtTlNFttDRGDQaTXZbvn0xi4eRA

                                        C:\Users\Default\510335ec8a3ea2

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):89
                                        Entropy (8bit):5.370074689461814
                                        Encrypted:false
                                        SSDEEP:3:mRvGDPdtUrj9xwxgSHucw1j9GTsRn:wvHWgXjesRn
                                        MD5:50B574DFB4D035D46157AF0CF9B8F30D
                                        SHA1:37F4FC7A79A1479EF031F63BBC11844341ADE7A6
                                        SHA-256:BE9947B12D15B947BB44BF6EFD5AE3A98CEBF61098719BC461006FD06A1E4F4F
                                        SHA-512:EA822BE4AFB5B04DF030C418115EE93508C1F605B5D430C19D419252506EAF7D41D2D1BE5C44C15994EE480CD4513E3DAE06D13DEDED49BF9116CA9FA53CE1C6
                                        Malicious:false
                                        Preview:eA9uQ0cO8NkqBJcKvWjvnSj9Q7pnXmecBGqK2cFt44Y6uvueUTpWkybLb9dTKy0VsHp4cSRTR01t3nPeMLSD6I2Np

                                        C:\Users\Default\DVoCIYUveQTPKsllMirxd.exe

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1229312
                                        Entropy (8bit):6.925393739149001
                                        Encrypted:false
                                        SSDEEP:24576:UKnjvPHZThrFbOO2mpYXU65cVoh/IPj2UFBF3Lju7HreWL6U:UKnjTrIrLMBFXc
                                        MD5:4830C66C5387BFAA6373A25814227C96
                                        SHA1:078B04372A13022208DFE05E40377E76B03FC3E2
                                        SHA-256:B9BF137B0CA0AA62F1BDF06327B54D32E26E51B821FA812F5121E8918186FC7F
                                        SHA-512:ED42CE5FAD26561ED76C181BEAC01BBC0C9D88EA631E6AF6920C04115887E24C8261658842FC3A8CFB9294B86A7008493D9F9C11A72908ABC95AF48B58F0D5EB
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......>.... ........@.. .......................@............@....................................K............................ ....................................................... ............... ..H............text...D.... ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\Default\SearchApp.exe

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1229312
                                        Entropy (8bit):6.925393739149001
                                        Encrypted:false
                                        SSDEEP:24576:UKnjvPHZThrFbOO2mpYXU65cVoh/IPj2UFBF3Lju7HreWL6U:UKnjTrIrLMBFXc
                                        MD5:4830C66C5387BFAA6373A25814227C96
                                        SHA1:078B04372A13022208DFE05E40377E76B03FC3E2
                                        SHA-256:B9BF137B0CA0AA62F1BDF06327B54D32E26E51B821FA812F5121E8918186FC7F
                                        SHA-512:ED42CE5FAD26561ED76C181BEAC01BBC0C9D88EA631E6AF6920C04115887E24C8261658842FC3A8CFB9294B86A7008493D9F9C11A72908ABC95AF48B58F0D5EB
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......>.... ........@.. .......................@............@....................................K............................ ....................................................... ............... ..H............text...D.... ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\Public\Desktop\Modrinth App.lnk

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Tue Apr 23 18:26:12 2024, mtime=Thu Jul 4 18:57:10 2024, atime=Tue Apr 23 18:26:12 2024, length=10292856, window=hide
                                        Category:dropped
                                        Size (bytes):1048
                                        Entropy (8bit):4.650409694961396
                                        Encrypted:false
                                        SSDEEP:12:8Tlca0YXEh91rdpF46/vvCc9zE1+90zKjGEOAjA+Abh+gEQbdp9gEEEXtbdp9gEv:8Adv0+WKiUAVdRdCJnBSyfm
                                        MD5:3F910C7B4A8C6F91091B97A3EEF4A26E
                                        SHA1:9B0C079AAD7BA651E69E2205FE399106514CD3D3
                                        SHA-256:D3C5A6249D75AB2E6A0C54DF5E7AE69C606DEF9FF1CF021BF8CF7C106FFADB7C
                                        SHA-512:F702B6C984557A3D5BBC95329BC9F790B20F5C351ABBACACDEC50D62B0D97248758B716DC3F4AC1C1B2737D5F5C4CF35095BFE351420327C53DAFB8B49ABC931
                                        Malicious:false
                                        Preview:L..................F.... ....b........![L....b......x............................P.O. .:i.....+00.../C:\.....................1......X%...PROGRA~1..t......O.I.X&.....B...............J.......?.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....b.1......X%...MODRIN~1..J.......X%..X&......=......................?.M.o.d.r.i.n.t.h. .A.p.p.....n.2.x....XF. .MODRIN~1.EXE..R......XF..X%......=........................M.o.d.r.i.n.t.h. .A.p.p...e.x.e.......]...............-.......\............b.<.....C:\Program Files\Modrinth App\Modrinth App.exe....R.u.n.s. .M.o.d.r.i.n.t.h. .A.p.p.4.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.d.r.i.n.t.h. .A.p.p.\.M.o.d.r.i.n.t.h. .A.p.p...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.d.r.i.n.t.h. .A.p.p.\.........&................c^...NI..e.2.......`.......X.......103386...........hT..CrF.f4... ...2=.b...,...W..hT..CrF.f4... ...2=.b...,...W.........A...1SPS.XF.L8C....&.m.%................S.-.1.-.5.-.1.8.........9...1SPS..mD..pH.

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Componentwebfont.exe.log

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1830
                                        Entropy (8bit):5.3661116947161815
                                        Encrypted:false
                                        SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHpHNpaHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKktJtpaqZ8
                                        MD5:FE86BB9E3E84E6086797C4D5A9C909F2
                                        SHA1:14605A3EA146BAB4EE536375A445B0214CD40A97
                                        SHA-256:214AB589DBBBE5EC116663F82378BBD6C50DE3F6DD30AB9CF937B9D08DEBE2C6
                                        SHA-512:07EB2B39DA16F130525D40A80508F8633A18491633D41E879C3A490391A6535FF538E4392DA03482D4F8935461CA032BA2B4FB022A74C508B69F395FC2A9C048
                                        Malicious:false
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\DVoCIYUveQTPKsllMirxd.exe.log

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe
                                        File Type:CSV text
                                        Category:dropped
                                        Size (bytes):1281
                                        Entropy (8bit):5.370111951859942
                                        Encrypted:false
                                        SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                                        MD5:12C61586CD59AA6F2A21DF30501F71BD
                                        SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                                        SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                                        SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                                        Malicious:false
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                        C:\Users\user\AppData\Local\Temp\MSIC694.tmp

                                        Download File
                                        Process:C:\Windows\SysWOW64\msiexec.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):116144
                                        Entropy (8bit):6.633672738599962
                                        Encrypted:false
                                        SSDEEP:1536:YImZwomOndvrhsgz56GoiFmntw1ebC0fsWk0FlcdOJKJpPpxyNokVbY4:jewOdvregz5L/mxb7FUOsrPpxyN7/
                                        MD5:4FDD16752561CF585FED1506914D73E0
                                        SHA1:F00023B9AE3C8CE5B7BB92F25011EAEBE6F9D424
                                        SHA-256:AECD2D2FE766F6D439ACC2BBF1346930ECC535012CF5AD7B3273D2875237B7E7
                                        SHA-512:3695E7EB1E35EC959243A91AB5B4454EB59AEEF0F2699AA5DE8E03DE8FBB89F756A89130526DA5C08815408CB700284A17936522AD2CAD594C3E6E9D18A3F600
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Joe Sandbox View:
                                        • Filename: BizCloud_3.2.0.2453.msi, Detection: malicious, Browse
                                        • Filename: , Detection: malicious, Browse
                                        • Filename: , Detection: malicious, Browse
                                        • Filename: , Detection: malicious, Browse
                                        • Filename: , Detection: malicious, Browse
                                        • Filename: EmbravaConnect.msi, Detection: malicious, Browse
                                        • Filename: , Detection: malicious, Browse
                                        • Filename: , Detection: malicious, Browse
                                        • Filename: , Detection: malicious, Browse
                                        • Filename: SecuriteInfo.com.Trojan-PSW.Agent.32564.30919.msi, Detection: malicious, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z.b...1...1...1/.^1...1/.\1...1/.]1...1.s.0...1.s.0...1.s.0...1.c<1...1...1^..1.r.0...1.r.0...1.rP1...1..81...1.r.0...1Rich...1........................PE..L....p.]...........!.................4....... ......................................Y.....@.........................p...\..............x...............................T...........................8...@............ ..(............................text...k........................... ..`.rdata...w... ...x..................@..@.data...<"..........................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\MSIEB83.tmp

                                        Download File
                                        Process:C:\Windows\SysWOW64\msiexec.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):216496
                                        Entropy (8bit):6.646208142644182
                                        Encrypted:false
                                        SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                        MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                        SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                        SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                        SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\Modrinth App_0.7.1_x64_en-US.msi

                                        Download File
                                        Process:C:\Users\user\Desktop\Modrinth.exe
                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Modrinth App, Author: modrinth, Keywords: Installer, Comments: This installer database contains the logic and data required to install Modrinth App., Template: x64;0, Revision Number: {C760B5F9-74CA-4082-83C4-12F6B36A93BB}, Create Time/Date: Tue Apr 23 23:26:10 2024, Last Saved Time/Date: Tue Apr 23 23:26:10 2024, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                        Category:dropped
                                        Size (bytes):5292032
                                        Entropy (8bit):7.946423046698208
                                        Encrypted:false
                                        SSDEEP:98304:fNT+6HE4ThcGalSS9d+udj3mYcCqQcgT3XV8tEbETvsDHaLqV710ZZ9rPzrPW:1/HMlS2JxmYcmcg7XGqb6Msq51GP
                                        MD5:5003486A784143BC96C3577172BBB44A
                                        SHA1:9A960998807126041FAE5B4FE9488D7FF3C5CA42
                                        SHA-256:B1AC36000CEE14B9C36AEA4CEF7F53ED2E7C18C9534B4FF66F07DA11E8C07B59
                                        SHA-512:3FD871414CFFE35AE649DBB02935EDDCAD75EE094F2D61F2CEF48827DFB852FF3B8E4211F913BF65E4619B2A4989A2807D876A920A105735AC3E59362802EE19
                                        Malicious:false
                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\Modrinth.exe

                                        Download File
                                        Process:C:\Users\user\Desktop\Modrinth.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):1673866
                                        Entropy (8bit):6.805438665382823
                                        Encrypted:false
                                        SSDEEP:24576:I2G/nvxW3WWQ6KnjvPHZThrFbOO2mpYXU65cVoh/IPj2UFBF3Lju7HreWL6U8:IbA3K6KnjTrIrLMBFXc2
                                        MD5:24F86EDBA8782175BB4583A8CA79EA5A
                                        SHA1:B3ACFB862923762902BCCAF7920AFE9E627A4868
                                        SHA-256:17B6CEE122E0E8AEC959B45F83646D5F7E4E2657677ECBB17FFBAAD33D3D5C0B
                                        SHA-512:EC3089F6B115A908EDE383372277BEB36EDDC4DAA1E8E5E66C7EA87F09578937528028F1087F75409E745A905D4DE92E8B3AFB2D51C509B7CC1961713039E417
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 62%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...*...._......._..'...._f.'...._..'...Rich&...................PE..L....._............................@........0....@..........................@............@......................... ...4...T...<....0..H.......................h"......T............................U..@............0..`...... ....................text............................... ..`.rdata.......0......................@..@.data...(7..........................@....didat....... ......................@....rsrc...H....0......................@..@.reloc..h".......$..................@..B........................................................................................................................................................................................................................................

                                        C:\Windows\Installer\6ed634.msi

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Modrinth App, Author: modrinth, Keywords: Installer, Comments: This installer database contains the logic and data required to install Modrinth App., Template: x64;0, Revision Number: {C760B5F9-74CA-4082-83C4-12F6B36A93BB}, Create Time/Date: Tue Apr 23 23:26:10 2024, Last Saved Time/Date: Tue Apr 23 23:26:10 2024, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                        Category:dropped
                                        Size (bytes):5292032
                                        Entropy (8bit):7.946423046698208
                                        Encrypted:false
                                        SSDEEP:98304:fNT+6HE4ThcGalSS9d+udj3mYcCqQcgT3XV8tEbETvsDHaLqV710ZZ9rPzrPW:1/HMlS2JxmYcmcg7XGqb6Msq51GP
                                        MD5:5003486A784143BC96C3577172BBB44A
                                        SHA1:9A960998807126041FAE5B4FE9488D7FF3C5CA42
                                        SHA-256:B1AC36000CEE14B9C36AEA4CEF7F53ED2E7C18C9534B4FF66F07DA11E8C07B59
                                        SHA-512:3FD871414CFFE35AE649DBB02935EDDCAD75EE094F2D61F2CEF48827DFB852FF3B8E4211F913BF65E4619B2A4989A2807D876A920A105735AC3E59362802EE19
                                        Malicious:false
                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Installer\6ed636.msi

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Modrinth App, Author: modrinth, Keywords: Installer, Comments: This installer database contains the logic and data required to install Modrinth App., Template: x64;0, Revision Number: {C760B5F9-74CA-4082-83C4-12F6B36A93BB}, Create Time/Date: Tue Apr 23 23:26:10 2024, Last Saved Time/Date: Tue Apr 23 23:26:10 2024, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                        Category:dropped
                                        Size (bytes):5292032
                                        Entropy (8bit):7.946423046698208
                                        Encrypted:false
                                        SSDEEP:98304:fNT+6HE4ThcGalSS9d+udj3mYcCqQcgT3XV8tEbETvsDHaLqV710ZZ9rPzrPW:1/HMlS2JxmYcmcg7XGqb6Msq51GP
                                        MD5:5003486A784143BC96C3577172BBB44A
                                        SHA1:9A960998807126041FAE5B4FE9488D7FF3C5CA42
                                        SHA-256:B1AC36000CEE14B9C36AEA4CEF7F53ED2E7C18C9534B4FF66F07DA11E8C07B59
                                        SHA-512:3FD871414CFFE35AE649DBB02935EDDCAD75EE094F2D61F2CEF48827DFB852FF3B8E4211F913BF65E4619B2A4989A2807D876A920A105735AC3E59362802EE19
                                        Malicious:false
                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Installer\MSID819.tmp

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):58349
                                        Entropy (8bit):7.949318610942256
                                        Encrypted:false
                                        SSDEEP:1536:TvL089poXChi+IUEc79w7k/hjM60XPDU6:TvA8PoXCgUEc79k69d0X46
                                        MD5:7BBDD9FC5BFA65689466AE8D51BFDA17
                                        SHA1:46E43729669A19C21C2B32C93943CC887BFFA60D
                                        SHA-256:6EE7E163DCBC4AF63CF1B16656392EE465B5A421D8B63258815D7B75402637C1
                                        SHA-512:BA013CF5EABEF2A601646C5003EBC76D4BA8EE1FD27B89747D51998EFAE048DE9F65EC483CBCDACFACF30D669C42EBAE9BE258B2E5918FBDA22F845C8165CB4D
                                        Malicious:false
                                        Preview:...@IXOS.@.....@%..X.@.....@.....@.....@.....@.....@......&.{67E35770-3BE7-49CB-BE18-C8626CE846EE}..Modrinth App .Modrinth App_0.7.1_x64_en-US.msi.@.....@.....@.....@......ProductIcon..&.{C760B5F9-74CA-4082-83C4-12F6B36A93BB}.....@.....@.....@.....@.......@.....@.....@.......@......Modrinth App......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{2E37D8FF-ECDE-559E-8E0B-74257058D78B}3.21:\Software\modrinth\Modrinth App\Desktop Shortcut.@.......@.....@.....@......&.{A85DF90F-5FA4-530D-9BFA-C33807C29A55}-.21:\Software\modrinth\Modrinth App\InstallDir.@.......@.....@.....@......&.{8FBB1E5B-CACC-5447-BF83-51C73D6B4C3C}..C:\Program Files\Modrinth App\Modrinth App.exe.@.......@.....@.....@......&.{ABDBD5A5-D66D-5E6D-AF6E-CBB2D92B1885}7.21:\Software\modrinth\Modrinth App\Uninstaller Shortcut.@.......@.....@.....@......&.{7D1A1628-06F9-586F-AACD-E5A1ABE59028}+.

                                        C:\Windows\Installer\SourceHash{67E35770-3BE7-49CB-BE18-C8626CE846EE}

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:Composite Document File V2 Document, Cannot read section info
                                        Category:dropped
                                        Size (bytes):20480
                                        Entropy (8bit):1.1742184191975515
                                        Encrypted:false
                                        SSDEEP:12:JSbX72Fjt3iAGiLIlHVRpbh/7777777777777777777777777vDHFpjXJBxbOCMV:J7yQI5/bXJa38F
                                        MD5:6A02E3E03583E67B88733232AF04ED65
                                        SHA1:F6B60F93464D7DE2DF4B3385720057C612B94B08
                                        SHA-256:4C45646EED58170A298093C62D8FAF67270ABA0B90BE8C52CFC346CF3DB8E37F
                                        SHA-512:9271501A62F9250F944CBF0B342AF3727403369DB3A860DA2D64B5211DE9DDB2127102D0701BEDBF42A8C0D2DDAC5D789CDBD8CDCD3DF801838DED2AB648F54E
                                        Malicious:false
                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Installer\inprogressinstallinfo.ipi

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:Composite Document File V2 Document, Cannot read section info
                                        Category:dropped
                                        Size (bytes):20480
                                        Entropy (8bit):1.5440065349215792
                                        Encrypted:false
                                        SSDEEP:48:q8PhFuRc06WX44FT5hZWWMduF6AdyS5lxPKdySIlNpXs:1hF1IFT5WWt6WDi
                                        MD5:2C2CD40B97D12C6B6A2B5BFB5735929F
                                        SHA1:1DF99EFB3E255F55CFB373C5C067AECED8378F4C
                                        SHA-256:1BDA0C54720A53FE80F7FF4B59A03619A7CE3017775AB0969279D1F66900AAFB
                                        SHA-512:C1481EFDC98269FA776552E312C62CAD21769C6B3F4F175FD21AEF4F87E93F0E158F31B99376F9B0EA4F7EDB9F8216B47DDF9DAF7E9CEF2ADFF4F86AC49B3639
                                        Malicious:false
                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Installer\{67E35770-3BE7-49CB-BE18-C8626CE846EE}\ProductIcon

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:MS Windows icon resource - 6 icons, 32x32 with PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
                                        Category:dropped
                                        Size (bytes):53242
                                        Entropy (8bit):7.985318909302482
                                        Encrypted:false
                                        SSDEEP:768:sUvL0bomOt4coXNYhi/Qp7WwIxfSQCADo7y4w9ZjLtC+F7g/hcSAzG90d1nP/m:pvL089poXChi+IUEc79w7k/hjM60XPu
                                        MD5:97D81CB0E98D22BB7992FD673BB65C4F
                                        SHA1:F5A3E4AFBDFCE7880B3AA373990D5EBC361C4CBA
                                        SHA-256:26F91F63041A4CA7F5889FB87C087C6A8C432EFE35BDFA910D43DB971839A0E7
                                        SHA-512:1C9AD54FD074BF41B9D06607BA4E28BFA4F3A14B0DED7A5B177B2673336DFE21194577F5BD1A83A2396FDD97D57628070CEE556CA579A1EF8FE6BEBABF5B31E5
                                        Malicious:false
                                        Preview:...... .... .T...f......... ............... .....@...00.... .D.......@@.... ......)........ .>....H...PNG........IHDR... ... .....szz.....IDATx..Wi.]U...s.o_f..N..N[.......,6*E... |p..0..j...../..$@.%a1.....VJ...Neh.v...f.........T...x...{.........)....Ru.#.-v8...R.n!D.i.+....{...r.q^.}o.qX......e.|h...........[..)D...hz...")..B.d>[...P....ns....E.4.....w#..Z&S...D...~..H.#.,.K.G.....Qi......)..d".F.T.U.4...5.7.....K.....>P.Z.im{!.........v%6u.......+@.....u*W.........=.-.......No.<w..........s.`.B.Z..;.w./..bC[H..'.".D.."sDc..*n..q.h..i.f.d..?......4e:l..W.....&9.M.p..~.W.....[s....q]m6q...y...F.......<0C..2..2.o..+...n.V..f..B?u.x.hS$B!..K...%D...*.O...R.*....B.J]i4.V..^.K.eP.`..P...s..7f.$I.2h.!3DaC....+....B?|.).v.Yo...'.p..@..,..t._G..-.<a...._]...w......Z..bm..~.......>...%.KZ!.c...p......a.vqn..4|..N7B.H...7...k..|.....c..,.g..s....D....h.....:..k!.. q....GKPw.Bm.."fA...'R.^,K.|'.....R...P"z.S.>.}?o.@"......i.W.Z..@.....E_..o6A

                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):364484
                                        Entropy (8bit):5.365496739414871
                                        Encrypted:false
                                        SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaub:zTtbmkExhMJCIpE4
                                        MD5:C960957701619E19A2D790A845549A40
                                        SHA1:E99FD79D2E3BBE3A93426CC15E78537013FA3C25
                                        SHA-256:6EEA2DC5B051669B04F60EF2A091A2AEB9CA9CF8859CEA1F00618447EC8F668F
                                        SHA-512:58216E58FBEB56432AA4BA01692C14B0300E55C1F2A33120F9F75A2DA6E7905FADF27D016566E64672A7FD6F5CB722C54C60E7996537512CAF96B46A4D8C96E7
                                        Malicious:false
                                        Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                        C:\Windows\Temp\~DF090D7A4F00EC6562.TMP

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):512
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:3::
                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                        Malicious:false
                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Temp\~DF0945CB95462FFABB.TMP

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:Composite Document File V2 Document, Cannot read section info
                                        Category:dropped
                                        Size (bytes):32768
                                        Entropy (8bit):1.2372449198440152
                                        Encrypted:false
                                        SSDEEP:48:H+9uaO+xFX49T5NuZWWMduF6AdyS5lxPKdySIlNpXs:e93eTsWWt6WDi
                                        MD5:BCF51C277674F3EB357B26D14F40EAFB
                                        SHA1:00B6DA87B0A41B2017E8D38DEB3B708B1C61A1A8
                                        SHA-256:31B5B0FB96D7B8833170FECA157AFA7748A339297793F7DD059414BA4EFD4B2C
                                        SHA-512:C9BAAE95A9202A7AA2661D08E57CA75CEFE244CC78B0563BC429089FE321FBF02AA0FFECC4E91719020467127CEB8F5F2D3F97D0A886C4D7F30D50281810B694
                                        Malicious:false
                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Temp\~DF198724A824B669DB.TMP

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):512
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:3::
                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                        Malicious:false
                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Temp\~DF1D3096E52845E44B.TMP

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:Composite Document File V2 Document, Cannot read section info
                                        Category:dropped
                                        Size (bytes):32768
                                        Entropy (8bit):1.2372449198440152
                                        Encrypted:false
                                        SSDEEP:48:H+9uaO+xFX49T5NuZWWMduF6AdyS5lxPKdySIlNpXs:e93eTsWWt6WDi
                                        MD5:BCF51C277674F3EB357B26D14F40EAFB
                                        SHA1:00B6DA87B0A41B2017E8D38DEB3B708B1C61A1A8
                                        SHA-256:31B5B0FB96D7B8833170FECA157AFA7748A339297793F7DD059414BA4EFD4B2C
                                        SHA-512:C9BAAE95A9202A7AA2661D08E57CA75CEFE244CC78B0563BC429089FE321FBF02AA0FFECC4E91719020467127CEB8F5F2D3F97D0A886C4D7F30D50281810B694
                                        Malicious:false
                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Temp\~DF25C075B902BE1BC1.TMP

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:Composite Document File V2 Document, Cannot read section info
                                        Category:dropped
                                        Size (bytes):20480
                                        Entropy (8bit):1.5440065349215792
                                        Encrypted:false
                                        SSDEEP:48:q8PhFuRc06WX44FT5hZWWMduF6AdyS5lxPKdySIlNpXs:1hF1IFT5WWt6WDi
                                        MD5:2C2CD40B97D12C6B6A2B5BFB5735929F
                                        SHA1:1DF99EFB3E255F55CFB373C5C067AECED8378F4C
                                        SHA-256:1BDA0C54720A53FE80F7FF4B59A03619A7CE3017775AB0969279D1F66900AAFB
                                        SHA-512:C1481EFDC98269FA776552E312C62CAD21769C6B3F4F175FD21AEF4F87E93F0E158F31B99376F9B0EA4F7EDB9F8216B47DDF9DAF7E9CEF2ADFF4F86AC49B3639
                                        Malicious:false
                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Temp\~DF4A714EFFCA52E6A2.TMP

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:Composite Document File V2 Document, Cannot read section info
                                        Category:dropped
                                        Size (bytes):32768
                                        Entropy (8bit):1.2372449198440152
                                        Encrypted:false
                                        SSDEEP:48:H+9uaO+xFX49T5NuZWWMduF6AdyS5lxPKdySIlNpXs:e93eTsWWt6WDi
                                        MD5:BCF51C277674F3EB357B26D14F40EAFB
                                        SHA1:00B6DA87B0A41B2017E8D38DEB3B708B1C61A1A8
                                        SHA-256:31B5B0FB96D7B8833170FECA157AFA7748A339297793F7DD059414BA4EFD4B2C
                                        SHA-512:C9BAAE95A9202A7AA2661D08E57CA75CEFE244CC78B0563BC429089FE321FBF02AA0FFECC4E91719020467127CEB8F5F2D3F97D0A886C4D7F30D50281810B694
                                        Malicious:false
                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Temp\~DF58F9FD53BE13BF02.TMP

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):32768
                                        Entropy (8bit):0.0792217144677373
                                        Encrypted:false
                                        SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOpLPEeJJE/sAAbhsIXIVky6lMt/:2F0i8n0itFzDHFpjXJBxbOCM1
                                        MD5:0E9565C889C066B7F70CA27CC0876969
                                        SHA1:76233AF764036360D84050BE2E77BE3F19E69666
                                        SHA-256:207322B246ECB9DCF7237E8C34CBE6E3A009A45B54CA49568E6EDD1CC6B1876F
                                        SHA-512:FA98AA86B741BDB08A5AD7F8B191031AAEB9BEF7CBDEDA8D34CFBBC845A2F33DBD3C6DEC835C6A878EA7DE9FA7DC8792CDB8AAD225B8FD4F12A5AA6457D2162E
                                        Malicious:false
                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Temp\~DFB20AD4B3D17979AE.TMP

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:Composite Document File V2 Document, Cannot read section info
                                        Category:dropped
                                        Size (bytes):20480
                                        Entropy (8bit):1.5440065349215792
                                        Encrypted:false
                                        SSDEEP:48:q8PhFuRc06WX44FT5hZWWMduF6AdyS5lxPKdySIlNpXs:1hF1IFT5WWt6WDi
                                        MD5:2C2CD40B97D12C6B6A2B5BFB5735929F
                                        SHA1:1DF99EFB3E255F55CFB373C5C067AECED8378F4C
                                        SHA-256:1BDA0C54720A53FE80F7FF4B59A03619A7CE3017775AB0969279D1F66900AAFB
                                        SHA-512:C1481EFDC98269FA776552E312C62CAD21769C6B3F4F175FD21AEF4F87E93F0E158F31B99376F9B0EA4F7EDB9F8216B47DDF9DAF7E9CEF2ADFF4F86AC49B3639
                                        Malicious:false
                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Temp\~DFC48FD5848745477D.TMP

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):512
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:3::
                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                        Malicious:false
                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Temp\~DFCD19227ECC0281B0.TMP

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):512
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:3::
                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                        Malicious:false
                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Temp\~DFFF422DE5C7B7B6A8.TMP

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):69632
                                        Entropy (8bit):0.1347678708137816
                                        Encrypted:false
                                        SSDEEP:24:ivlNpkEsh+dyipVs+duTpAdWmgdyipV7VQwGQKSxkW+a+woSZ:qlNpXsIdySFduF6AdyS5lxPFWSZ
                                        MD5:A173986365D338A5DEC06AAE4EF26143
                                        SHA1:105C5BCF7D7AF78860D17DDD7B15B4C8DD7AC691
                                        SHA-256:7BDD033538E8C774443863D0BA1BE54D6531DC62B4CBF054676B1305C69BBE01
                                        SHA-512:458718D0464169C6701732FB6CE623379F62D59BC59DCBB13235CFE72BF3555AF11D86EA04F14032749C1492E339F88129F54C801AE8F3D4099AA86D5F9E8157
                                        Malicious:false
                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Temp\~DFFFAD356C80279C1B.TMP

                                        Download File
                                        Process:C:\Windows\System32\msiexec.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):512
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:3::
                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                        Malicious:false
                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\Vss\Writers\Application\9e8d7a4ca61bd9

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:ASCII text, with very long lines (954), with no line terminators
                                        Category:dropped
                                        Size (bytes):954
                                        Entropy (8bit):5.901312532692148
                                        Encrypted:false
                                        SSDEEP:24:BzxGCNvMI7yHBWmlS4rs34gIMNBxTzLUcOCoH6:d78H4mlSCs3IGTF
                                        MD5:21B62687BC34AA1CF3D7F3C03D59D4D7
                                        SHA1:4A006E7C3E5962EBDB5EA58AFC625B877959F09E
                                        SHA-256:E7C14B43FE98F623440D519A368F95EB04808293E86385FA241A21E70F38C307
                                        SHA-512:AAC343D3110CF474B9DDC1B66DB8B38299A9CCF8518921F79D8D6505CB6B5ADF784EBFC122295BD9A9236646B48563D751BE6F0B4D33FE20705F3D0422164B9C
                                        Malicious:false
                                        Preview:o2m3OaYsgyUZDVMV5DzHJr8sEvTh0rzYFK0TZzi36bvJa8QgnXCniJx743ycH11y96U2e36Ff6Lr5ySGew4dpLz5W3YfAFwFj7KdnYCtb7Hl8GCGls7U6YJxGZflfaEaKFH8oydGuKBrEO6Q1S4SHbJLxWXO2aOB2qb38DbwP1kwXbt1cOtMfvSs66KSaOOT59zXwCSx0HDQ1WyWmfvnrCgHYt7B3JWAnQ0XmVEZ56VXrC0jIyp5ckm3dr9DFR4rvDnlgauRaVrvqIaV2X3FeahCo734VBUoBomoZPDrDXeG21MVRnKrYzMUfk6ihz5ZBCtCfv6nULBG5aJxuhns0mQLbRIySeKOcFFzHKzfrgWMyFYEaJx9MNiYwikOnIV0Axo0VUqksHATQDXW2DXJqLBOgrDijl2iLfMBaitGdNRFMOIsLNWjvMKzvaToQHAHPcIu1V5TUQqc36BSiUXVOSx9VWPAOFzVMJ0uGX1zSCPefr5zYBF6to26oIZeG5FPaUQuFRLLciDMDTdnaZlN93lhR3F88XsW79DLbLtH04dLlp3VovDrU1PhstcMLMMFzrPDPSMPpeXFZa6lAuTMTBCFugcrsh5nrYV3azFWjyBzeKHSx1Lb3AwypJTszegHjtYBECKKo6mf9MljZK41VdtqmhORgXhFR3QuvGNvqBx7XRycitTokovFArZhx3oRYhNG50xS6JLUqwSVswswD2fnHKuErp7wWgi0Dsgr5BsacbZNYDzBL1OgCj8vGtlRLZ8JNcRAPA0CKELqvgpn06leSCxeuvlMZaODdPA5wyvKALV8YR9jE8aPyd1LpxQeZomtzHNfgt0BLbdGrzFcvCIaA9O9XyQ9iRuWjlIQEdCUIYEW9vezrxsWgLt03NHrd0d4qHgFrzYS9xSm51AmUaSuiXzX2RX0VV1R5Jq1OYI2ZZXt3H5BNfWCis

                                        C:\Windows\Vss\Writers\Application\RuntimeBroker.exe

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1229312
                                        Entropy (8bit):6.925393739149001
                                        Encrypted:false
                                        SSDEEP:24576:UKnjvPHZThrFbOO2mpYXU65cVoh/IPj2UFBF3Lju7HreWL6U:UKnjTrIrLMBFXc
                                        MD5:4830C66C5387BFAA6373A25814227C96
                                        SHA1:078B04372A13022208DFE05E40377E76B03FC3E2
                                        SHA-256:B9BF137B0CA0AA62F1BDF06327B54D32E26E51B821FA812F5121E8918186FC7F
                                        SHA-512:ED42CE5FAD26561ED76C181BEAC01BBC0C9D88EA631E6AF6920C04115887E24C8261658842FC3A8CFB9294B86A7008493D9F9C11A72908ABC95AF48B58F0D5EB
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......>.... ........@.. .......................@............@....................................K............................ ....................................................... ............... ..H............text...D.... ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Windows\en-US\886983d96e3d3e

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:ASCII text, with very long lines (664), with no line terminators
                                        Category:dropped
                                        Size (bytes):664
                                        Entropy (8bit):5.879465257741132
                                        Encrypted:false
                                        SSDEEP:12:Ch7x5wVXB8GHUtM+7eLEbSdKtV4mYKMhB4mvo/8cSCgKlF2QmuI:CRKB8GHUtMvAWktCfDolrF2QmuI
                                        MD5:E838D8B3557A5596A5D6AFB3389872EC
                                        SHA1:A8DD36F39349BA7BCA99F904A86172DF0F564A76
                                        SHA-256:93891ECE55D31597B1A9DA0AF3341D1C5BADB6C1E5CB15D2CA5B0492BB07D6F1
                                        SHA-512:46F653C6DF0E292630108E8574C5F6BCBAB29537CAC94AD45B945382E2C920A57B1E2360C885FC815DAFB61CB508FB2D9331A082EAE84E355999BA7708AEB324
                                        Malicious:false
                                        Preview:2dZTqhSn0alFcAJypKZH6Fl5TPG2Ol5H0w3Jbe2WMnJrMoj9ANKN0csw2d9abZYPfeOpG9WKRD4S54toqG2BarQYEGR8fc5xO4Lra33B095xhZ17tUuUhXyyN0lArYpzIHDAsBOwN1Kbvd0oOUOKrlP1FXejR2TcTFpZV0PsF7GqNXCt96vXKfIh1M5UhpeVhsHpyaSYEgEuejosUukVH5Ry7IiJ54KacvIePW5inXSnaXCSiMAwEJNmaSsq2JcKVoRtbJc7yBrunnYjFQlt4YVShgE7oPqe4ISvFT0YtC7Dcd8w3IkmitQ6S9L5FfTjVMzfVmdwZM92aRzDhRDgoD5K1VdGH5SOtYsQndbQoyNVuYgAJIYybw4RQpn9JXoe4vJCjjZDzw100kadzc79gew6da980cHRJsb8PdbjsU8o4EbqPKJrZp7a8MjIkbNXpkqHJbOWAXQMfHCY9StqSZ1duAAC3T9RHl9TXTgx5xqCYv41KLIRrhFQsMWIbLcrY9F4IsApw5uetyF9GI2sKrjjfslK7YWtV9oYpAscKdfvwkg3HWCSTugqZfYZHzsXiAJuKqUGZahrMyw5MrDkVEakc89JlTVVuHMwawtbC623MzdlsdNZwICekiSLrKeGFM7ElAfZ7lhZMgYneXbIF5im

                                        C:\Windows\en-US\csrss.exe

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1229312
                                        Entropy (8bit):6.925393739149001
                                        Encrypted:false
                                        SSDEEP:24576:UKnjvPHZThrFbOO2mpYXU65cVoh/IPj2UFBF3Lju7HreWL6U:UKnjTrIrLMBFXc
                                        MD5:4830C66C5387BFAA6373A25814227C96
                                        SHA1:078B04372A13022208DFE05E40377E76B03FC3E2
                                        SHA-256:B9BF137B0CA0AA62F1BDF06327B54D32E26E51B821FA812F5121E8918186FC7F
                                        SHA-512:ED42CE5FAD26561ED76C181BEAC01BBC0C9D88EA631E6AF6920C04115887E24C8261658842FC3A8CFB9294B86A7008493D9F9C11A72908ABC95AF48B58F0D5EB
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......>.... ........@.. .......................@............@....................................K............................ ....................................................... ............... ..H............text...D.... ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\intosessionperfcrtSvc\510335ec8a3ea2

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):117
                                        Entropy (8bit):5.569398912672598
                                        Encrypted:false
                                        SSDEEP:3:agRa2ue8P9qNgAi3Ljkhs0GVPdXVAV3UL1ar62Yz8w3Bw3AR:rc2PeKAsGrlCUL1arEow3gAR
                                        MD5:E93538331B62759AE17FA82B8A65BC37
                                        SHA1:6EAD07A43C63B6EFFCE3D28A06AE8A24F4ED0469
                                        SHA-256:B8072F95B8E74EB2F014912DD1555A808BD91E7438C20216F25AEFCCE17A0DB0
                                        SHA-512:32F1EFAF5BEEC10E905114528D5C87376123F1C28DD2D06FF96A30C3372A88E70C1CA984F2CBBD8E264E051020A43F53DEE30FE82F5467FF8705D4D6238B43FD
                                        Malicious:false
                                        Preview:0BCCWEt6sSxu8G9gxYjOcO8jYTeRwp0ZnYWJPBkDJQ7M5IBpjiQnoXolDdoCjbKCbXHkt0RvyfFLQwnPSzrNYNvQtvFvXherF4vhBa6tRfzIRdUR0Yuut

                                        C:\intosessionperfcrtSvc\9e8d7a4ca61bd9

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:ASCII text, with very long lines (884), with no line terminators
                                        Category:dropped
                                        Size (bytes):884
                                        Entropy (8bit):5.893529056737155
                                        Encrypted:false
                                        SSDEEP:24:8CEwiBQo5JODV0erItj2PkFoHUovlN2NPARA9kolJz8c:xmBQQODVWtxcRm39FF8c
                                        MD5:7C23886BCEDAC3F467AABA61E13D34EB
                                        SHA1:658431BECC096F0DB83EBC83064034CD9D0175C4
                                        SHA-256:5C337F1C4EB2FAB13D4C1ED8B6FD550EEC839A2518ED21C5284D847493127DC9
                                        SHA-512:54AA2B23FF9669BFC1F3D7C278CEA0FB38EF19738DBE1A0C57F57EF62D24122B8C89984DD47D85CCA1C852E1C4560C9272E4175FAD2A153B50FA127F9039FFBA
                                        Malicious:false
                                        Preview:852Xn8Qay58xt8IQg5Kj79wGiG4X8QuK22vBw083ki5jZdSZ7FeJDR48JvygD3biLy41MHeq6R9ZDNrFyfa3vkGk7w1ACczrGWYljbMzlyMwSf46EsshdiwksT3aPdnebSTryGgWTkR7XTSc155TtRNijy3PhvjHKsV9LNH8MWO2QzMYAbiTiUvJEuHANQyhAJwp8SQny6HXDVRumeOFNPj06L5bGHv5hq2GCgasL5flNYGtdWYsCtUuk6twXyhqLL0WdKrFEg3Ru7niFM8usC3xWHgGwnUXXzaBhtQSoSofzCAnTKrL0x7ISCAVolSbMg44glAW6pFaYY8TH2wm5Jgk1Rtfs4nC9MTSIFGrKVPKrht3DrOwyqfCATDO2enBCCaLFpKBvFbk4V3TizbBq1OSrQSzB1zprNIpGhyXgMAtP5HoZuqCCmVKyIeyXV93Qv2rNNNAADed1eDwInZRLwmF2708DAALMGcdCabMhqC9I1TTFspu5sseJxyPWO6ADSQuCjtrLNufun6Boh2VUQQeX8UOmMzStC5zkiRf87is8Nuf0xlzWlpxCwXDPeF9YbwsrHaFQXWXrhfKOyYzk96HXIwyLNQd1iTgbBxtWfj8PRFeRMzaGQYYfoVjUm4CH2fIN8tMBpcFa71FCSg9YzXlJ5BwqNYulh1Ww6QScmZbyT7hxPhCF5nRf39S67fxQrd3GeTFBOgwa5xz7e8bqWpq3j1278VfGlLG0EbS6bB0Y10jGJUc8EH4Cx9gmbHC2Bpzuq93CqeOUyRCsSvyo2gCeQDCF4pfT88XLByZJbaSj2jOg6xUpTY9emVen7yHA94Wz30rdWoMcNdlrzgIHUzAj82jqUwMnSSj8NYmFG1ToLgRJtwy

                                        C:\intosessionperfcrtSvc\Componentwebfont.exe

                                        Download File
                                        Process:C:\Users\user\AppData\Local\Temp\Modrinth.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1229312
                                        Entropy (8bit):6.925393739149001
                                        Encrypted:false
                                        SSDEEP:24576:UKnjvPHZThrFbOO2mpYXU65cVoh/IPj2UFBF3Lju7HreWL6U:UKnjTrIrLMBFXc
                                        MD5:4830C66C5387BFAA6373A25814227C96
                                        SHA1:078B04372A13022208DFE05E40377E76B03FC3E2
                                        SHA-256:B9BF137B0CA0AA62F1BDF06327B54D32E26E51B821FA812F5121E8918186FC7F
                                        SHA-512:ED42CE5FAD26561ED76C181BEAC01BBC0C9D88EA631E6AF6920C04115887E24C8261658842FC3A8CFB9294B86A7008493D9F9C11A72908ABC95AF48B58F0D5EB
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......>.... ........@.. .......................@............@....................................K............................ ....................................................... ............... ..H............text...D.... ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1229312
                                        Entropy (8bit):6.925393739149001
                                        Encrypted:false
                                        SSDEEP:24576:UKnjvPHZThrFbOO2mpYXU65cVoh/IPj2UFBF3Lju7HreWL6U:UKnjTrIrLMBFXc
                                        MD5:4830C66C5387BFAA6373A25814227C96
                                        SHA1:078B04372A13022208DFE05E40377E76B03FC3E2
                                        SHA-256:B9BF137B0CA0AA62F1BDF06327B54D32E26E51B821FA812F5121E8918186FC7F
                                        SHA-512:ED42CE5FAD26561ED76C181BEAC01BBC0C9D88EA631E6AF6920C04115887E24C8261658842FC3A8CFB9294B86A7008493D9F9C11A72908ABC95AF48B58F0D5EB
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......>.... ........@.. .......................@............@....................................K............................ ....................................................... ............... ..H............text...D.... ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\intosessionperfcrtSvc\QvJVxLMgIdUXKZXo3vjvMJd9h.bat

                                        Download File
                                        Process:C:\Users\user\AppData\Local\Temp\Modrinth.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):47
                                        Entropy (8bit):4.1187602675209565
                                        Encrypted:false
                                        SSDEEP:3:I51WLKBATG5uLe4AH:IzWVjSNH
                                        MD5:FF5C5922FCE8AEF2B2169426DE756ECC
                                        SHA1:1BB7F0446529C29BAE7CBF2F69F7038174DC82DC
                                        SHA-256:30C583F42F076C1308BB0E98D1614C3ADA94B7C3415413B4ACA3A23D1FD3A171
                                        SHA-512:4415CA2688F2451FB359BCA04427CAF647C9724DB1F2738CCB280DE5716262358E58BF6AAB317D30504FD34D10528D57F08214A0A974C059F7A2A38CC80CFE61
                                        Malicious:false
                                        Preview:"C:\intosessionperfcrtSvc\Componentwebfont.exe"

                                        C:\intosessionperfcrtSvc\RuntimeBroker.exe

                                        Download File
                                        Process:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1229312
                                        Entropy (8bit):6.925393739149001
                                        Encrypted:false
                                        SSDEEP:24576:UKnjvPHZThrFbOO2mpYXU65cVoh/IPj2UFBF3Lju7HreWL6U:UKnjTrIrLMBFXc
                                        MD5:4830C66C5387BFAA6373A25814227C96
                                        SHA1:078B04372A13022208DFE05E40377E76B03FC3E2
                                        SHA-256:B9BF137B0CA0AA62F1BDF06327B54D32E26E51B821FA812F5121E8918186FC7F
                                        SHA-512:ED42CE5FAD26561ED76C181BEAC01BBC0C9D88EA631E6AF6920C04115887E24C8261658842FC3A8CFB9294B86A7008493D9F9C11A72908ABC95AF48B58F0D5EB
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 88%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb.....................6......>.... ........@.. .......................@............@....................................K............................ ....................................................... ............... ..H............text...D.... ...................... ..`.sdata.../.......0..................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\intosessionperfcrtSvc\x6qhfc.vbe

                                        Download File
                                        Process:C:\Users\user\AppData\Local\Temp\Modrinth.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):223
                                        Entropy (8bit):5.870908169555024
                                        Encrypted:false
                                        SSDEEP:6:GXkgwqK+NkLzWbH9WF08nZNDd3RL1wQJRu3MXf2YtM6JNltu:GXkBMCzWL74d3XBJM36xtrltu
                                        MD5:F2015B7ECF00BD67C413B1C7CF459BEB
                                        SHA1:C76006F8D6E51A4BA90DBDC718838DF74CE98785
                                        SHA-256:CDDDDDA87B944983EDBF6CD8594665F18C81FAB3605334F569A9185EE06A5E46
                                        SHA-512:D37AAEAD1A61F22F92B0725F380FF94E2FE17D41BF15EF0C65388E77D10A806A4B411DF1E8B38857736E6F37E12F10EA6CB48361FEE8086050D1D15100BDB24D
                                        Malicious:false
                                        Preview:#@~^xgAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v*T!Zb@#@&j.Y,./4?4nV^PxP;DnCD+r(%+1Y`r.jmMkaY ?4n^VE#@#@&.ktj4.VV ]!x~J;lJkUDWk+/kkKUw.DWmMYj-1zp7B.XSHT([jo|\(G&-%7HBNO4R(lOEBP!S~6ls/.RkAAAA==^#~@.

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Entropy (8bit):7.733028007359717
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.94%
                                        • Win32 Executable (generic) a (10002005/4) 49.89%
                                        • Win32 Executable Delphi generic (14689/80) 0.07%
                                        • Windows Screen Saver (13104/52) 0.07%
                                        • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                        File name:Modrinth.exe
                                        File size:7'141'376 bytes
                                        MD5:21cad48edbc93da2d1e1ab6f6632461a
                                        SHA1:667a584eae5a57937d66d64249c26c8b1b2abf8f
                                        SHA256:32619382ab72416dff258bff30a8b505d6e69e818345612892a121c28f3b23b0
                                        SHA512:9125263a9b31336d350e19f9c79460038f7a6c48db109001e93fd8d7e8aba30c3bf44a362c4f3ee87294d3cf9052cbc8d7da518d34356212cb6f914a9990a21d
                                        SSDEEP:196608:UQKQUc/HMlS2JxmYcmcg7XGqb6Msq51GPo:XKwslSDVoXGe1GQ
                                        TLSH:F676E0037F538F31F0151F3282FA47007764AC103679B61B6AAB3669D9F1FD229296DA
                                        File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                        File Icon

                                        Icon Hash:71cc8a98dccedc31

                                        Static PE Info

                                        General

                                        Entrypoint:0x4020cc
                                        Entrypoint Section:CODE
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                        DLL Characteristics:
                                        Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:d59a4a699610169663a929d37c90be43

                                        Entrypoint Preview

                                        Instruction
                                        push ebp
                                        mov ebp, esp
                                        mov ecx, 0000000Ch
                                        push 00000000h
                                        push 00000000h
                                        dec ecx
                                        jne 00007FAF487DED1Bh
                                        push ecx
                                        push ebx
                                        push esi
                                        push edi
                                        mov eax, 0040209Ch
                                        call 00007FAF487DE790h
                                        xor eax, eax
                                        push ebp
                                        push 00402361h
                                        push dword ptr fs:[eax]
                                        mov dword ptr fs:[eax], esp
                                        lea edx, dword ptr [ebp-14h]
                                        mov eax, 00402378h
                                        call 00007FAF487DEB69h
                                        mov eax, dword ptr [ebp-14h]
                                        call 00007FAF487DEC39h
                                        mov edi, eax
                                        test edi, edi
                                        jng 00007FAF487DEF56h
                                        mov ebx, 00000001h
                                        lea edx, dword ptr [ebp-20h]
                                        mov eax, ebx
                                        call 00007FAF487DEBF8h
                                        mov ecx, dword ptr [ebp-20h]
                                        lea eax, dword ptr [ebp-1Ch]
                                        mov edx, 00402384h
                                        call 00007FAF487DE388h
                                        mov eax, dword ptr [ebp-1Ch]
                                        lea edx, dword ptr [ebp-18h]
                                        call 00007FAF487DEB2Dh
                                        mov edx, dword ptr [ebp-18h]
                                        mov eax, 00404680h
                                        call 00007FAF487DE260h
                                        lea edx, dword ptr [ebp-2Ch]
                                        mov eax, ebx
                                        call 00007FAF487DEBC6h
                                        mov ecx, dword ptr [ebp-2Ch]
                                        lea eax, dword ptr [ebp-28h]
                                        mov edx, 00402390h
                                        call 00007FAF487DE356h
                                        mov eax, dword ptr [ebp-28h]
                                        lea edx, dword ptr [ebp-24h]
                                        call 00007FAF487DEAFBh
                                        mov edx, dword ptr [ebp-24h]
                                        mov eax, 00404684h
                                        call 00007FAF487DE22Eh
                                        lea edx, dword ptr [ebp-38h]
                                        mov eax, ebx
                                        call 00007FAF487DEB94h
                                        mov ecx, dword ptr [ebp-38h]
                                        lea eax, dword ptr [ebp-34h]
                                        mov edx, 0040239Ch

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x50000x302.idata
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x90000x6cd568.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x80000x1c8.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x70000x18.rdata
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        CODE0x10000x13b80x1400e5913936857bed3b3b2fbac53e973471False0.6318359375data6.340990548290613IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        DATA0x30000x7c0x200cef89de607e490725490a3cd679af6bbFalse0.162109375Matlab v4 mat-file (little endian) , numeric, rows 0, columns 42304001.1176271682252383IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        BSS0x40000x6950x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .idata0x50000x3020x4003d2f2fc4e279cba623217ec9de264c4fFalse0.3876953125data3.47731642923935IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .tls0x60000x40x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .rdata0x70000x180x200467f29e48f3451df774e13adae5aafc2False0.05078125data0.1991075177871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                        .reloc0x80000x1c80x2009859d413c7408cb699cca05d648c2502False0.876953125data5.7832974211095225IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                        .rsrc0x90000x6cd5680x6cd600174c984c520d2321c7da9c5e1eab1be6unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_ICON0x93380x28708Device independent bitmap graphic, 200 x 400 x 32, image size 1600000.04589471142236175
                                        RT_RCDATA0x31a400x198a8aPE32 executable (GUI) Intel 80386, for MS Windows0.4110746383666992
                                        RT_RCDATA0x1ca4cc0x50c000Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Modrinth App, Author: modrinth, Keywords: Installer, Comments: This installer database contains the logic and data required to install Modrinth App., Template: x64;0, Revision Number: {C760B5F9-74CA-4082-83C4-12F6B36A93BB}, Create Time/Date: Tue Apr 23 23:26:10 2024, Last Saved Time/Date: Tue Apr 23 23:26:10 2024, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 20.9872808456420898
                                        RT_RCDATA0x6d64cc0xcASCII text, with no line terminators1.6666666666666667
                                        RT_RCDATA0x6d64d80x20ASCII text, with no line terminators1.25
                                        RT_RCDATA0x6d64f80x1very short file (no magic)9.0
                                        RT_RCDATA0x6d64fc0x1very short file (no magic)9.0
                                        RT_RCDATA0x6d65000x1very short file (no magic)9.0
                                        RT_RCDATA0x6d65040x1very short file (no magic)9.0
                                        RT_RCDATA0x6d65080x10data1.5
                                        RT_RCDATA0x6d65180x1very short file (no magic)9.0
                                        RT_RCDATA0x6d651c0x38data1.0714285714285714
                                        RT_GROUP_ICON0x6d65540x14data1.25

                                        Imports

                                        DLLImport
                                        kernel32.dllGetCurrentThreadId, SetCurrentDirectoryA, GetCurrentDirectoryA, ExitProcess, RtlUnwind, RaiseException, TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, FreeLibrary, HeapFree, HeapReAlloc, HeapAlloc, GetProcessHeap
                                        kernel32.dllWriteFile, SizeofResource, SetFilePointer, LockResource, LoadResource, GetWindowsDirectoryA, GetTempPathA, GetSystemDirectoryA, FreeResource, FindResourceA, CreateFileA, CloseHandle
                                        shfolder.dllSHGetFolderPathA
                                        shell32.dllShellExecuteA

                                        Network Behavior

                                        Snort IDS Alerts

                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                        07/04/24-21:58:14.578787TCP2850862ETPRO TROJAN DCRat Initial Checkin Server Response M4804976992.53.96.121192.168.2.5
                                        07/04/24-21:57:14.997261TCP2850862ETPRO TROJAN DCRat Initial Checkin Server Response M4804970692.53.96.121192.168.2.5

                                        Network Port Distribution

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Jul 4, 2024 21:57:19.960221052 CEST6404353192.168.2.51.1.1.1
                                        Jul 4, 2024 21:57:19.960329056 CEST5009953192.168.2.51.1.1.1
                                        Jul 4, 2024 21:57:19.960582972 CEST5413053192.168.2.51.1.1.1
                                        Jul 4, 2024 21:57:19.960772991 CEST5640853192.168.2.51.1.1.1
                                        Jul 4, 2024 21:57:19.968297958 CEST53564081.1.1.1192.168.2.5
                                        Jul 4, 2024 21:57:19.968791008 CEST53640431.1.1.1192.168.2.5
                                        Jul 4, 2024 21:57:19.969294071 CEST53500991.1.1.1192.168.2.5
                                        Jul 4, 2024 21:57:19.974505901 CEST53541301.1.1.1192.168.2.5
                                        Jul 4, 2024 21:57:21.575711966 CEST5886253192.168.2.51.1.1.1
                                        Jul 4, 2024 21:57:21.575891972 CEST6509053192.168.2.51.1.1.1
                                        Jul 4, 2024 21:57:21.576108932 CEST5658753192.168.2.51.1.1.1
                                        Jul 4, 2024 21:57:21.576402903 CEST5700853192.168.2.51.1.1.1
                                        Jul 4, 2024 21:57:21.583301067 CEST53565871.1.1.1192.168.2.5
                                        Jul 4, 2024 21:57:21.583487034 CEST53650901.1.1.1192.168.2.5
                                        Jul 4, 2024 21:57:21.583502054 CEST53588621.1.1.1192.168.2.5
                                        Jul 4, 2024 21:57:21.583513021 CEST53570081.1.1.1192.168.2.5

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Jul 4, 2024 21:57:19.960221052 CEST192.168.2.51.1.1.10x940Standard query (0)cdn-raw.modrinth.comA (IP address)IN (0x0001)false
                                        Jul 4, 2024 21:57:19.960329056 CEST192.168.2.51.1.1.10x5ce4Standard query (0)cdn-raw.modrinth.com65IN (0x0001)false
                                        Jul 4, 2024 21:57:19.960582972 CEST192.168.2.51.1.1.10xaaa3Standard query (0)cdn.modrinth.comA (IP address)IN (0x0001)false
                                        Jul 4, 2024 21:57:19.960772991 CEST192.168.2.51.1.1.10xbe5fStandard query (0)cdn.modrinth.com65IN (0x0001)false
                                        Jul 4, 2024 21:57:21.575711966 CEST192.168.2.51.1.1.10xc5ccStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                        Jul 4, 2024 21:57:21.575891972 CEST192.168.2.51.1.1.10x93eaStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                        Jul 4, 2024 21:57:21.576108932 CEST192.168.2.51.1.1.10xdeefStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                        Jul 4, 2024 21:57:21.576402903 CEST192.168.2.51.1.1.10xbdbdStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Jul 4, 2024 21:57:19.968297958 CEST1.1.1.1192.168.2.50xbe5fNo error (0)cdn.modrinth.com65IN (0x0001)false
                                        Jul 4, 2024 21:57:19.968791008 CEST1.1.1.1192.168.2.50x940No error (0)cdn-raw.modrinth.com104.18.23.35A (IP address)IN (0x0001)false
                                        Jul 4, 2024 21:57:19.968791008 CEST1.1.1.1192.168.2.50x940No error (0)cdn-raw.modrinth.com104.18.22.35A (IP address)IN (0x0001)false
                                        Jul 4, 2024 21:57:19.969294071 CEST1.1.1.1192.168.2.50x5ce4No error (0)cdn-raw.modrinth.com65IN (0x0001)false
                                        Jul 4, 2024 21:57:19.974505901 CEST1.1.1.1192.168.2.50xaaa3No error (0)cdn.modrinth.com104.18.22.35A (IP address)IN (0x0001)false
                                        Jul 4, 2024 21:57:19.974505901 CEST1.1.1.1192.168.2.50xaaa3No error (0)cdn.modrinth.com104.18.23.35A (IP address)IN (0x0001)false
                                        Jul 4, 2024 21:57:21.583301067 CEST1.1.1.1192.168.2.50xdeefNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                        Jul 4, 2024 21:57:21.583301067 CEST1.1.1.1192.168.2.50xdeefNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                        Jul 4, 2024 21:57:21.583487034 CEST1.1.1.1192.168.2.50x93eaNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                        Jul 4, 2024 21:57:21.583502054 CEST1.1.1.1192.168.2.50xc5ccNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                        Jul 4, 2024 21:57:21.583502054 CEST1.1.1.1192.168.2.50xc5ccNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                        Jul 4, 2024 21:57:21.583513021 CEST1.1.1.1192.168.2.50xbdbdNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:15:56:56
                                        Start date:04/07/2024
                                        Path:C:\Users\user\Desktop\Modrinth.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Modrinth.exe"
                                        Imagebase:0x400000
                                        File size:7'141'376 bytes
                                        MD5 hash:21CAD48EDBC93DA2D1E1AB6F6632461A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:2
                                        Start time:15:56:57
                                        Start date:04/07/2024
                                        Path:C:\Users\user\AppData\Local\Temp\Modrinth.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Local\Temp\Modrinth.exe"
                                        Imagebase:0x260000
                                        File size:1'673'866 bytes
                                        MD5 hash:24F86EDBA8782175BB4583A8CA79EA5A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Antivirus matches:
                                        • Detection: 100%, Avira
                                        • Detection: 100%, Joe Sandbox ML
                                        • Detection: 62%, ReversingLabs
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:3
                                        Start time:15:56:58
                                        Start date:04/07/2024
                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\Modrinth App_0.7.1_x64_en-US.msi"
                                        Imagebase:0xdb0000
                                        File size:59'904 bytes
                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:4
                                        Start time:15:56:58
                                        Start date:04/07/2024
                                        Path:C:\Windows\SysWOW64\wscript.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\intosessionperfcrtSvc\x6qhfc.vbe"
                                        Imagebase:0x720000
                                        File size:147'456 bytes
                                        MD5 hash:FF00E0480075B095948000BDC66E81F0
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:moderate
                                        Has exited:true

                                        General

                                        Target ID:5
                                        Start time:15:56:58
                                        Start date:04/07/2024
                                        Path:C:\Windows\System32\msiexec.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\msiexec.exe /V
                                        Imagebase:0x7ff7fbc70000
                                        File size:69'632 bytes
                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:6
                                        Start time:15:57:03
                                        Start date:04/07/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\system32\cmd.exe /c ""C:\intosessionperfcrtSvc\QvJVxLMgIdUXKZXo3vjvMJd9h.bat" "
                                        Imagebase:0x790000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:7
                                        Start time:15:57:03
                                        Start date:04/07/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff6d64d0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:8
                                        Start time:15:57:03
                                        Start date:04/07/2024
                                        Path:C:\intosessionperfcrtSvc\Componentwebfont.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\intosessionperfcrtSvc\Componentwebfont.exe"
                                        Imagebase:0xd90000
                                        File size:1'229'312 bytes
                                        MD5 hash:4830C66C5387BFAA6373A25814227C96
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000008.00000002.2120796404.000000000381D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000008.00000002.2120796404.0000000003361000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000008.00000002.2123867809.000000001336F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Antivirus matches:
                                        • Detection: 88%, ReversingLabs
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:9
                                        Start time:15:57:04
                                        Start date:04/07/2024
                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding E9350FF13617C2EDECFDC599F293255F C
                                        Imagebase:0xdb0000
                                        File size:59'904 bytes
                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:39
                                        Start time:15:57:06
                                        Start date:04/07/2024
                                        Path:C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe
                                        Imagebase:0xcf0000
                                        File size:1'229'312 bytes
                                        MD5 hash:4830C66C5387BFAA6373A25814227C96
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000027.00000002.2226297047.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Antivirus matches:
                                        • Detection: 88%, ReversingLabs
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:40
                                        Start time:15:57:06
                                        Start date:04/07/2024
                                        Path:C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe
                                        Imagebase:0xe60000
                                        File size:1'229'312 bytes
                                        MD5 hash:4830C66C5387BFAA6373A25814227C96
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000028.00000002.2226399767.0000000003231000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000028.00000002.2226399767.000000000326E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:9.6%
                                          Dynamic/Decrypted Code Coverage:0%
                                          Signature Coverage:9.3%
                                          Total number of Nodes:1460
                                          Total number of Limit Nodes:25
                                          execution_graph 24793 261025 29 API calls pre_c_initialization 22924 269f2f 22925 269f44 22924->22925 22926 269f3d 22924->22926 22927 269f4a GetStdHandle 22925->22927 22934 269f55 22925->22934 22927->22934 22928 269fa9 WriteFile 22928->22934 22929 269f7c WriteFile 22930 269f7a 22929->22930 22929->22934 22930->22929 22930->22934 22932 26a031 22936 267061 75 API calls 22932->22936 22934->22926 22934->22928 22934->22929 22934->22930 22934->22932 22935 266e18 60 API calls 22934->22935 22935->22934 22936->22926 24847 27be49 103 API calls 4 library calls 24794 27a430 73 API calls 24851 261f05 126 API calls __EH_prolog 22996 27db01 22998 27daaa 22996->22998 22999 27df59 22998->22999 23027 27dc67 22999->23027 23001 27df73 23002 27dfd0 23001->23002 23015 27dff4 23001->23015 23003 27ded7 DloadReleaseSectionWriteAccess 11 API calls 23002->23003 23004 27dfdb RaiseException 23003->23004 23005 27e1c9 23004->23005 23007 27ec4a _ValidateLocalCookies 5 API calls 23005->23007 23006 27e06c LoadLibraryExA 23008 27e07f GetLastError 23006->23008 23009 27e0cd 23006->23009 23010 27e1d8 23007->23010 23011 27e092 23008->23011 23012 27e0a8 23008->23012 23013 27e0df 23009->23013 23016 27e0d8 FreeLibrary 23009->23016 23010->22998 23011->23009 23011->23012 23017 27ded7 DloadReleaseSectionWriteAccess 11 API calls 23012->23017 23014 27e13d GetProcAddress 23013->23014 23023 27e19b 23013->23023 23018 27e14d GetLastError 23014->23018 23014->23023 23015->23006 23015->23009 23015->23013 23015->23023 23016->23013 23019 27e0b3 RaiseException 23017->23019 23020 27e160 23018->23020 23019->23005 23022 27ded7 DloadReleaseSectionWriteAccess 11 API calls 23020->23022 23020->23023 23024 27e181 RaiseException 23022->23024 23038 27ded7 23023->23038 23025 27dc67 ___delayLoadHelper2@8 11 API calls 23024->23025 23026 27e198 23025->23026 23026->23023 23028 27dc73 23027->23028 23029 27dc99 23027->23029 23046 27dd15 23028->23046 23029->23001 23032 27dc94 23056 27dc9a 23032->23056 23035 27ec4a _ValidateLocalCookies 5 API calls 23036 27df55 23035->23036 23036->23001 23037 27df24 23037->23035 23039 27df0b 23038->23039 23040 27dee9 23038->23040 23039->23005 23041 27dd15 DloadLock 8 API calls 23040->23041 23042 27deee 23041->23042 23043 27df06 23042->23043 23044 27de67 DloadProtectSection 3 API calls 23042->23044 23065 27df0f 8 API calls 2 library calls 23043->23065 23044->23043 23047 27dc9a DloadUnlock 3 API calls 23046->23047 23048 27dd2a 23047->23048 23049 27ec4a _ValidateLocalCookies 5 API calls 23048->23049 23050 27dc78 23049->23050 23050->23032 23051 27de67 23050->23051 23054 27de7c DloadObtainSection 23051->23054 23052 27de82 23052->23032 23053 27deb7 VirtualProtect 23053->23052 23054->23052 23054->23053 23064 27dd72 VirtualQuery GetSystemInfo 23054->23064 23057 27dca7 23056->23057 23058 27dcab 23056->23058 23057->23037 23059 27dcb3 GetModuleHandleW 23058->23059 23060 27dcaf 23058->23060 23061 27dcc9 GetProcAddress 23059->23061 23063 27dcc5 23059->23063 23060->23037 23062 27dcd9 GetProcAddress 23061->23062 23061->23063 23062->23063 23063->23037 23064->23053 23065->23039 24795 27ea00 46 API calls 6 library calls 23066 27c40e 23072 27c4c7 23066->23072 23074 27c42c _wcschr 23066->23074 23067 27c4e5 23070 27ce22 18 API calls 23067->23070 23084 27be49 _wcsrchr 23067->23084 23070->23084 23071 27ca8d 23072->23067 23072->23084 23121 27ce22 23072->23121 23074->23072 23075 2717ac CompareStringW 23074->23075 23075->23074 23076 27c11d SetWindowTextW 23076->23084 23081 27bf0b SetFileAttributesW 23083 27bfc5 GetFileAttributesW 23081->23083 23094 27bf25 ___scrt_fastfail 23081->23094 23083->23084 23086 27bfd7 DeleteFileW 23083->23086 23084->23071 23084->23076 23084->23081 23088 27c2e7 GetDlgItem SetWindowTextW SendMessageW 23084->23088 23090 27c327 SendMessageW 23084->23090 23095 2717ac CompareStringW 23084->23095 23096 27aa36 23084->23096 23100 279da4 GetCurrentDirectoryW 23084->23100 23105 26a52a 7 API calls 23084->23105 23106 26a4b3 FindClose 23084->23106 23107 27ab9a 76 API calls ___std_exception_copy 23084->23107 23108 2835de 23084->23108 23086->23084 23087 27bfe8 23086->23087 23102 26400a 23087->23102 23088->23084 23090->23084 23092 27c01d MoveFileW 23092->23084 23093 27c035 MoveFileExW 23092->23093 23093->23084 23094->23083 23094->23084 23101 26b4f7 52 API calls 2 library calls 23094->23101 23095->23084 23098 27aa40 23096->23098 23097 27ab16 23097->23084 23098->23097 23099 27aaf3 ExpandEnvironmentStringsW 23098->23099 23099->23097 23100->23084 23101->23094 23144 263fdd 23102->23144 23105->23084 23106->23084 23107->23084 23109 288606 23108->23109 23110 28861e 23109->23110 23111 288613 23109->23111 23113 288626 23110->23113 23119 28862f FindHandlerForForeignException 23110->23119 23216 288518 23111->23216 23114 2884de _free 20 API calls 23113->23114 23117 28861b 23114->23117 23115 288659 HeapReAlloc 23115->23117 23115->23119 23116 288634 23223 28895a 20 API calls _abort 23116->23223 23117->23084 23119->23115 23119->23116 23224 2871ad 7 API calls 2 library calls 23119->23224 23122 27ce2c ___scrt_fastfail 23121->23122 23123 27cf1b 23122->23123 23129 27d08a 23122->23129 23230 2717ac CompareStringW 23122->23230 23227 26a180 23123->23227 23127 27cf4f ShellExecuteExW 23127->23129 23135 27cf62 23127->23135 23129->23067 23130 27cf47 23130->23127 23131 27cf9b 23232 27d2e6 6 API calls 23131->23232 23132 27cff1 CloseHandle 23133 27cfff 23132->23133 23134 27d00a 23132->23134 23233 2717ac CompareStringW 23133->23233 23134->23129 23140 27d081 ShowWindow 23134->23140 23135->23131 23135->23132 23138 27cf91 ShowWindow 23135->23138 23138->23131 23139 27cfb3 23139->23132 23141 27cfc6 GetExitCodeProcess 23139->23141 23140->23129 23141->23132 23142 27cfd9 23141->23142 23142->23132 23145 263ff4 __vsnwprintf_l 23144->23145 23148 285759 23145->23148 23151 283837 23148->23151 23152 28385f 23151->23152 23153 283877 23151->23153 23168 28895a 20 API calls _abort 23152->23168 23153->23152 23155 28387f 23153->23155 23170 283dd6 23155->23170 23156 283864 23169 288839 26 API calls ___std_exception_copy 23156->23169 23161 27ec4a _ValidateLocalCookies 5 API calls 23163 263ffe GetFileAttributesW 23161->23163 23162 283907 23179 284186 51 API calls 4 library calls 23162->23179 23163->23087 23163->23092 23166 28386f 23166->23161 23167 283912 23180 283e59 20 API calls _free 23167->23180 23168->23156 23169->23166 23171 283df3 23170->23171 23172 28388f 23170->23172 23171->23172 23181 288fa5 GetLastError 23171->23181 23178 283da1 20 API calls 2 library calls 23172->23178 23174 283e14 23202 2890fa 38 API calls __fassign 23174->23202 23176 283e2d 23203 289127 38 API calls __fassign 23176->23203 23178->23162 23179->23167 23180->23166 23182 288fbb 23181->23182 23183 288fc7 23181->23183 23204 28a61b 11 API calls 2 library calls 23182->23204 23205 2885a9 20 API calls 3 library calls 23183->23205 23186 288fc1 23186->23183 23188 289010 SetLastError 23186->23188 23187 288fd3 23189 288fdb 23187->23189 23212 28a671 11 API calls 2 library calls 23187->23212 23188->23174 23206 2884de 23189->23206 23192 288ff0 23192->23189 23194 288ff7 23192->23194 23193 288fe1 23195 28901c SetLastError 23193->23195 23213 288e16 20 API calls _abort 23194->23213 23214 288566 38 API calls _abort 23195->23214 23197 289002 23200 2884de _free 20 API calls 23197->23200 23201 289009 23200->23201 23201->23188 23201->23195 23202->23176 23203->23172 23204->23186 23205->23187 23207 2884e9 RtlFreeHeap 23206->23207 23208 288512 _free 23206->23208 23207->23208 23209 2884fe 23207->23209 23208->23193 23215 28895a 20 API calls _abort 23209->23215 23211 288504 GetLastError 23211->23208 23212->23192 23213->23197 23215->23211 23217 288556 23216->23217 23221 288526 FindHandlerForForeignException 23216->23221 23226 28895a 20 API calls _abort 23217->23226 23218 288541 RtlAllocateHeap 23220 288554 23218->23220 23218->23221 23220->23117 23221->23217 23221->23218 23225 2871ad 7 API calls 2 library calls 23221->23225 23223->23117 23224->23119 23225->23221 23226->23220 23234 26a194 23227->23234 23230->23123 23231 26b239 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW CharUpperW 23231->23130 23232->23139 23233->23134 23242 27e360 23234->23242 23237 26a1b2 23244 26b66c 23237->23244 23238 26a189 23238->23127 23238->23231 23240 26a1c6 23240->23238 23241 26a1ca GetFileAttributesW 23240->23241 23241->23238 23243 26a1a1 GetFileAttributesW 23242->23243 23243->23237 23243->23238 23245 26b679 23244->23245 23253 26b683 23245->23253 23254 26b806 CharUpperW 23245->23254 23247 26b692 23255 26b832 CharUpperW 23247->23255 23249 26b6a1 23250 26b6a5 23249->23250 23251 26b71c GetCurrentDirectoryW 23249->23251 23256 26b806 CharUpperW 23250->23256 23251->23253 23253->23240 23254->23247 23255->23249 23256->23253 24796 27ec0b 28 API calls 2 library calls 24853 27db0b 19 API calls ___delayLoadHelper2@8 24854 28a918 27 API calls 2 library calls 24855 266110 80 API calls 24856 28b710 GetProcessHeap 24857 27be49 108 API calls 4 library calls 24799 27fc60 51 API calls 2 library calls 24802 283460 RtlUnwind 24803 289c60 71 API calls _free 24804 289e60 31 API calls 2 library calls 24805 275c77 121 API calls __vswprintf_c_l 24806 261075 82 API calls pre_c_initialization 24167 27d573 24168 27d580 24167->24168 24169 26ddd1 53 API calls 24168->24169 24170 27d594 24169->24170 24171 26400a _swprintf 51 API calls 24170->24171 24172 27d5a6 SetDlgItemTextW 24171->24172 24173 27ac74 5 API calls 24172->24173 24174 27d5c3 24173->24174 24859 27be49 98 API calls 3 library calls 24810 27ec40 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 24811 278c40 GetClientRect 24812 283040 5 API calls 2 library calls 24813 290040 IsProcessorFeaturePresent 24860 27d34e DialogBoxParamW 24861 279b50 GdipDisposeImage GdipFree __except_handler4 24815 288050 8 API calls ___vcrt_uninitialize 24788 269b59 24789 269bd7 24788->24789 24792 269b63 24788->24792 24790 269bad SetFilePointer 24790->24789 24791 269bcd GetLastError 24790->24791 24791->24789 24792->24790 24816 27e4a2 38 API calls 2 library calls 24817 2696a0 79 API calls 24863 28e9a0 51 API calls 24821 2876bd 52 API calls 2 library calls 24822 2616b0 84 API calls 22939 2890b0 22947 28a56f 22939->22947 22941 2890c4 22944 2890cc 22945 2890d9 22944->22945 22955 2890e0 11 API calls 22944->22955 22956 28a458 22947->22956 22950 28a5ae TlsAlloc 22951 28a59f 22950->22951 22963 27ec4a 22951->22963 22953 2890ba 22953->22941 22954 289029 20 API calls 3 library calls 22953->22954 22954->22944 22955->22941 22957 28a488 22956->22957 22960 28a484 22956->22960 22957->22950 22957->22951 22958 28a4a8 22958->22957 22961 28a4b4 GetProcAddress 22958->22961 22960->22957 22960->22958 22970 28a4f4 22960->22970 22962 28a4c4 __crt_fast_encode_pointer 22961->22962 22962->22957 22964 27ec55 IsProcessorFeaturePresent 22963->22964 22965 27ec53 22963->22965 22967 27f267 22964->22967 22965->22953 22977 27f22b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 22967->22977 22969 27f34a 22969->22953 22971 28a515 LoadLibraryExW 22970->22971 22972 28a50a 22970->22972 22973 28a54a 22971->22973 22974 28a532 GetLastError 22971->22974 22972->22960 22973->22972 22976 28a561 FreeLibrary 22973->22976 22974->22973 22975 28a53d LoadLibraryExW 22974->22975 22975->22973 22976->22972 22977->22969 22978 28a3b0 22979 28a3bb 22978->22979 22981 28a3e4 22979->22981 22982 28a3e0 22979->22982 22984 28a6ca 22979->22984 22991 28a410 DeleteCriticalSection 22981->22991 22985 28a458 _abort 5 API calls 22984->22985 22986 28a6f1 22985->22986 22987 28a70f InitializeCriticalSectionAndSpinCount 22986->22987 22990 28a6fa 22986->22990 22987->22990 22988 27ec4a _ValidateLocalCookies 5 API calls 22989 28a726 22988->22989 22989->22979 22990->22988 22991->22982 24823 281eb0 6 API calls 3 library calls 24867 2879b7 55 API calls _free 22994 261385 82 API calls 3 library calls 24869 285780 QueryPerformanceFrequency QueryPerformanceCounter 23259 27d997 23260 27d89b 23259->23260 23261 27df59 ___delayLoadHelper2@8 19 API calls 23260->23261 23261->23260 23263 27d891 19 API calls ___delayLoadHelper2@8 24826 277090 114 API calls 24827 27cc90 70 API calls 24870 27a990 97 API calls 24871 279b90 GdipCloneImage GdipAlloc 24872 289b90 21 API calls 2 library calls 24829 27a89d 78 API calls 24830 26ea98 FreeLibrary 24873 282397 48 API calls 23270 27aee0 23271 27aeea __EH_prolog 23270->23271 23433 26130b 23271->23433 23274 27af2c 23278 27afa2 23274->23278 23279 27af39 23274->23279 23335 27af18 23274->23335 23275 27b5cb 23508 27cd2e 23275->23508 23282 27b041 GetDlgItemTextW 23278->23282 23288 27afbc 23278->23288 23283 27af75 23279->23283 23284 27af3e 23279->23284 23280 27b5f7 23286 27b611 GetDlgItem SendMessageW 23280->23286 23287 27b600 SendDlgItemMessageW 23280->23287 23281 27b5e9 SendMessageW 23281->23280 23282->23283 23285 27b077 23282->23285 23290 27af96 KiUserCallbackDispatcher 23283->23290 23283->23335 23289 26ddd1 53 API calls 23284->23289 23284->23335 23291 27b08f GetDlgItem 23285->23291 23431 27b080 23285->23431 23526 279da4 GetCurrentDirectoryW 23286->23526 23287->23286 23293 26ddd1 53 API calls 23288->23293 23294 27af58 23289->23294 23290->23335 23296 27b0c5 SetFocus 23291->23296 23297 27b0a4 SendMessageW SendMessageW 23291->23297 23298 27afde SetDlgItemTextW 23293->23298 23546 261241 SHGetMalloc 23294->23546 23295 27b641 GetDlgItem 23301 27b664 SetWindowTextW 23295->23301 23302 27b65e 23295->23302 23303 27b0d5 23296->23303 23316 27b0ed 23296->23316 23297->23296 23299 27afec 23298->23299 23310 27aff9 GetMessageW 23299->23310 23299->23335 23527 27a2c7 GetClassNameW 23301->23527 23302->23301 23304 26ddd1 53 API calls 23303->23304 23309 27b0df 23304->23309 23305 27af5f 23311 27af63 SetDlgItemTextW 23305->23311 23305->23335 23306 27b56b 23312 26ddd1 53 API calls 23306->23312 23547 27cb5a 23309->23547 23315 27b010 IsDialogMessageW 23310->23315 23310->23335 23311->23335 23317 27b57b SetDlgItemTextW 23312->23317 23315->23299 23319 27b01f TranslateMessage DispatchMessageW 23315->23319 23321 26ddd1 53 API calls 23316->23321 23320 27b58f 23317->23320 23319->23299 23324 26ddd1 53 API calls 23320->23324 23323 27b124 23321->23323 23322 27b6af 23328 27b6df 23322->23328 23333 26ddd1 53 API calls 23322->23333 23329 26400a _swprintf 51 API calls 23323->23329 23330 27b5b8 23324->23330 23325 27b0e6 23443 26a04f 23325->23443 23327 27bdf5 98 API calls 23327->23322 23341 27bdf5 98 API calls 23328->23341 23370 27b797 23328->23370 23334 27b136 23329->23334 23331 26ddd1 53 API calls 23330->23331 23331->23335 23339 27b6c2 SetDlgItemTextW 23333->23339 23340 27cb5a 16 API calls 23334->23340 23336 27b847 23343 27b850 EnableWindow 23336->23343 23344 27b859 23336->23344 23337 27b174 GetLastError 23338 27b17f 23337->23338 23449 27a322 SetCurrentDirectoryW 23338->23449 23346 26ddd1 53 API calls 23339->23346 23340->23325 23342 27b6fa 23341->23342 23350 27b70c 23342->23350 23371 27b731 23342->23371 23343->23344 23347 27b876 23344->23347 23565 2612c8 GetDlgItem EnableWindow 23344->23565 23349 27b6d6 SetDlgItemTextW 23346->23349 23355 27b89d 23347->23355 23362 27b895 SendMessageW 23347->23362 23348 27b195 23353 27b1ac 23348->23353 23354 27b19e GetLastError 23348->23354 23349->23328 23563 279635 32 API calls 23350->23563 23351 27b78a 23356 27bdf5 98 API calls 23351->23356 23365 27b237 23353->23365 23367 27b1c4 GetTickCount 23353->23367 23410 27b227 23353->23410 23354->23353 23355->23335 23359 26ddd1 53 API calls 23355->23359 23356->23370 23358 27b86c 23566 2612c8 GetDlgItem EnableWindow 23358->23566 23364 27b8b6 SetDlgItemTextW 23359->23364 23360 27b725 23360->23371 23362->23355 23363 27b825 23564 279635 32 API calls 23363->23564 23364->23335 23373 27b407 23365->23373 23374 27b24f GetModuleFileNameW 23365->23374 23366 27b46c 23465 2612e6 GetDlgItem ShowWindow 23366->23465 23368 26400a _swprintf 51 API calls 23367->23368 23375 27b1dd 23368->23375 23370->23336 23370->23363 23377 26ddd1 53 API calls 23370->23377 23371->23351 23378 27bdf5 98 API calls 23371->23378 23373->23283 23382 26ddd1 53 API calls 23373->23382 23557 26eb3a 80 API calls 23374->23557 23450 26971e 23375->23450 23376 27b844 23376->23336 23377->23370 23383 27b75f 23378->23383 23379 27b47c 23466 2612e6 GetDlgItem ShowWindow 23379->23466 23381 27b275 23386 26400a _swprintf 51 API calls 23381->23386 23387 27b41b 23382->23387 23383->23351 23388 27b768 DialogBoxParamW 23383->23388 23385 27b486 23467 26ddd1 23385->23467 23390 27b297 CreateFileMappingW 23386->23390 23392 26400a _swprintf 51 API calls 23387->23392 23388->23283 23388->23351 23394 27b376 __vswprintf_c_l 23390->23394 23395 27b2f9 GetCommandLineW 23390->23395 23402 27b439 23392->23402 23397 27b381 ShellExecuteExW 23394->23397 23399 27b30a 23395->23399 23396 27b203 23400 27b20a GetLastError 23396->23400 23401 27b215 23396->23401 23423 27b39e 23397->23423 23558 27ab2e SHGetMalloc 23399->23558 23400->23401 23458 269653 23401->23458 23409 26ddd1 53 API calls 23402->23409 23403 27b4a2 SetDlgItemTextW GetDlgItem 23406 27b4d7 23403->23406 23407 27b4bf GetWindowLongW SetWindowLongW 23403->23407 23471 27bdf5 23406->23471 23407->23406 23408 27b326 23559 27ab2e SHGetMalloc 23408->23559 23409->23283 23410->23365 23410->23366 23414 27b332 23560 27ab2e SHGetMalloc 23414->23560 23415 27b3e1 23415->23373 23422 27b3f7 UnmapViewOfFile CloseHandle 23415->23422 23416 27bdf5 98 API calls 23418 27b4f3 23416->23418 23496 27d0f5 23418->23496 23419 27b33e 23561 26ecad 80 API calls ___scrt_fastfail 23419->23561 23422->23373 23423->23415 23426 27b3cd Sleep 23423->23426 23425 27b355 MapViewOfFile 23425->23394 23426->23415 23426->23423 23427 27bdf5 98 API calls 23430 27b519 23427->23430 23428 27b542 23562 2612c8 GetDlgItem EnableWindow 23428->23562 23430->23428 23432 27bdf5 98 API calls 23430->23432 23431->23283 23431->23306 23432->23428 23434 261314 23433->23434 23435 26136d 23433->23435 23437 26137a 23434->23437 23567 26da98 62 API calls 2 library calls 23434->23567 23568 26da71 GetWindowLongW SetWindowLongW 23435->23568 23437->23274 23437->23275 23437->23335 23439 261336 23439->23437 23440 261349 GetDlgItem 23439->23440 23440->23437 23441 261359 23440->23441 23441->23437 23442 26135f SetWindowTextW 23441->23442 23442->23437 23445 26a059 23443->23445 23444 26a0ea 23446 26a207 9 API calls 23444->23446 23448 26a113 23444->23448 23445->23444 23445->23448 23569 26a207 23445->23569 23446->23448 23448->23337 23448->23338 23449->23348 23451 269728 23450->23451 23452 269792 CreateFileW 23451->23452 23453 269786 23451->23453 23452->23453 23454 2697e4 23453->23454 23455 26b66c 2 API calls 23453->23455 23454->23396 23456 2697cb 23455->23456 23456->23454 23457 2697cf CreateFileW 23456->23457 23457->23454 23459 269677 23458->23459 23460 269688 23458->23460 23459->23460 23461 269683 23459->23461 23462 26968a 23459->23462 23460->23410 23590 269817 23461->23590 23595 2696d0 23462->23595 23465->23379 23466->23385 23610 26ddff 23467->23610 23470 2612e6 GetDlgItem ShowWindow 23470->23403 23472 27bdff __EH_prolog 23471->23472 23473 27b4e5 23472->23473 23474 27aa36 ExpandEnvironmentStringsW 23472->23474 23473->23416 23475 27be36 _wcsrchr 23474->23475 23475->23473 23477 27aa36 ExpandEnvironmentStringsW 23475->23477 23478 27c11d SetWindowTextW 23475->23478 23481 2835de 22 API calls 23475->23481 23483 27bf0b SetFileAttributesW 23475->23483 23489 27c2e7 GetDlgItem SetWindowTextW SendMessageW 23475->23489 23491 27c327 SendMessageW 23475->23491 23633 2717ac CompareStringW 23475->23633 23634 279da4 GetCurrentDirectoryW 23475->23634 23636 26a52a 7 API calls 23475->23636 23637 26a4b3 FindClose 23475->23637 23638 27ab9a 76 API calls ___std_exception_copy 23475->23638 23477->23475 23478->23475 23481->23475 23485 27bfc5 GetFileAttributesW 23483->23485 23495 27bf25 ___scrt_fastfail 23483->23495 23485->23475 23487 27bfd7 DeleteFileW 23485->23487 23487->23475 23488 27bfe8 23487->23488 23490 26400a _swprintf 51 API calls 23488->23490 23489->23475 23492 27c008 GetFileAttributesW 23490->23492 23491->23475 23492->23488 23493 27c01d MoveFileW 23492->23493 23493->23475 23494 27c035 MoveFileExW 23493->23494 23494->23475 23495->23475 23495->23485 23635 26b4f7 52 API calls 2 library calls 23495->23635 23497 27d0ff __EH_prolog 23496->23497 23639 26fead 23497->23639 23499 27d130 23643 265c59 23499->23643 23501 27d14e 23647 267c68 23501->23647 23505 27d1a1 23664 267cfb 23505->23664 23507 27b504 23507->23427 23509 27cd38 23508->23509 24137 279d1a 23509->24137 23512 27b5d1 23512->23280 23512->23281 23513 27cd45 GetWindow 23513->23512 23518 27cd65 23513->23518 23514 27cd72 GetClassNameW 24142 2717ac CompareStringW 23514->24142 23516 27cd96 GetWindowLongW 23517 27cdfa GetWindow 23516->23517 23519 27cda6 SendMessageW 23516->23519 23517->23512 23517->23518 23518->23512 23518->23514 23518->23516 23518->23517 23519->23517 23520 27cdbc GetObjectW 23519->23520 24143 279d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23520->24143 23522 27cdd3 24144 279d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23522->24144 24145 279f5d 8 API calls ___scrt_fastfail 23522->24145 23525 27cde4 SendMessageW DeleteObject 23525->23517 23526->23295 23528 27a30d 23527->23528 23529 27a2e8 23527->23529 23533 27a7c3 23528->23533 24148 2717ac CompareStringW 23529->24148 23531 27a2fb 23531->23528 23532 27a2ff FindWindowExW 23531->23532 23532->23528 23534 27a7cd __EH_prolog 23533->23534 23535 261380 82 API calls 23534->23535 23536 27a7ef 23535->23536 24149 261f4f 23536->24149 23539 27a809 23541 261631 84 API calls 23539->23541 23540 27a818 23542 261951 126 API calls 23540->23542 23543 27a814 23541->23543 23544 27a83a __vswprintf_c_l ___std_exception_copy 23542->23544 23543->23322 23543->23327 23544->23543 23545 261631 84 API calls 23544->23545 23545->23543 23546->23305 24157 27ac74 PeekMessageW 23547->24157 23550 27cbbc SendMessageW SendMessageW 23552 27cc17 SendMessageW SendMessageW SendMessageW 23550->23552 23553 27cbf8 23550->23553 23551 27cb88 23554 27cb93 ShowWindow SendMessageW SendMessageW 23551->23554 23555 27cc6d SendMessageW 23552->23555 23556 27cc4a SendMessageW 23552->23556 23553->23552 23554->23550 23555->23325 23556->23555 23557->23381 23558->23408 23559->23414 23560->23419 23561->23425 23562->23431 23563->23360 23564->23376 23565->23358 23566->23347 23567->23439 23568->23437 23570 26a214 23569->23570 23571 26a238 23570->23571 23572 26a22b CreateDirectoryW 23570->23572 23573 26a180 4 API calls 23571->23573 23572->23571 23574 26a26b 23572->23574 23575 26a23e 23573->23575 23578 26a27a 23574->23578 23582 26a444 23574->23582 23576 26a27e GetLastError 23575->23576 23579 26b66c 2 API calls 23575->23579 23576->23578 23578->23445 23580 26a254 23579->23580 23580->23576 23581 26a258 CreateDirectoryW 23580->23581 23581->23574 23581->23576 23583 27e360 23582->23583 23584 26a451 SetFileAttributesW 23583->23584 23585 26a467 23584->23585 23586 26a494 23584->23586 23587 26b66c 2 API calls 23585->23587 23586->23578 23588 26a47b 23587->23588 23588->23586 23589 26a47f SetFileAttributesW 23588->23589 23589->23586 23591 269820 23590->23591 23594 269824 23590->23594 23591->23460 23594->23591 23601 26a12d 23594->23601 23596 2696dc 23595->23596 23599 2696fa 23595->23599 23598 2696e8 FindCloseChangeNotification 23596->23598 23596->23599 23597 269719 23597->23460 23598->23599 23599->23597 23609 266e3e 74 API calls 23599->23609 23602 27e360 23601->23602 23603 26a13a DeleteFileW 23602->23603 23604 26984c 23603->23604 23605 26a14d 23603->23605 23604->23460 23606 26b66c 2 API calls 23605->23606 23607 26a161 23606->23607 23607->23604 23608 26a165 DeleteFileW 23607->23608 23608->23604 23609->23597 23616 26d28a 23610->23616 23613 26de22 LoadStringW 23614 26ddfc SetDlgItemTextW 23613->23614 23615 26de39 LoadStringW 23613->23615 23614->23470 23615->23614 23621 26d1c3 23616->23621 23618 26d2a7 23619 26d2bc 23618->23619 23629 26d2c8 26 API calls 23618->23629 23619->23613 23619->23614 23622 26d1de 23621->23622 23628 26d1d7 _strncpy 23621->23628 23624 26d202 23622->23624 23630 271596 WideCharToMultiByte 23622->23630 23627 26d233 23624->23627 23631 26dd6b 50 API calls __vsnprintf 23624->23631 23632 2858d9 26 API calls 3 library calls 23627->23632 23628->23618 23629->23619 23630->23624 23631->23627 23632->23628 23633->23475 23634->23475 23635->23495 23636->23475 23637->23475 23638->23475 23640 26feba 23639->23640 23668 261789 23640->23668 23642 26fed2 23642->23499 23644 26fead 23643->23644 23645 261789 76 API calls 23644->23645 23646 26fed2 23645->23646 23646->23501 23648 267c72 __EH_prolog 23647->23648 23685 26c827 23648->23685 23650 267c8d 23691 27e24a 23650->23691 23652 267cb7 23697 27440b 23652->23697 23655 267ddf 23656 267de9 23655->23656 23658 267e53 23656->23658 23729 26a4c6 23656->23729 23659 267ec4 23658->23659 23662 26a4c6 8 API calls 23658->23662 23707 26837f 23658->23707 23663 267f06 23659->23663 23735 266dc1 74 API calls 23659->23735 23662->23658 23663->23505 23665 267d09 23664->23665 23667 267d10 23664->23667 23666 271acf 84 API calls 23665->23666 23666->23667 23670 26179f 23668->23670 23680 2617fa __vswprintf_c_l 23668->23680 23669 2617c8 23671 261827 23669->23671 23677 2617e7 ___std_exception_copy 23669->23677 23670->23669 23681 266e91 74 API calls __vswprintf_c_l 23670->23681 23673 2835de 22 API calls 23671->23673 23676 26182e 23673->23676 23674 2617be 23682 266efd 75 API calls 23674->23682 23676->23680 23684 266efd 75 API calls 23676->23684 23677->23680 23683 266efd 75 API calls 23677->23683 23680->23642 23681->23674 23682->23669 23683->23680 23684->23680 23686 26c831 __EH_prolog 23685->23686 23687 27e24a new 8 API calls 23686->23687 23688 26c874 23687->23688 23689 27e24a new 8 API calls 23688->23689 23690 26c898 23689->23690 23690->23650 23692 27e24f ___std_exception_copy 23691->23692 23693 27e27b 23692->23693 23703 2871ad 7 API calls 2 library calls 23692->23703 23704 27ecce RaiseException CallUnexpected new 23692->23704 23705 27ecb1 RaiseException Concurrency::cancel_current_task CallUnexpected 23692->23705 23693->23652 23698 274415 __EH_prolog 23697->23698 23699 27e24a new 8 API calls 23698->23699 23700 274431 23699->23700 23701 267ce6 23700->23701 23706 2706ba 78 API calls 23700->23706 23701->23655 23703->23692 23706->23701 23708 268389 __EH_prolog 23707->23708 23736 261380 23708->23736 23710 2683a4 23744 269ef7 23710->23744 23716 2683d3 23867 261631 23716->23867 23717 26846e 23763 268517 23717->23763 23721 2684ce 23770 261f00 23721->23770 23724 2683cf 23724->23716 23724->23717 23726 26a4c6 8 API calls 23724->23726 23871 26bac4 CompareStringW 23724->23871 23725 2684d9 23725->23716 23774 263aac 23725->23774 23784 26857b 23725->23784 23726->23724 23730 26a4db 23729->23730 23731 26a4df 23730->23731 24125 26a5f4 23730->24125 23731->23656 23733 26a4ef 23733->23731 23734 26a4f4 FindClose 23733->23734 23734->23731 23735->23663 23737 261385 __EH_prolog 23736->23737 23738 26c827 8 API calls 23737->23738 23739 2613bd 23738->23739 23740 27e24a new 8 API calls 23739->23740 23743 261416 ___scrt_fastfail 23739->23743 23741 261403 23740->23741 23741->23743 23872 26b07d 23741->23872 23743->23710 23745 269f0e 23744->23745 23747 2683ba 23745->23747 23888 266f5d 76 API calls 23745->23888 23747->23716 23748 2619a6 23747->23748 23749 2619b0 __EH_prolog 23748->23749 23760 261a00 23749->23760 23761 2619e5 23749->23761 23889 26709d 23749->23889 23751 261b50 23892 266dc1 74 API calls 23751->23892 23753 263aac 97 API calls 23757 261bb3 23753->23757 23754 261b60 23754->23753 23754->23761 23755 261bff 23755->23761 23762 261c32 23755->23762 23893 266dc1 74 API calls 23755->23893 23757->23755 23758 263aac 97 API calls 23757->23758 23758->23757 23759 263aac 97 API calls 23759->23762 23760->23751 23760->23754 23760->23761 23761->23724 23762->23759 23762->23761 23764 268524 23763->23764 23911 270c26 GetSystemTime SystemTimeToFileTime 23764->23911 23766 268488 23766->23721 23767 271359 23766->23767 23913 27d51a 23767->23913 23772 261f05 __EH_prolog 23770->23772 23771 261f39 23771->23725 23772->23771 23921 261951 23772->23921 23775 263abc 23774->23775 23776 263ab8 23774->23776 23777 263af7 23775->23777 23778 263ae9 23775->23778 23776->23725 24056 2627e8 97 API calls 3 library calls 23777->24056 23779 263b29 23778->23779 24055 263281 85 API calls 3 library calls 23778->24055 23779->23725 23782 263af5 23782->23779 24057 26204e 74 API calls 23782->24057 23785 268585 __EH_prolog 23784->23785 23786 2685be 23785->23786 23794 2685c2 23785->23794 24080 2784bd 99 API calls 23785->24080 23787 2685e7 23786->23787 23792 26867a 23786->23792 23786->23794 23789 268609 23787->23789 23787->23794 24081 267b66 151 API calls 23787->24081 23789->23794 24082 2784bd 99 API calls 23789->24082 23792->23794 24058 265e3a 23792->24058 23794->23725 23795 268705 23795->23794 24064 26826a 23795->24064 23798 268875 23799 26a4c6 8 API calls 23798->23799 23802 2688e0 23798->23802 23799->23802 23801 26c991 80 API calls 23805 26893b _memcmp 23801->23805 24068 267d6c 23802->24068 23803 268a70 23804 268b43 23803->23804 23810 268abf 23803->23810 23809 268b9e 23804->23809 23819 268b4e 23804->23819 23805->23794 23805->23801 23805->23803 23806 268a69 23805->23806 24083 268236 82 API calls 23805->24083 24084 261f94 74 API calls 23805->24084 24085 261f94 74 API calls 23806->24085 23818 268b30 23809->23818 24088 2680ea 96 API calls 23809->24088 23812 26a180 4 API calls 23810->23812 23810->23818 23811 268b9c 23813 269653 79 API calls 23811->23813 23816 268af7 23812->23816 23813->23794 23815 269653 79 API calls 23815->23794 23816->23818 24086 269377 96 API calls 23816->24086 23817 268c09 23830 268c74 23817->23830 23866 2691c1 __except_handler4 23817->23866 24089 269989 23817->24089 23818->23811 23818->23817 23819->23811 24087 267f26 100 API calls __except_handler4 23819->24087 23820 26aa88 8 API calls 23823 268cc3 23820->23823 23826 26aa88 8 API calls 23823->23826 23825 268c4c 23825->23830 24093 261f94 74 API calls 23825->24093 23844 268cd9 23826->23844 23828 268c62 24094 267061 75 API calls 23828->24094 23830->23820 23831 268d9c 23832 268df7 23831->23832 23833 268efd 23831->23833 23834 268e69 23832->23834 23835 268e07 23832->23835 23837 268f23 23833->23837 23838 268f0f 23833->23838 23854 268e27 23833->23854 23836 26826a CharUpperW 23834->23836 23839 268e4d 23835->23839 23848 268e15 23835->23848 23840 268e84 23836->23840 23842 272c42 75 API calls 23837->23842 23841 2692e6 121 API calls 23838->23841 23839->23854 24097 267907 108 API calls 23839->24097 23850 268eb4 23840->23850 23851 268ead 23840->23851 23840->23854 23841->23854 23843 268f3c 23842->23843 24100 2728f1 121 API calls 23843->24100 23844->23831 24095 269b21 SetFilePointer GetLastError SetEndOfFile 23844->24095 24096 261f94 74 API calls 23848->24096 24099 269224 94 API calls __EH_prolog 23850->24099 24098 267698 84 API calls __except_handler4 23851->24098 23860 26904b 23854->23860 24101 261f94 74 API calls 23854->24101 23856 269156 23858 26a444 4 API calls 23856->23858 23856->23866 23857 269104 24075 269d62 23857->24075 23859 2691b1 23858->23859 23859->23866 24102 261f94 74 API calls 23859->24102 23860->23856 23860->23857 23860->23866 24074 269ebf SetEndOfFile 23860->24074 23863 26914b 23865 2696d0 75 API calls 23863->23865 23865->23856 23866->23815 23868 261643 23867->23868 24117 26c8ca 23868->24117 23871->23724 23873 26b087 __EH_prolog 23872->23873 23878 26ea80 80 API calls 23873->23878 23875 26b099 23879 26b195 23875->23879 23878->23875 23880 26b1a7 ___scrt_fastfail 23879->23880 23883 270948 23880->23883 23886 270908 GetCurrentProcess GetProcessAffinityMask 23883->23886 23887 26b10f 23886->23887 23887->23743 23888->23747 23894 2616d2 23889->23894 23891 2670b9 23891->23760 23892->23761 23893->23762 23895 2616e8 23894->23895 23906 261740 __vswprintf_c_l 23894->23906 23896 261711 23895->23896 23907 266e91 74 API calls __vswprintf_c_l 23895->23907 23897 261767 23896->23897 23903 26172d ___std_exception_copy 23896->23903 23900 2835de 22 API calls 23897->23900 23899 261707 23908 266efd 75 API calls 23899->23908 23902 26176e 23900->23902 23902->23906 23910 266efd 75 API calls 23902->23910 23903->23906 23909 266efd 75 API calls 23903->23909 23906->23891 23907->23899 23908->23896 23909->23906 23910->23906 23912 270c56 __vsnwprintf_l 23911->23912 23912->23766 23914 27d527 23913->23914 23915 26ddd1 53 API calls 23914->23915 23916 27d54a 23915->23916 23917 26400a _swprintf 51 API calls 23916->23917 23918 27d55c 23917->23918 23919 27cb5a 16 API calls 23918->23919 23920 271372 23919->23920 23920->23721 23922 261961 23921->23922 23924 26195d 23921->23924 23925 261896 23922->23925 23924->23771 23926 2618a8 23925->23926 23927 2618e5 23925->23927 23928 263aac 97 API calls 23926->23928 23933 263f18 23927->23933 23931 2618c8 23928->23931 23931->23924 23936 263f21 23933->23936 23934 263aac 97 API calls 23934->23936 23936->23934 23937 261906 23936->23937 23950 27067c 23936->23950 23937->23931 23938 261e00 23937->23938 23939 261e0a __EH_prolog 23938->23939 23958 263b3d 23939->23958 23941 261e34 23942 261ebb 23941->23942 23943 2616d2 76 API calls 23941->23943 23942->23931 23944 261e4b 23943->23944 23986 261849 76 API calls 23944->23986 23946 261e63 23948 261e6f 23946->23948 23987 27137a MultiByteToWideChar 23946->23987 23988 261849 76 API calls 23948->23988 23951 270683 23950->23951 23953 27069e 23951->23953 23956 266e8c RaiseException CallUnexpected 23951->23956 23954 2706af SetThreadExecutionState 23953->23954 23957 266e8c RaiseException CallUnexpected 23953->23957 23954->23936 23956->23953 23957->23954 23959 263b47 __EH_prolog 23958->23959 23960 263b5d 23959->23960 23961 263b79 23959->23961 24017 266dc1 74 API calls 23960->24017 23963 263dc2 23961->23963 23966 263ba5 23961->23966 24034 266dc1 74 API calls 23963->24034 23964 263b68 23964->23941 23966->23964 23989 272c42 23966->23989 23968 263c26 23969 263cb1 23968->23969 23985 263c1d 23968->23985 24020 26c991 23968->24020 24002 26aa88 23969->24002 23970 263c22 23970->23968 24019 262034 76 API calls 23970->24019 23972 263bf4 23972->23968 23972->23970 23973 263c12 23972->23973 24018 266dc1 74 API calls 23973->24018 23975 263cc4 23979 263d3e 23975->23979 23980 263d48 23975->23980 24006 2692e6 23979->24006 24026 2728f1 121 API calls 23980->24026 23983 263d46 23983->23985 24027 261f94 74 API calls 23983->24027 24028 271acf 23985->24028 23986->23946 23987->23948 23988->23942 23990 272c51 23989->23990 23992 272c5b 23989->23992 24035 266efd 75 API calls 23990->24035 23993 272ca2 ___std_exception_copy 23992->23993 23995 272c9d Concurrency::cancel_current_task 23992->23995 24001 272cfd ___scrt_fastfail 23992->24001 23994 272da9 Concurrency::cancel_current_task 23993->23994 24000 272cd9 23993->24000 23993->24001 24038 28157a RaiseException 23994->24038 24037 28157a RaiseException 23995->24037 23999 272dc1 24036 272b7b 75 API calls 4 library calls 24000->24036 24001->23972 24003 26aa95 24002->24003 24005 26aa9f 24002->24005 24004 27e24a new 8 API calls 24003->24004 24004->24005 24005->23975 24007 2692f0 __EH_prolog 24006->24007 24039 267dc6 24007->24039 24010 26709d 76 API calls 24011 269302 24010->24011 24042 26ca6c 24011->24042 24013 26935c 24013->23983 24015 26ca6c 114 API calls 24016 269314 24015->24016 24016->24013 24016->24015 24051 26cc51 97 API calls __vswprintf_c_l 24016->24051 24017->23964 24018->23985 24019->23968 24021 26c9c4 24020->24021 24022 26c9b2 24020->24022 24053 266249 80 API calls 24021->24053 24052 266249 80 API calls 24022->24052 24025 26c9bc 24025->23969 24026->23983 24027->23985 24029 271ad9 24028->24029 24030 271af2 24029->24030 24033 271b06 24029->24033 24054 27075b 84 API calls 24030->24054 24032 271af9 24032->24033 24034->23964 24035->23992 24036->24001 24037->23994 24038->23999 24040 26acf5 GetVersionExW 24039->24040 24041 267dcb 24040->24041 24041->24010 24048 26ca82 __vswprintf_c_l 24042->24048 24043 26cbf7 24044 26cc1f 24043->24044 24045 26ca0b 6 API calls 24043->24045 24046 27067c SetThreadExecutionState RaiseException 24044->24046 24045->24044 24049 26cbee 24046->24049 24047 2784bd 99 API calls 24047->24048 24048->24043 24048->24047 24048->24049 24050 26ab70 89 API calls 24048->24050 24049->24016 24050->24048 24051->24016 24052->24025 24053->24025 24054->24032 24055->23782 24056->23782 24057->23779 24059 265e4a 24058->24059 24103 265d67 24059->24103 24061 265e7d 24063 265eb5 24061->24063 24108 26ad65 CharUpperW CompareStringW 24061->24108 24063->23795 24065 268289 24064->24065 24114 27179d CharUpperW 24065->24114 24067 268333 24067->23798 24069 267d7b 24068->24069 24070 267dbb 24069->24070 24115 267043 74 API calls 24069->24115 24070->23805 24072 267db3 24116 266dc1 74 API calls 24072->24116 24074->23857 24076 269d73 24075->24076 24079 269d82 24075->24079 24077 269d79 FlushFileBuffers 24076->24077 24076->24079 24077->24079 24078 269dfb SetFileTime 24078->23863 24079->24078 24080->23786 24081->23789 24082->23794 24083->23805 24084->23805 24085->23803 24086->23818 24087->23811 24088->23818 24090 269992 GetFileType 24089->24090 24091 26998f 24089->24091 24092 2699a0 24090->24092 24091->23825 24092->23825 24093->23828 24094->23830 24095->23831 24096->23854 24097->23854 24098->23854 24099->23854 24100->23854 24101->23860 24102->23866 24109 265c64 24103->24109 24105 265d88 24105->24061 24107 265c64 2 API calls 24107->24105 24108->24061 24110 265c6e 24109->24110 24112 265d56 24110->24112 24113 26ad65 CharUpperW CompareStringW 24110->24113 24112->24105 24112->24107 24113->24110 24114->24067 24115->24072 24116->24070 24118 26c8db 24117->24118 24123 26a90e 84 API calls 24118->24123 24120 26c90d 24124 26a90e 84 API calls 24120->24124 24122 26c918 24123->24120 24124->24122 24126 26a5fe 24125->24126 24127 26a691 FindNextFileW 24126->24127 24128 26a621 FindFirstFileW 24126->24128 24130 26a6b0 24127->24130 24131 26a69c GetLastError 24127->24131 24129 26a638 24128->24129 24136 26a675 24128->24136 24132 26b66c 2 API calls 24129->24132 24130->24136 24131->24130 24133 26a64d 24132->24133 24134 26a651 FindFirstFileW 24133->24134 24135 26a66a GetLastError 24133->24135 24134->24135 24134->24136 24135->24136 24136->23733 24146 279d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24137->24146 24139 279d21 24140 279d2d 24139->24140 24147 279d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24139->24147 24140->23512 24140->23513 24142->23518 24143->23522 24144->23522 24145->23525 24146->24139 24147->24140 24148->23531 24150 269ef7 76 API calls 24149->24150 24151 261f5b 24150->24151 24152 2619a6 97 API calls 24151->24152 24154 261f78 24151->24154 24153 261f68 24152->24153 24153->24154 24156 266dc1 74 API calls 24153->24156 24154->23539 24154->23540 24156->24154 24158 27ac8f GetMessageW 24157->24158 24159 27acc8 GetDlgItem 24157->24159 24160 27aca5 IsDialogMessageW 24158->24160 24161 27acb4 TranslateMessage DispatchMessageW 24158->24161 24159->23550 24159->23551 24160->24159 24160->24161 24161->24159 24831 27b8e0 93 API calls _swprintf 24832 278ce0 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 24835 2916e0 CloseHandle 24875 27ebf7 20 API calls 24181 27e1f9 24182 27e203 24181->24182 24183 27df59 ___delayLoadHelper2@8 19 API calls 24182->24183 24184 27e210 24183->24184 24839 27a8c2 GetDlgItem EnableWindow ShowWindow SendMessageW 24840 27eac0 27 API calls pre_c_initialization 24879 2797c0 10 API calls 24842 289ec0 21 API calls 24880 28b5c0 GetCommandLineA GetCommandLineW 24881 28ebc1 21 API calls __vsnwprintf_l 24194 2610d5 24199 265bd7 24194->24199 24200 265be1 __EH_prolog 24199->24200 24201 26b07d 82 API calls 24200->24201 24202 265bed 24201->24202 24206 265dcc GetCurrentProcess GetProcessAffinityMask 24202->24206 24208 27ead2 24209 27eade ___DestructExceptionObject 24208->24209 24234 27e5c7 24209->24234 24211 27eae5 24213 27eb0e 24211->24213 24314 27ef05 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 24211->24314 24221 27eb4d ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24213->24221 24245 28824d 24213->24245 24217 27eb2d ___DestructExceptionObject 24218 27ebad 24253 27f020 24218->24253 24221->24218 24315 287243 38 API calls 2 library calls 24221->24315 24229 27ebd9 24231 27ebe2 24229->24231 24316 28764a 28 API calls _abort 24229->24316 24317 27e73e 13 API calls 2 library calls 24231->24317 24235 27e5d0 24234->24235 24318 27ed5b IsProcessorFeaturePresent 24235->24318 24237 27e5dc 24319 282016 24237->24319 24239 27e5e1 24244 27e5e5 24239->24244 24328 2880d7 24239->24328 24242 27e5fc 24242->24211 24244->24211 24247 288264 24245->24247 24246 27ec4a _ValidateLocalCookies 5 API calls 24248 27eb27 24246->24248 24247->24246 24248->24217 24249 2881f1 24248->24249 24251 288220 24249->24251 24250 27ec4a _ValidateLocalCookies 5 API calls 24252 288249 24250->24252 24251->24250 24252->24221 24378 27f350 24253->24378 24256 27ebb3 24257 28819e 24256->24257 24380 28b290 24257->24380 24259 27ebbc 24262 27d5d4 24259->24262 24260 2881a7 24260->24259 24384 28b59a 38 API calls 24260->24384 24505 2700cf 24262->24505 24266 27d5f3 24554 27a335 24266->24554 24268 27d5fc 24558 2713b3 GetCPInfo 24268->24558 24270 27d606 ___scrt_fastfail 24271 27d619 GetCommandLineW 24270->24271 24272 27d6a6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24271->24272 24273 27d628 24271->24273 24274 26400a _swprintf 51 API calls 24272->24274 24591 27bc84 81 API calls 24273->24591 24276 27d70d SetEnvironmentVariableW GetModuleHandleW LoadIconW 24274->24276 24561 27aded LoadBitmapW 24276->24561 24277 27d62e 24278 27d636 OpenFileMappingW 24277->24278 24279 27d6a0 24277->24279 24281 27d696 CloseHandle 24278->24281 24282 27d64f MapViewOfFile 24278->24282 24593 27d287 SetEnvironmentVariableW SetEnvironmentVariableW 24279->24593 24281->24272 24286 27d660 __vswprintf_c_l 24282->24286 24287 27d68d UnmapViewOfFile 24282->24287 24592 27d287 SetEnvironmentVariableW SetEnvironmentVariableW 24286->24592 24287->24281 24292 278835 8 API calls 24294 27d76a DialogBoxParamW 24292->24294 24293 27d67c 24293->24287 24295 27d7a4 24294->24295 24296 27d7b6 Sleep 24295->24296 24297 27d7bd 24295->24297 24296->24297 24299 27d7cb 24297->24299 24594 27a544 CompareStringW SetCurrentDirectoryW ___scrt_fastfail 24297->24594 24300 27d7ea DeleteObject 24299->24300 24301 27d806 24300->24301 24302 27d7ff DeleteObject 24300->24302 24303 27d837 24301->24303 24304 27d849 24301->24304 24302->24301 24595 27d2e6 6 API calls 24303->24595 24588 27a39d 24304->24588 24307 27d83d CloseHandle 24307->24304 24308 27d883 24309 28757e GetModuleHandleW 24308->24309 24310 27ebcf 24309->24310 24310->24229 24311 2876a7 24310->24311 24728 287424 24311->24728 24314->24211 24315->24218 24316->24231 24317->24217 24318->24237 24320 28201b ___vcrt_initialize_pure_virtual_call_handler ___vcrt_initialize_winapi_thunks 24319->24320 24332 28310e 24320->24332 24323 282029 24323->24239 24325 282031 24326 28203c 24325->24326 24346 28314a DeleteCriticalSection 24325->24346 24326->24239 24374 28b73a 24328->24374 24331 28203f 8 API calls 3 library calls 24331->24244 24333 283117 24332->24333 24335 283140 24333->24335 24337 282025 24333->24337 24347 283385 24333->24347 24352 28314a DeleteCriticalSection 24335->24352 24337->24323 24338 28215c 24337->24338 24367 28329a 24338->24367 24340 282166 24341 282171 24340->24341 24372 283348 6 API calls try_get_function 24340->24372 24341->24325 24343 28217f 24344 28218c 24343->24344 24373 28218f 6 API calls ___vcrt_FlsFree 24343->24373 24344->24325 24346->24323 24353 283179 24347->24353 24350 2833a8 24350->24333 24351 2833bc InitializeCriticalSectionAndSpinCount 24351->24350 24352->24337 24354 2831ad 24353->24354 24358 2831a9 24353->24358 24354->24350 24354->24351 24355 2831cd 24355->24354 24357 2831d9 GetProcAddress 24355->24357 24359 2831e9 __crt_fast_encode_pointer 24357->24359 24358->24354 24358->24355 24360 283219 24358->24360 24359->24354 24361 283241 LoadLibraryExW 24360->24361 24366 283236 24360->24366 24362 28325d GetLastError 24361->24362 24363 283275 24361->24363 24362->24363 24364 283268 LoadLibraryExW 24362->24364 24365 28328c FreeLibrary 24363->24365 24363->24366 24364->24363 24365->24366 24366->24358 24368 283179 try_get_function 5 API calls 24367->24368 24369 2832b4 24368->24369 24370 2832cc TlsAlloc 24369->24370 24371 2832bd 24369->24371 24371->24340 24372->24343 24373->24341 24377 28b753 24374->24377 24375 27ec4a _ValidateLocalCookies 5 API calls 24376 27e5ee 24375->24376 24376->24242 24376->24331 24377->24375 24379 27f033 GetStartupInfoW 24378->24379 24379->24256 24381 28b299 24380->24381 24382 28b2a2 24380->24382 24385 28b188 24381->24385 24382->24260 24384->24260 24386 288fa5 _abort 38 API calls 24385->24386 24387 28b195 24386->24387 24405 28b2ae 24387->24405 24389 28b19d 24414 28af1b 24389->24414 24392 288518 __vsnwprintf_l 21 API calls 24393 28b1c5 24392->24393 24394 28b1f7 24393->24394 24421 28b350 24393->24421 24396 2884de _free 20 API calls 24394->24396 24398 28b1b4 24396->24398 24398->24382 24399 28b1f2 24431 28895a 20 API calls _abort 24399->24431 24401 28b23b 24401->24394 24432 28adf1 26 API calls 24401->24432 24402 28b20f 24402->24401 24403 2884de _free 20 API calls 24402->24403 24403->24401 24406 28b2ba ___DestructExceptionObject 24405->24406 24407 288fa5 _abort 38 API calls 24406->24407 24409 28b2c4 24407->24409 24412 28b348 ___DestructExceptionObject 24409->24412 24413 2884de _free 20 API calls 24409->24413 24433 288566 38 API calls _abort 24409->24433 24434 28a3f1 EnterCriticalSection 24409->24434 24435 28b33f LeaveCriticalSection _abort 24409->24435 24412->24389 24413->24409 24415 283dd6 __fassign 38 API calls 24414->24415 24416 28af2d 24415->24416 24417 28af3c GetOEMCP 24416->24417 24418 28af4e 24416->24418 24419 28af65 24417->24419 24418->24419 24420 28af53 GetACP 24418->24420 24419->24392 24419->24398 24420->24419 24422 28af1b 40 API calls 24421->24422 24424 28b36f 24422->24424 24423 28b376 24425 27ec4a _ValidateLocalCookies 5 API calls 24423->24425 24424->24423 24427 28b3c0 IsValidCodePage 24424->24427 24430 28b3e5 ___scrt_fastfail 24424->24430 24426 28b1ea 24425->24426 24426->24399 24426->24402 24427->24423 24428 28b3d2 GetCPInfo 24427->24428 24428->24423 24428->24430 24436 28aff4 GetCPInfo 24430->24436 24431->24394 24432->24394 24434->24409 24435->24409 24437 28b0d8 24436->24437 24443 28b02e 24436->24443 24440 27ec4a _ValidateLocalCookies 5 API calls 24437->24440 24442 28b184 24440->24442 24442->24423 24446 28c099 24443->24446 24445 28a275 __vsnwprintf_l 43 API calls 24445->24437 24447 283dd6 __fassign 38 API calls 24446->24447 24449 28c0b9 MultiByteToWideChar 24447->24449 24450 28c18f 24449->24450 24451 28c0f7 24449->24451 24452 27ec4a _ValidateLocalCookies 5 API calls 24450->24452 24453 288518 __vsnwprintf_l 21 API calls 24451->24453 24457 28c118 __vsnwprintf_l ___scrt_fastfail 24451->24457 24454 28b08f 24452->24454 24453->24457 24460 28a275 24454->24460 24455 28c189 24465 28a2c0 20 API calls _free 24455->24465 24457->24455 24458 28c15d MultiByteToWideChar 24457->24458 24458->24455 24459 28c179 GetStringTypeW 24458->24459 24459->24455 24461 283dd6 __fassign 38 API calls 24460->24461 24462 28a288 24461->24462 24466 28a058 24462->24466 24465->24450 24468 28a073 __vsnwprintf_l 24466->24468 24467 28a099 MultiByteToWideChar 24469 28a24d 24467->24469 24470 28a0c3 24467->24470 24468->24467 24471 27ec4a _ValidateLocalCookies 5 API calls 24469->24471 24473 288518 __vsnwprintf_l 21 API calls 24470->24473 24476 28a0e4 __vsnwprintf_l 24470->24476 24472 28a260 24471->24472 24472->24445 24473->24476 24474 28a12d MultiByteToWideChar 24475 28a199 24474->24475 24477 28a146 24474->24477 24502 28a2c0 20 API calls _free 24475->24502 24476->24474 24476->24475 24493 28a72c 24477->24493 24481 28a1a8 24485 288518 __vsnwprintf_l 21 API calls 24481->24485 24488 28a1c9 __vsnwprintf_l 24481->24488 24482 28a170 24482->24475 24483 28a72c __vsnwprintf_l 11 API calls 24482->24483 24483->24475 24484 28a23e 24501 28a2c0 20 API calls _free 24484->24501 24485->24488 24486 28a72c __vsnwprintf_l 11 API calls 24489 28a21d 24486->24489 24488->24484 24488->24486 24489->24484 24490 28a22c WideCharToMultiByte 24489->24490 24490->24484 24491 28a26c 24490->24491 24503 28a2c0 20 API calls _free 24491->24503 24494 28a458 _abort 5 API calls 24493->24494 24495 28a753 24494->24495 24498 28a75c 24495->24498 24504 28a7b4 10 API calls 3 library calls 24495->24504 24497 28a79c LCMapStringW 24497->24498 24499 27ec4a _ValidateLocalCookies 5 API calls 24498->24499 24500 28a15d 24499->24500 24500->24475 24500->24481 24500->24482 24501->24475 24502->24469 24503->24475 24504->24497 24506 27e360 24505->24506 24507 2700d9 GetModuleHandleW 24506->24507 24508 270154 24507->24508 24509 2700f0 GetProcAddress 24507->24509 24512 270484 GetModuleFileNameW 24508->24512 24605 2870dd 42 API calls __vsnwprintf_l 24508->24605 24510 270121 GetProcAddress 24509->24510 24511 270109 24509->24511 24510->24508 24513 270133 24510->24513 24511->24510 24525 2704a3 24512->24525 24513->24508 24515 2703be 24515->24512 24516 2703c9 GetModuleFileNameW CreateFileW 24515->24516 24517 2703fc SetFilePointer 24516->24517 24518 270478 CloseHandle 24516->24518 24517->24518 24519 27040c ReadFile 24517->24519 24518->24512 24519->24518 24522 27042b 24519->24522 24522->24518 24524 270085 2 API calls 24522->24524 24523 2704d2 CompareStringW 24523->24525 24524->24522 24525->24523 24526 270508 GetFileAttributesW 24525->24526 24527 270520 24525->24527 24596 26acf5 24525->24596 24599 270085 24525->24599 24526->24525 24526->24527 24528 27052a 24527->24528 24531 270560 24527->24531 24530 270542 GetFileAttributesW 24528->24530 24532 27055a 24528->24532 24529 27066f 24553 279da4 GetCurrentDirectoryW 24529->24553 24530->24528 24530->24532 24531->24529 24533 26acf5 GetVersionExW 24531->24533 24532->24531 24534 27057a 24533->24534 24535 2705e7 24534->24535 24536 270581 24534->24536 24537 26400a _swprintf 51 API calls 24535->24537 24538 270085 2 API calls 24536->24538 24539 27060f AllocConsole 24537->24539 24540 27058b 24538->24540 24541 270667 ExitProcess 24539->24541 24542 27061c GetCurrentProcessId AttachConsole 24539->24542 24543 270085 2 API calls 24540->24543 24606 2835b3 24542->24606 24544 270595 24543->24544 24546 26ddd1 53 API calls 24544->24546 24548 2705b0 24546->24548 24547 27063d GetStdHandle WriteConsoleW Sleep FreeConsole 24547->24541 24549 26400a _swprintf 51 API calls 24548->24549 24550 2705c3 24549->24550 24551 26ddd1 53 API calls 24550->24551 24552 2705d2 24551->24552 24552->24541 24553->24266 24555 270085 2 API calls 24554->24555 24556 27a349 OleInitialize 24555->24556 24557 27a36c GdiplusStartup SHGetMalloc 24556->24557 24557->24268 24559 2713d7 IsDBCSLeadByte 24558->24559 24559->24559 24560 2713ef 24559->24560 24560->24270 24562 27ae15 24561->24562 24563 27ae0e 24561->24563 24565 27ae1b GetObjectW 24562->24565 24566 27ae2a 24562->24566 24608 279e1c FindResourceW 24563->24608 24565->24566 24567 279d1a 4 API calls 24566->24567 24568 27ae3d 24567->24568 24569 27ae80 24568->24569 24570 27ae5c 24568->24570 24572 279e1c 12 API calls 24568->24572 24580 26d31c 24569->24580 24622 279d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24570->24622 24574 27ae4d 24572->24574 24573 27ae64 24623 279d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24573->24623 24574->24570 24575 27ae53 DeleteObject 24574->24575 24575->24570 24577 27ae6d 24624 279f5d 8 API calls ___scrt_fastfail 24577->24624 24579 27ae74 DeleteObject 24579->24569 24633 26d341 24580->24633 24582 26d328 24673 26da4e GetModuleHandleW FindResourceW 24582->24673 24585 278835 24586 27e24a new 8 API calls 24585->24586 24587 278854 24586->24587 24587->24292 24589 27a3cc GdiplusShutdown OleUninitialize 24588->24589 24589->24308 24591->24277 24592->24293 24593->24272 24594->24299 24595->24307 24597 26ad45 24596->24597 24598 26ad09 GetVersionExW 24596->24598 24597->24525 24598->24597 24600 27e360 24599->24600 24601 270092 GetSystemDirectoryW 24600->24601 24602 2700aa 24601->24602 24603 2700c8 24601->24603 24604 2700bb LoadLibraryW 24602->24604 24603->24525 24604->24603 24605->24515 24607 2835bb 24606->24607 24607->24547 24607->24607 24609 279e3e SizeofResource 24608->24609 24611 279e70 24608->24611 24610 279e52 LoadResource 24609->24610 24609->24611 24610->24611 24612 279e63 LockResource 24610->24612 24611->24562 24612->24611 24613 279e77 GlobalAlloc 24612->24613 24613->24611 24614 279e92 GlobalLock 24613->24614 24615 279f21 GlobalFree 24614->24615 24616 279ea1 __vswprintf_c_l 24614->24616 24615->24611 24617 279f1a GlobalUnlock 24616->24617 24625 279d7b GdipAlloc 24616->24625 24617->24615 24620 279eef GdipCreateHBITMAPFromBitmap 24621 279f05 24620->24621 24621->24617 24622->24573 24623->24577 24624->24579 24626 279d8d 24625->24626 24627 279d9a 24625->24627 24629 279b0f 24626->24629 24627->24617 24627->24620 24627->24621 24630 279b37 GdipCreateBitmapFromStream 24629->24630 24631 279b30 GdipCreateBitmapFromStreamICM 24629->24631 24632 279b3c 24630->24632 24631->24632 24632->24627 24634 26d34b _wcschr __EH_prolog 24633->24634 24635 26d37a GetModuleFileNameW 24634->24635 24636 26d3ab 24634->24636 24637 26d394 24635->24637 24675 2699b0 24636->24675 24637->24636 24639 269653 79 API calls 24642 26d7ab 24639->24642 24640 26d407 24686 285a90 26 API calls 3 library calls 24640->24686 24642->24582 24643 273781 76 API calls 24645 26d3db 24643->24645 24644 26d41a 24687 285a90 26 API calls 3 library calls 24644->24687 24645->24640 24645->24643 24658 26d627 24645->24658 24647 26d563 24647->24658 24705 269d30 77 API calls 24647->24705 24651 26d57d ___std_exception_copy 24652 269bf0 80 API calls 24651->24652 24651->24658 24655 26d5a6 ___std_exception_copy 24652->24655 24654 26d42c 24654->24647 24654->24658 24688 269e40 24654->24688 24696 269bf0 24654->24696 24704 269d30 77 API calls 24654->24704 24657 26d5b2 ___std_exception_copy 24655->24657 24655->24658 24706 27137a MultiByteToWideChar 24655->24706 24657->24658 24659 26d72b 24657->24659 24661 26da0a 24657->24661 24664 26d9fa 24657->24664 24670 271596 WideCharToMultiByte 24657->24670 24710 26dd6b 50 API calls __vsnprintf 24657->24710 24711 2858d9 26 API calls 3 library calls 24657->24711 24658->24639 24707 26ce72 76 API calls 24659->24707 24712 26ce72 76 API calls 24661->24712 24662 26d742 24665 26d771 24662->24665 24668 273781 76 API calls 24662->24668 24664->24582 24708 285a90 26 API calls 3 library calls 24665->24708 24667 26d78b 24709 285a90 26 API calls 3 library calls 24667->24709 24668->24662 24670->24657 24674 26d32f 24673->24674 24674->24585 24676 2699ba 24675->24676 24677 269a39 CreateFileW 24676->24677 24678 269aaa 24677->24678 24679 269a59 GetLastError 24677->24679 24681 269ae1 24678->24681 24683 269ac7 SetFileTime 24678->24683 24680 26b66c 2 API calls 24679->24680 24682 269a79 24680->24682 24681->24645 24682->24678 24684 269a7d CreateFileW GetLastError 24682->24684 24683->24681 24685 269aa1 24684->24685 24685->24678 24686->24644 24687->24654 24689 269e64 SetFilePointer 24688->24689 24690 269e53 24688->24690 24691 269e9d 24689->24691 24692 269e82 GetLastError 24689->24692 24690->24691 24713 266fa5 75 API calls 24690->24713 24691->24654 24692->24691 24694 269e8c 24692->24694 24694->24691 24714 266fa5 75 API calls 24694->24714 24698 269bfc 24696->24698 24700 269c03 24696->24700 24698->24654 24699 269c9e 24699->24698 24727 266f6b 75 API calls 24699->24727 24700->24698 24700->24699 24702 269cc0 24700->24702 24715 26984e 24700->24715 24702->24698 24703 26984e 5 API calls 24702->24703 24703->24702 24704->24654 24705->24651 24706->24657 24707->24662 24708->24667 24709->24658 24710->24657 24711->24657 24712->24664 24713->24689 24714->24691 24716 269867 ReadFile 24715->24716 24717 26985c GetStdHandle 24715->24717 24718 269880 24716->24718 24724 2698a0 24716->24724 24717->24716 24719 269989 GetFileType 24718->24719 24720 269887 24719->24720 24721 2698a8 GetLastError 24720->24721 24722 2698b7 24720->24722 24723 269895 24720->24723 24721->24722 24721->24724 24722->24724 24725 2698c7 GetLastError 24722->24725 24726 26984e GetFileType 24723->24726 24724->24700 24725->24723 24725->24724 24726->24724 24727->24698 24729 287430 _abort 24728->24729 24730 28757e _abort GetModuleHandleW 24729->24730 24738 287448 24729->24738 24732 28743c 24730->24732 24732->24738 24762 2875c2 GetModuleHandleExW 24732->24762 24733 2874ee 24751 28752e 24733->24751 24737 2874c5 24741 2874dd 24737->24741 24745 2881f1 _abort 5 API calls 24737->24745 24750 28a3f1 EnterCriticalSection 24738->24750 24739 28750b 24754 28753d 24739->24754 24740 287537 24771 291a19 5 API calls _ValidateLocalCookies 24740->24771 24746 2881f1 _abort 5 API calls 24741->24746 24745->24741 24746->24733 24747 287450 24747->24733 24747->24737 24770 287f30 20 API calls _abort 24747->24770 24750->24747 24772 28a441 LeaveCriticalSection 24751->24772 24753 287507 24753->24739 24753->24740 24773 28a836 24754->24773 24757 28756b 24760 2875c2 _abort 8 API calls 24757->24760 24758 28754b GetPEB 24758->24757 24759 28755b GetCurrentProcess TerminateProcess 24758->24759 24759->24757 24761 287573 ExitProcess 24760->24761 24763 2875ec GetProcAddress 24762->24763 24764 28760f 24762->24764 24765 287601 24763->24765 24766 28761e 24764->24766 24767 287615 FreeLibrary 24764->24767 24765->24764 24768 27ec4a _ValidateLocalCookies 5 API calls 24766->24768 24767->24766 24769 287628 24768->24769 24769->24738 24770->24737 24772->24753 24774 28a85b 24773->24774 24777 28a851 24773->24777 24775 28a458 _abort 5 API calls 24774->24775 24775->24777 24776 27ec4a _ValidateLocalCookies 5 API calls 24778 287547 24776->24778 24777->24776 24778->24757 24778->24758 24843 27acd0 100 API calls 24884 2719d0 26 API calls std::bad_exception::bad_exception

                                          Executed Functions

                                          Function 0027D5D4 Relevance: 42.2, APIs: 17, Strings: 7, Instructions: 197filesleeptimeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 002700CF: GetModuleHandleW.KERNEL32(kernel32), ref: 002700E4
                                            • Part of subcall function 002700CF: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 002700F6
                                            • Part of subcall function 002700CF: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00270127
                                            • Part of subcall function 00279DA4: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00279DAC
                                            • Part of subcall function 0027A335: OleInitialize.OLE32(00000000), ref: 0027A34E
                                            • Part of subcall function 0027A335: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0027A385
                                            • Part of subcall function 0027A335: SHGetMalloc.SHELL32(002A8430), ref: 0027A38F
                                            • Part of subcall function 002713B3: GetCPInfo.KERNEL32(00000000,?), ref: 002713C4
                                            • Part of subcall function 002713B3: IsDBCSLeadByte.KERNEL32(00000000), ref: 002713D8
                                          • GetCommandLineW.KERNEL32 ref: 0027D61C
                                          • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 0027D643
                                          • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 0027D654
                                          • UnmapViewOfFile.KERNEL32(00000000), ref: 0027D68E
                                            • Part of subcall function 0027D287: SetEnvironmentVariableW.KERNEL32(sfxcmd,?), ref: 0027D29D
                                            • Part of subcall function 0027D287: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0027D2D9
                                          • CloseHandle.KERNEL32(00000000), ref: 0027D697
                                          • GetModuleFileNameW.KERNEL32(00000000,002BDC90,00000800), ref: 0027D6B2
                                          • SetEnvironmentVariableW.KERNEL32(sfxname,002BDC90), ref: 0027D6BE
                                          • GetLocalTime.KERNEL32(?), ref: 0027D6C9
                                          • _swprintf.LIBCMT ref: 0027D708
                                          • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 0027D71A
                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0027D721
                                          • LoadIconW.USER32(00000000,00000064), ref: 0027D738
                                          • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001AEE0,00000000), ref: 0027D789
                                          • Sleep.KERNEL32(?), ref: 0027D7B7
                                          • DeleteObject.GDI32 ref: 0027D7F0
                                          • DeleteObject.GDI32(?), ref: 0027D800
                                          • CloseHandle.KERNEL32 ref: 0027D843
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                          • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp$xj+
                                          • API String ID: 788466649-1389600010
                                          • Opcode ID: 75b9ee5f8ccbe200f58679c4b54c0427c1e13637a59926ed0bef7934d95fb6da
                                          • Instruction ID: c7f3067011d5c887d1475c03db4a222cba00b18ca8cd2f4333b6e3024579b000
                                          • Opcode Fuzzy Hash: 75b9ee5f8ccbe200f58679c4b54c0427c1e13637a59926ed0bef7934d95fb6da
                                          • Instruction Fuzzy Hash: 5E61C171924341AFD720AFA1FC4DF6A3BB8AF4A744F00442AF54D921A1DF789964CB62
                                          Function 00279E1C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100memorywindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 770 279e1c-279e38 FindResourceW 771 279f2f-279f32 770->771 772 279e3e-279e50 SizeofResource 770->772 773 279e52-279e61 LoadResource 772->773 774 279e70-279e72 772->774 773->774 775 279e63-279e6e LockResource 773->775 776 279f2e 774->776 775->774 777 279e77-279e8c GlobalAlloc 775->777 776->771 778 279e92-279e9b GlobalLock 777->778 779 279f28-279f2d 777->779 780 279f21-279f22 GlobalFree 778->780 781 279ea1-279ebf call 27f4b0 778->781 779->776 780->779 785 279ec1-279ee3 call 279d7b 781->785 786 279f1a-279f1b GlobalUnlock 781->786 785->786 791 279ee5-279eed 785->791 786->780 792 279eef-279f03 GdipCreateHBITMAPFromBitmap 791->792 793 279f08-279f16 791->793 792->793 794 279f05 792->794 793->786 794->793
                                          APIs
                                          • FindResourceW.KERNEL32(0027AE4D,PNG,?,?,?,0027AE4D,00000066), ref: 00279E2E
                                          • SizeofResource.KERNEL32(00000000,00000000,?,?,?,0027AE4D,00000066), ref: 00279E46
                                          • LoadResource.KERNEL32(00000000,?,?,?,0027AE4D,00000066), ref: 00279E59
                                          • LockResource.KERNEL32(00000000,?,?,?,0027AE4D,00000066), ref: 00279E64
                                          • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0027AE4D,00000066), ref: 00279E82
                                          • GlobalLock.KERNEL32(00000000,?,?,?,?,?,0027AE4D,00000066), ref: 00279E93
                                          • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00279EFC
                                          • GlobalUnlock.KERNEL32(00000000), ref: 00279F1B
                                          • GlobalFree.KERNEL32(00000000), ref: 00279F22
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: GlobalResource$Lock$AllocBitmapCreateFindFreeFromGdipLoadSizeofUnlock
                                          • String ID: PNG
                                          • API String ID: 4097654274-364855578
                                          • Opcode ID: d478d80b7f8d7392ffd6a7b10eae96bacce8395fda0b13d9ce2e25fd69f30e58
                                          • Instruction ID: e2f62deb232d5dc75711ba4d443576d1e45d75fe7615b199b910f259d599bf81
                                          • Opcode Fuzzy Hash: d478d80b7f8d7392ffd6a7b10eae96bacce8395fda0b13d9ce2e25fd69f30e58
                                          • Instruction Fuzzy Hash: 29316F75614706ABC7109F61EC4CE2BBBADFF89751B04852AF90AD2260DB32DC50DAA1
                                          Function 0026A5F4 Relevance: 7.6, APIs: 5, Instructions: 107fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 980 26a5f4-26a61f call 27e360 983 26a691-26a69a FindNextFileW 980->983 984 26a621-26a632 FindFirstFileW 980->984 987 26a6b0-26a6b2 983->987 988 26a69c-26a6aa GetLastError 983->988 985 26a6b8-26a75c call 26fe56 call 26bcfb call 270e19 * 3 984->985 986 26a638-26a64f call 26b66c 984->986 990 26a761-26a774 985->990 995 26a651-26a668 FindFirstFileW 986->995 996 26a66a-26a673 GetLastError 986->996 987->985 987->990 988->987 995->985 995->996 998 26a684 996->998 999 26a675-26a678 996->999 1002 26a686-26a68c 998->1002 999->998 1001 26a67a-26a67d 999->1001 1001->998 1004 26a67f-26a682 1001->1004 1002->990 1004->1002
                                          APIs
                                          • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0026A4EF,000000FF,?,?), ref: 0026A628
                                          • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0026A4EF,000000FF,?,?), ref: 0026A65E
                                          • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0026A4EF,000000FF,?,?), ref: 0026A66A
                                          • FindNextFileW.KERNEL32(?,?,?,?,?,?,0026A4EF,000000FF,?,?), ref: 0026A692
                                          • GetLastError.KERNEL32(?,?,?,?,0026A4EF,000000FF,?,?), ref: 0026A69E
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: FileFind$ErrorFirstLast$Next
                                          • String ID:
                                          • API String ID: 869497890-0
                                          • Opcode ID: c19f264e5682e9b8f5a04be2023b13c036bde7d246bce27c73594e4680b2965f
                                          • Instruction ID: 3ed83f923a4a7eeac44bf1312d98122f232b05f31956ae30af3015e853df62a2
                                          • Opcode Fuzzy Hash: c19f264e5682e9b8f5a04be2023b13c036bde7d246bce27c73594e4680b2965f
                                          • Instruction Fuzzy Hash: 79417671514242AFC724EF78C8C4ADAF7ECBF48344F044A2AF599D3250D774A9A48F62
                                          Function 0028753D Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetCurrentProcess.KERNEL32(00000000,?,00287513,00000000,0029BAD8,0000000C,0028766A,00000000,00000002,00000000), ref: 0028755E
                                          • TerminateProcess.KERNEL32(00000000,?,00287513,00000000,0029BAD8,0000000C,0028766A,00000000,00000002,00000000), ref: 00287565
                                          • ExitProcess.KERNEL32 ref: 00287577
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Process$CurrentExitTerminate
                                          • String ID:
                                          • API String ID: 1703294689-0
                                          • Opcode ID: 368156b1852edfe2b1950c28decdc0277e37b94f42bf2d1c6470c70a72d5af36
                                          • Instruction ID: 42480e1e0dbb087580e3a7fc242d4e756d1fe32a90f5627e182e0995fd3d0788
                                          • Opcode Fuzzy Hash: 368156b1852edfe2b1950c28decdc0277e37b94f42bf2d1c6470c70a72d5af36
                                          • Instruction Fuzzy Hash: EFE04639011508ABCF11FF24ED0CA493B29EB40341F608015FC098A272CB39DE62CB50
                                          Function 0026857B Relevance: 3.9, APIs: 2, Instructions: 947COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: H_prolog_memcmp
                                          • String ID:
                                          • API String ID: 3004599000-0
                                          • Opcode ID: 51102b31bd7e0d20a95e68db15098d640c59e7f4995964ff3c5427178e23975e
                                          • Instruction ID: 538e6eed53b461d77c5407d6f940ecc5e8598b473774b20cae813f7f8fdf6e02
                                          • Opcode Fuzzy Hash: 51102b31bd7e0d20a95e68db15098d640c59e7f4995964ff3c5427178e23975e
                                          • Instruction Fuzzy Hash: FA824D70924246AEDF25DF74C485BFAB7B9AF05300F0842BAED599B142DF315AE4CB60
                                          Function 0027AEE0 Relevance: 98.7, APIs: 47, Strings: 9, Instructions: 724COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 0027AEE5
                                            • Part of subcall function 0026130B: GetDlgItem.USER32(00000000,00003021), ref: 0026134F
                                            • Part of subcall function 0026130B: SetWindowTextW.USER32(00000000,002935B4), ref: 00261365
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: H_prologItemTextWindow
                                          • String ID: "%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                          • API String ID: 810644672-3472986185
                                          • Opcode ID: 73fb831cffd3e33f3b9d164d18bf6a5f1f477d7fde89398af99f301e3b9eaed0
                                          • Instruction ID: e51921e515cb0c04570d4410f7063849f9cdfa29685e0d351046fec0210382e3
                                          • Opcode Fuzzy Hash: 73fb831cffd3e33f3b9d164d18bf6a5f1f477d7fde89398af99f301e3b9eaed0
                                          • Instruction Fuzzy Hash: 7042E871964255AFEB22AF60AC4EFBE7B7CEB06704F008055F609A60D1CF755D64CB22
                                          Function 002700CF Relevance: 98.3, APIs: 22, Strings: 34, Instructions: 317libraryfileloaderCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 257 2700cf-2700ee call 27e360 GetModuleHandleW 260 270154-2703b2 257->260 261 2700f0-270107 GetProcAddress 257->261 264 270484-2704b3 GetModuleFileNameW call 26bc85 call 26fe56 260->264 265 2703b8-2703c3 call 2870dd 260->265 262 270121-270131 GetProcAddress 261->262 263 270109-27011f 261->263 262->260 266 270133-270152 262->266 263->262 280 2704b5-2704bf call 26acf5 264->280 265->264 274 2703c9-2703fa GetModuleFileNameW CreateFileW 265->274 266->260 275 2703fc-27040a SetFilePointer 274->275 276 270478-27047f CloseHandle 274->276 275->276 278 27040c-270429 ReadFile 275->278 276->264 278->276 282 27042b-270450 278->282 285 2704c1-2704c5 call 270085 280->285 286 2704cc 280->286 284 27046d-270476 call 26fbd8 282->284 284->276 294 270452-27046c call 270085 284->294 291 2704ca 285->291 289 2704ce-2704d0 286->289 292 2704f2-270518 call 26bcfb GetFileAttributesW 289->292 293 2704d2-2704f0 CompareStringW 289->293 291->289 296 27051a-27051e 292->296 301 270522 292->301 293->292 293->296 294->284 296->280 300 270520 296->300 302 270526-270528 300->302 301->302 303 270560-270562 302->303 304 27052a 302->304 306 27066f-270679 303->306 307 270568-27057f call 26bccf call 26acf5 303->307 305 27052c-270552 call 26bcfb GetFileAttributesW 304->305 312 270554-270558 305->312 313 27055c 305->313 317 2705e7-27061a call 26400a AllocConsole 307->317 318 270581-2705e2 call 270085 * 2 call 26ddd1 call 26400a call 26ddd1 call 279f35 307->318 312->305 315 27055a 312->315 313->303 315->303 323 270667-270669 ExitProcess 317->323 324 27061c-270661 GetCurrentProcessId AttachConsole call 2835b3 GetStdHandle WriteConsoleW Sleep FreeConsole 317->324 318->323 324->323
                                          APIs
                                          • GetModuleHandleW.KERNEL32(kernel32), ref: 002700E4
                                          • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 002700F6
                                          • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00270127
                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 002703D4
                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 002703F0
                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00270402
                                          • ReadFile.KERNEL32(00000000,?,00007FFE,00293BA4,00000000), ref: 00270421
                                          • CloseHandle.KERNEL32(00000000), ref: 00270479
                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0027048F
                                          • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 002704E7
                                          • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00000000,?,00000800), ref: 00270510
                                          • GetFileAttributesW.KERNEL32(?,?,?,00000800), ref: 0027054A
                                            • Part of subcall function 00270085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 002700A0
                                            • Part of subcall function 00270085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0026EB86,Crypt32.dll,00000000,0026EC0A,?,?,0026EBEC,?,?,?), ref: 002700C2
                                          • _swprintf.LIBCMT ref: 002705BE
                                          • _swprintf.LIBCMT ref: 0027060A
                                            • Part of subcall function 0026400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0026401D
                                          • AllocConsole.KERNEL32 ref: 00270612
                                          • GetCurrentProcessId.KERNEL32 ref: 0027061C
                                          • AttachConsole.KERNEL32(00000000), ref: 00270623
                                          • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00270649
                                          • WriteConsoleW.KERNEL32(00000000), ref: 00270650
                                          • Sleep.KERNEL32(00002710), ref: 0027065B
                                          • FreeConsole.KERNEL32 ref: 00270661
                                          • ExitProcess.KERNEL32 ref: 00270669
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
                                          • String ID: <)$ ?)$(>)$(@)$0A)$4=)$8<)$<?)$@>)$@@)$D=)$DA)$DXGIDebug.dll$P<)$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$T;)$T?)$X>)$X@)$\A)$`=)$dwmapi.dll$kernel32$l<)$p>)$p?)$p@)$uxtheme.dll$x=)$|<)$>)$?)
                                          • API String ID: 1201351596-1010478386
                                          • Opcode ID: 1c6617e9e66cfcfe90b0db007932facdc7979323952645440550bf33c07f3a06
                                          • Instruction ID: 0a11c658bfffcc08dfd87b510ad986686352fc8f5333c3dec2f546dd9a798b2d
                                          • Opcode Fuzzy Hash: 1c6617e9e66cfcfe90b0db007932facdc7979323952645440550bf33c07f3a06
                                          • Instruction Fuzzy Hash: C7D162B1128385EBDB30EF50D84DB9FBBE8BF85704F50491DF68996150D7B08A688F62
                                          Function 0027BDF5 Relevance: 31.9, APIs: 14, Strings: 4, Instructions: 429windowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 406 27bdf5-27be0d call 27e28c call 27e360 411 27be13-27be3d call 27aa36 406->411 412 27ca90-27ca9d 406->412 411->412 415 27be43-27be48 411->415 416 27be49-27be57 415->416 417 27be58-27be6d call 27a6c7 416->417 420 27be6f 417->420 421 27be71-27be86 call 2717ac 420->421 424 27be93-27be96 421->424 425 27be88-27be8c 421->425 427 27ca5c-27ca87 call 27aa36 424->427 428 27be9c 424->428 425->421 426 27be8e 425->426 426->427 427->416 440 27ca8d-27ca8f 427->440 429 27c115-27c117 428->429 430 27c074-27c076 428->430 431 27bea3-27bea6 428->431 432 27c132-27c134 428->432 429->427 435 27c11d-27c12d SetWindowTextW 429->435 430->427 437 27c07c-27c088 430->437 431->427 438 27beac-27bf06 call 279da4 call 26b965 call 26a49d call 26a5d7 call 2670bf 431->438 432->427 436 27c13a-27c141 432->436 435->427 436->427 441 27c147-27c160 436->441 442 27c09c-27c0a1 437->442 443 27c08a-27c09b call 287168 437->443 495 27c045-27c05a call 26a52a 438->495 440->412 448 27c162 441->448 449 27c168-27c176 call 2835b3 441->449 446 27c0a3-27c0a9 442->446 447 27c0ab-27c0b6 call 27ab9a 442->447 443->442 453 27c0bb-27c0bd 446->453 447->453 448->449 449->427 460 27c17c-27c185 449->460 458 27c0bf-27c0c6 call 2835b3 453->458 459 27c0c8-27c0e8 call 2835b3 call 2835de 453->459 458->459 480 27c101-27c103 459->480 481 27c0ea-27c0f1 459->481 464 27c187-27c18b 460->464 465 27c1ae-27c1b1 460->465 464->465 469 27c18d-27c195 464->469 471 27c1b7-27c1ba 465->471 472 27c296-27c2a4 call 26fe56 465->472 469->427 475 27c19b-27c1a9 call 26fe56 469->475 477 27c1c7-27c1e2 471->477 478 27c1bc-27c1c1 471->478 488 27c2a6-27c2ba call 2817cb 472->488 475->488 496 27c1e4-27c21e 477->496 497 27c22c-27c233 477->497 478->472 478->477 480->427 487 27c109-27c110 call 2835ce 480->487 485 27c0f3-27c0f5 481->485 486 27c0f8-27c100 call 287168 481->486 485->486 486->480 487->427 506 27c2c7-27c318 call 26fe56 call 27a8d0 GetDlgItem SetWindowTextW SendMessageW call 2835e9 488->506 507 27c2bc-27c2c0 488->507 512 27c060-27c06f call 26a4b3 495->512 513 27bf0b-27bf1f SetFileAttributesW 495->513 523 27c222-27c224 496->523 524 27c220 496->524 499 27c235-27c24d call 2835b3 497->499 500 27c261-27c284 call 2835b3 * 2 497->500 499->500 517 27c24f-27c25c call 26fe2e 499->517 500->488 532 27c286-27c294 call 26fe2e 500->532 539 27c31d-27c321 506->539 507->506 511 27c2c2-27c2c4 507->511 511->506 512->427 519 27bfc5-27bfd5 GetFileAttributesW 513->519 520 27bf25-27bf58 call 26b4f7 call 26b207 call 2835b3 513->520 517->500 519->495 529 27bfd7-27bfe6 DeleteFileW 519->529 549 27bf6b-27bf79 call 26b925 520->549 550 27bf5a-27bf69 call 2835b3 520->550 523->497 524->523 529->495 531 27bfe8-27bfeb 529->531 536 27bfef-27c01b call 26400a GetFileAttributesW 531->536 532->488 547 27bfed-27bfee 536->547 548 27c01d-27c033 MoveFileW 536->548 539->427 544 27c327-27c33b SendMessageW 539->544 544->427 547->536 548->495 551 27c035-27c03f MoveFileExW 548->551 549->512 556 27bf7f-27bfbe call 2835b3 call 27f350 549->556 550->549 550->556 551->495 556->519
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 0027BDFA
                                            • Part of subcall function 0027AA36: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 0027AAFE
                                          • SetWindowTextW.USER32(?,?), ref: 0027C127
                                          • _wcsrchr.LIBVCRUNTIME ref: 0027C2B1
                                          • GetDlgItem.USER32(?,00000066), ref: 0027C2EC
                                          • SetWindowTextW.USER32(00000000,?), ref: 0027C2FC
                                          • SendMessageW.USER32(00000000,00000143,00000000,002AA472), ref: 0027C30A
                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0027C335
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                          • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                          • API String ID: 3564274579-312220925
                                          • Opcode ID: 00b0ba3ff73bffd68266a5d08edecf2eb2dfb9c710e5fd2a6c489ee876a2d2a0
                                          • Instruction ID: c3ecf72ef8ed15edeca8fa1d43517e2915502c43c331904ec1f4d379e2c9eab1
                                          • Opcode Fuzzy Hash: 00b0ba3ff73bffd68266a5d08edecf2eb2dfb9c710e5fd2a6c489ee876a2d2a0
                                          • Instruction Fuzzy Hash: EBE16276D10119AADF25EFA0EC49EEF777CAF08711F50806AF909E3051EB749A948F60
                                          Function 0026D341 Relevance: 25.1, APIs: 4, Strings: 10, Instructions: 555COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 561 26d341-26d378 call 27e28c call 27e360 call 2815e8 568 26d37a-26d3a9 GetModuleFileNameW call 26bc85 call 26fe2e 561->568 569 26d3ab-26d3b4 call 26fe56 561->569 572 26d3b9-26d3dd call 269619 call 2699b0 568->572 569->572 580 26d3e3-26d3eb 572->580 581 26d7a0-26d7a6 call 269653 572->581 583 26d3ed-26d405 call 273781 * 2 580->583 584 26d409-26d438 call 285a90 * 2 580->584 586 26d7ab-26d7bb 581->586 595 26d407 583->595 594 26d43b-26d43e 584->594 596 26d444-26d44a call 269e40 594->596 597 26d56c-26d58f call 269d30 call 2835d3 594->597 595->584 601 26d44f-26d476 call 269bf0 596->601 597->581 606 26d595-26d5b0 call 269bf0 597->606 607 26d535-26d538 601->607 608 26d47c-26d484 601->608 622 26d5b2-26d5b7 606->622 623 26d5b9-26d5cc call 2835d3 606->623 609 26d53b-26d55d call 269d30 607->609 611 26d486-26d48e 608->611 612 26d4af-26d4ba 608->612 609->594 625 26d563-26d566 609->625 611->612 617 26d490-26d4aa call 285ec0 611->617 614 26d4e5-26d4ed 612->614 615 26d4bc-26d4c8 612->615 620 26d4ef-26d4f7 614->620 621 26d519-26d51d 614->621 615->614 619 26d4ca-26d4cf 615->619 633 26d4ac 617->633 634 26d52b-26d533 617->634 619->614 626 26d4d1-26d4e3 call 285808 619->626 620->621 627 26d4f9-26d513 call 285ec0 620->627 621->607 628 26d51f-26d522 621->628 629 26d5f1-26d5f8 622->629 623->581 639 26d5d2-26d5ee call 27137a call 2835ce 623->639 625->581 625->597 626->614 644 26d527 626->644 627->581 627->621 628->608 636 26d5fc-26d625 call 26fdfb call 2835d3 629->636 637 26d5fa 629->637 633->612 634->609 651 26d627-26d62e call 2835ce 636->651 652 26d633-26d649 636->652 637->636 639->629 644->634 651->581 653 26d731-26d757 call 26ce72 call 2835ce * 2 652->653 654 26d64f-26d65d 652->654 694 26d771-26d79d call 285a90 * 2 653->694 695 26d759-26d76f call 273781 * 2 653->695 656 26d664-26d669 654->656 659 26d66f-26d678 656->659 660 26d97c-26d984 656->660 662 26d684-26d68b 659->662 663 26d67a-26d67e 659->663 664 26d98a-26d98e 660->664 665 26d72b-26d72e 660->665 667 26d880-26d891 call 26fcbf 662->667 668 26d691-26d6b6 662->668 663->660 663->662 669 26d990-26d996 664->669 670 26d9de-26d9e4 664->670 665->653 686 26d976-26d979 667->686 687 26d897-26d8c0 call 26fe56 call 285885 667->687 674 26d6b9-26d6de call 2835b3 call 285808 668->674 675 26d722-26d725 669->675 676 26d99c-26d9a3 669->676 672 26d9e6-26d9ec 670->672 673 26da0a-26da2a call 26ce72 670->673 672->673 679 26d9ee-26d9f4 672->679 698 26da02-26da05 673->698 712 26d6f6 674->712 713 26d6e0-26d6ea 674->713 675->656 675->665 682 26d9a5-26d9a8 676->682 683 26d9ca 676->683 679->675 689 26d9fa-26da01 679->689 692 26d9c6-26d9c8 682->692 693 26d9aa-26d9ad 682->693 688 26d9cc-26d9d9 683->688 686->660 687->686 721 26d8c6-26d93c call 271596 call 26fdfb call 26fdd4 call 26fdfb call 2858d9 687->721 688->675 689->698 692->688 700 26d9c2-26d9c4 693->700 701 26d9af-26d9b2 693->701 694->581 695->694 700->688 706 26d9b4-26d9b8 701->706 707 26d9be-26d9c0 701->707 706->679 714 26d9ba-26d9bc 706->714 707->688 719 26d6f9-26d6fd 712->719 713->712 718 26d6ec-26d6f4 713->718 714->688 718->719 719->674 720 26d6ff-26d706 719->720 722 26d7be-26d7c1 720->722 723 26d70c-26d71a call 26fdfb 720->723 753 26d93e-26d947 721->753 754 26d94a-26d95f 721->754 722->667 727 26d7c7-26d7ce 722->727 728 26d71f 723->728 730 26d7d6-26d7d7 727->730 731 26d7d0-26d7d4 727->731 728->675 730->727 731->730 733 26d7d9-26d7e7 731->733 735 26d808-26d830 call 271596 733->735 736 26d7e9-26d7ec 733->736 743 26d832-26d84e call 2835e9 735->743 744 26d853-26d85b 735->744 737 26d805 736->737 738 26d7ee-26d803 736->738 737->735 738->736 738->737 743->728 747 26d862-26d87b call 26dd6b 744->747 748 26d85d 744->748 747->728 748->747 753->754 756 26d960-26d967 754->756 757 26d973-26d974 756->757 758 26d969-26d96d 756->758 757->756 758->728 758->757
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 0026D346
                                          • _wcschr.LIBVCRUNTIME ref: 0026D367
                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,0026D328,?), ref: 0026D382
                                          • __fprintf_l.LIBCMT ref: 0026D873
                                            • Part of subcall function 0027137A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0026B652,00000000,?,?,?,00010452), ref: 00271396
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                                          • String ID: $ ,$$%s:$$9)$*messages***$*messages***$@%s:$R$RTL$a
                                          • API String ID: 4184910265-4272455115
                                          • Opcode ID: 287983bdb981c8aa2e19e2cb9f28e17f53685f3de5783d8e423455a5e1dda67c
                                          • Instruction ID: 43b815cb10acf80674d6b9b766c44892759f391773ccd6f447dc64a25876bdd0
                                          • Opcode Fuzzy Hash: 287983bdb981c8aa2e19e2cb9f28e17f53685f3de5783d8e423455a5e1dda67c
                                          • Instruction Fuzzy Hash: 5212B371E2021E9ADF25EFA4DC81BEEB7B9FF04704F504569E505A7181DB709AA0CF50
                                          Function 0027CB5A Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 0027AC74: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0027AC85
                                            • Part of subcall function 0027AC74: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0027AC96
                                            • Part of subcall function 0027AC74: IsDialogMessageW.USER32(00010452,?), ref: 0027ACAA
                                            • Part of subcall function 0027AC74: TranslateMessage.USER32(?), ref: 0027ACB8
                                            • Part of subcall function 0027AC74: DispatchMessageW.USER32(?), ref: 0027ACC2
                                          • GetDlgItem.USER32(00000068,002BECB0), ref: 0027CB6E
                                          • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,?,?,0027A632,00000001,?,?,0027AECB,00294F88,002BECB0), ref: 0027CB96
                                          • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0027CBA1
                                          • SendMessageW.USER32(00000000,000000C2,00000000,002935B4), ref: 0027CBAF
                                          • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0027CBC5
                                          • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0027CBDF
                                          • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0027CC23
                                          • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0027CC31
                                          • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0027CC40
                                          • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0027CC67
                                          • SendMessageW.USER32(00000000,000000C2,00000000,0029431C), ref: 0027CC76
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                          • String ID: \
                                          • API String ID: 3569833718-2967466578
                                          • Opcode ID: b5a7d9500f7a97c4403302a44c50898c1ef1c2c1154dcd1ec7004e136d1a1603
                                          • Instruction ID: 6b018ce96ac27ffac8c5be59ff8871e03cf9e25fb4305ecf0dd476f949bd29d2
                                          • Opcode Fuzzy Hash: b5a7d9500f7a97c4403302a44c50898c1ef1c2c1154dcd1ec7004e136d1a1603
                                          • Instruction Fuzzy Hash: 2A31BC71185342EBE301DF20AC4EFAB7EACEB96744F00051AF65196291DB664918CBB6
                                          Function 0027CE22 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 179COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 796 27ce22-27ce3a call 27e360 799 27ce40-27ce4c call 2835b3 796->799 800 27d08b-27d093 796->800 799->800 803 27ce52-27ce7a call 27f350 799->803 806 27ce84-27ce91 803->806 807 27ce7c 803->807 808 27ce95-27ce9e 806->808 809 27ce93 806->809 807->806 810 27ced6 808->810 811 27cea0-27cea2 808->811 809->808 813 27ceda-27cedd 810->813 812 27ceaa-27cead 811->812 814 27ceb3-27cebb 812->814 815 27d03c-27d041 812->815 816 27cee4-27cee6 813->816 817 27cedf-27cee2 813->817 818 27d055-27d05d 814->818 819 27cec1-27cec7 814->819 820 27d036-27d03a 815->820 821 27d043 815->821 822 27cef9-27cf0e call 26b493 816->822 823 27cee8-27ceef 816->823 817->816 817->822 826 27d065-27d06d 818->826 827 27d05f-27d061 818->827 819->818 824 27cecd-27ced4 819->824 820->815 825 27d048-27d04c 820->825 821->825 831 27cf27-27cf32 call 26a180 822->831 832 27cf10-27cf1d call 2717ac 822->832 823->822 828 27cef1 823->828 824->810 824->812 825->818 826->813 827->826 828->822 838 27cf34-27cf4b call 26b239 831->838 839 27cf4f-27cf5c ShellExecuteExW 831->839 832->831 837 27cf1f 832->837 837->831 838->839 841 27cf62-27cf6f 839->841 842 27d08a 839->842 844 27cf82-27cf84 841->844 845 27cf71-27cf78 841->845 842->800 847 27cf86-27cf8f 844->847 848 27cf9b-27cfba call 27d2e6 844->848 845->844 846 27cf7a-27cf80 845->846 846->844 849 27cff1-27cffd CloseHandle 846->849 847->848 858 27cf91-27cf99 ShowWindow 847->858 848->849 864 27cfbc-27cfc4 848->864 851 27cfff-27d00c call 2717ac 849->851 852 27d00e-27d01c 849->852 851->852 865 27d072 851->865 856 27d01e-27d020 852->856 857 27d079-27d07b 852->857 856->857 859 27d022-27d028 856->859 857->842 862 27d07d-27d07f 857->862 858->848 859->857 863 27d02a-27d034 859->863 862->842 866 27d081-27d084 ShowWindow 862->866 863->857 864->849 867 27cfc6-27cfd7 GetExitCodeProcess 864->867 865->857 866->842 867->849 868 27cfd9-27cfe3 867->868 869 27cfe5 868->869 870 27cfea 868->870 869->870 870->849
                                          APIs
                                          • ShellExecuteExW.SHELL32(?), ref: 0027CF54
                                          • ShowWindow.USER32(?,00000000), ref: 0027CF93
                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 0027CFCF
                                          • CloseHandle.KERNEL32(?), ref: 0027CFF5
                                          • ShowWindow.USER32(?,00000001), ref: 0027D084
                                            • Part of subcall function 002717AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,0026BB05,00000000,.exe,?,?,00000800,?,?,002785DF,?), ref: 002717C2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ShowWindow$CloseCodeCompareExecuteExitHandleProcessShellString
                                          • String ID: $.exe$.inf
                                          • API String ID: 3686203788-2452507128
                                          • Opcode ID: 122d2bef03f1ce22cb0503800c304545267d8f271fc41d50295d7a0e78e7010c
                                          • Instruction ID: 09426f3409d2e214130f89df108d7f99130fd08ea5380b48a6ee81d39a6da89c
                                          • Opcode Fuzzy Hash: 122d2bef03f1ce22cb0503800c304545267d8f271fc41d50295d7a0e78e7010c
                                          • Instruction Fuzzy Hash: E861E4704283829BDB319F34D804AABBBF5AF95304F14C81EF5CD97251DBB189A9CB52
                                          Function 0028A058 Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 871 28a058-28a071 872 28a073-28a083 call 28e6ed 871->872 873 28a087-28a08c 871->873 872->873 881 28a085 872->881 875 28a099-28a0bd MultiByteToWideChar 873->875 876 28a08e-28a096 873->876 878 28a250-28a263 call 27ec4a 875->878 879 28a0c3-28a0cf 875->879 876->875 882 28a0d1-28a0e2 879->882 883 28a123 879->883 881->873 884 28a101-28a112 call 288518 882->884 885 28a0e4-28a0f3 call 291a30 882->885 887 28a125-28a127 883->887 891 28a245 884->891 897 28a118 884->897 885->891 896 28a0f9-28a0ff 885->896 890 28a12d-28a140 MultiByteToWideChar 887->890 887->891 890->891 894 28a146-28a158 call 28a72c 890->894 895 28a247-28a24e call 28a2c0 891->895 901 28a15d-28a161 894->901 895->878 900 28a11e-28a121 896->900 897->900 900->887 901->891 903 28a167-28a16e 901->903 904 28a1a8-28a1b4 903->904 905 28a170-28a175 903->905 907 28a200 904->907 908 28a1b6-28a1c7 904->908 905->895 906 28a17b-28a17d 905->906 906->891 909 28a183-28a19d call 28a72c 906->909 910 28a202-28a204 907->910 911 28a1c9-28a1d8 call 291a30 908->911 912 28a1e2-28a1f3 call 288518 908->912 909->895 923 28a1a3 909->923 914 28a23e-28a244 call 28a2c0 910->914 915 28a206-28a21f call 28a72c 910->915 911->914 926 28a1da-28a1e0 911->926 912->914 927 28a1f5 912->927 914->891 915->914 929 28a221-28a228 915->929 923->891 928 28a1fb-28a1fe 926->928 927->928 928->910 930 28a22a-28a22b 929->930 931 28a264-28a26a 929->931 932 28a22c-28a23c WideCharToMultiByte 930->932 931->932 932->914 933 28a26c-28a273 call 28a2c0 932->933 933->895
                                          APIs
                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00284E35,00284E35,?,?,?,0028A2A9,00000001,00000001,3FE85006), ref: 0028A0B2
                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0028A2A9,00000001,00000001,3FE85006,?,?,?), ref: 0028A138
                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,3FE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0028A232
                                          • __freea.LIBCMT ref: 0028A23F
                                            • Part of subcall function 00288518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0028C13D,00000000,?,002867E2,?,00000008,?,002889AD,?,?,?), ref: 0028854A
                                          • __freea.LIBCMT ref: 0028A248
                                          • __freea.LIBCMT ref: 0028A26D
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                          • String ID:
                                          • API String ID: 1414292761-0
                                          • Opcode ID: 3b099aeeccf0c701920b555e33a824ce4f112dced0149854552d97d06f2cacd2
                                          • Instruction ID: e308e1390545780b25b62557626b7f0ac15e1cc0abf174e85e25979f671b8679
                                          • Opcode Fuzzy Hash: 3b099aeeccf0c701920b555e33a824ce4f112dced0149854552d97d06f2cacd2
                                          • Instruction Fuzzy Hash: A251D276622206AEFB35AE64CC45FBF77A9EB40750F15422AFC04D6184EF35DC608B61
                                          Function 0027A2C7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 936 27a2c7-27a2e6 GetClassNameW 937 27a30e-27a310 936->937 938 27a2e8-27a2fd call 2717ac 936->938 939 27a312-27a314 937->939 940 27a31b-27a31f 937->940 943 27a2ff-27a30b FindWindowExW 938->943 944 27a30d 938->944 939->940 943->944 944->937
                                          APIs
                                          • GetClassNameW.USER32(?,?,00000050), ref: 0027A2DE
                                          • SHAutoComplete.SHLWAPI(?,00000010), ref: 0027A315
                                            • Part of subcall function 002717AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,0026BB05,00000000,.exe,?,?,00000800,?,?,002785DF,?), ref: 002717C2
                                          • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 0027A305
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AutoClassCompareCompleteFindNameStringWindow
                                          • String ID: @Ut$EDIT
                                          • API String ID: 4243998846-2065656831
                                          • Opcode ID: c58065c686a2b5f9e6807dda5de3023e2bf657179170671e88dfac7ee69e52f8
                                          • Instruction ID: f2e755304d931495b8fd31fcf62c64e2b668b71bf0ee669b43c078a479bef2b7
                                          • Opcode Fuzzy Hash: c58065c686a2b5f9e6807dda5de3023e2bf657179170671e88dfac7ee69e52f8
                                          • Instruction Fuzzy Hash: EAF08232A21228B7E7206E64AC09F9F776C9F96B10F044196BD49A2180DB709965C6F6
                                          Function 0027A335 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35comCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 00270085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 002700A0
                                            • Part of subcall function 00270085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0026EB86,Crypt32.dll,00000000,0026EC0A,?,?,0026EBEC,?,?,?), ref: 002700C2
                                          • OleInitialize.OLE32(00000000), ref: 0027A34E
                                          • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0027A385
                                          • SHGetMalloc.SHELL32(002A8430), ref: 0027A38F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                          • String ID: riched20.dll$3So
                                          • API String ID: 3498096277-3464455743
                                          • Opcode ID: 0b4458c76b44a6e490723d2dc8dbe588208afabc98611236df4072237baf2425
                                          • Instruction ID: afc61d0c53f824825c0688479a31e4adb3c7aff65b9eabb15f6110a310ebd92d
                                          • Opcode Fuzzy Hash: 0b4458c76b44a6e490723d2dc8dbe588208afabc98611236df4072237baf2425
                                          • Instruction Fuzzy Hash: F1F0F9B1D10209ABCB10AF99E8499EFFBFCEF95711F00415AE818E2241DBB456198FA1
                                          Function 002699B0 Relevance: 7.6, APIs: 5, Instructions: 117filetimeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 949 2699b0-2699d1 call 27e360 952 2699d3-2699d6 949->952 953 2699dc 949->953 952->953 954 2699d8-2699da 952->954 955 2699de-2699fb 953->955 954->955 956 269a03-269a0d 955->956 957 2699fd 955->957 958 269a12-269a31 call 2670bf 956->958 959 269a0f 956->959 957->956 962 269a33 958->962 963 269a39-269a57 CreateFileW 958->963 959->958 962->963 964 269abb-269ac0 963->964 965 269a59-269a7b GetLastError call 26b66c 963->965 967 269ac2-269ac5 964->967 968 269ae1-269af5 964->968 973 269a7d-269a9f CreateFileW GetLastError 965->973 974 269aaa-269aaf 965->974 967->968 970 269ac7-269adb SetFileTime 967->970 971 269af7-269b0f call 26fe56 968->971 972 269b13-269b1e 968->972 970->968 971->972 976 269aa5-269aa8 973->976 977 269aa1 973->977 974->964 978 269ab1 974->978 976->964 976->974 977->976 978->964
                                          APIs
                                          • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000,?,00000000,?,?,002678AD,?,00000005,?,00000011), ref: 00269A4C
                                          • GetLastError.KERNEL32(?,?,002678AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00269A59
                                          • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,?,00000800,?,?,002678AD,?,00000005,?), ref: 00269A8E
                                          • GetLastError.KERNEL32(?,?,002678AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00269A96
                                          • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,002678AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00269ADB
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: File$CreateErrorLast$Time
                                          • String ID:
                                          • API String ID: 1999340476-0
                                          • Opcode ID: 03c63bbc48528505b5ca24030de3dcbfb8568ef50ca974534b946ff1ec1077bd
                                          • Instruction ID: 4d7ca6f0f203358ca4f1b65feb679c5613d839de1aeb3c9dc595271c168a9b54
                                          • Opcode Fuzzy Hash: 03c63bbc48528505b5ca24030de3dcbfb8568ef50ca974534b946ff1ec1077bd
                                          • Instruction Fuzzy Hash: 674144305547466FE720CF60DC49BEABBD8BB05324F10071AF5E4961D0EBB5A9E8CB91
                                          Function 0027AC74 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1008 27ac74-27ac8d PeekMessageW 1009 27ac8f-27aca3 GetMessageW 1008->1009 1010 27acc8-27accc 1008->1010 1011 27aca5-27acb2 IsDialogMessageW 1009->1011 1012 27acb4-27acc2 TranslateMessage DispatchMessageW 1009->1012 1011->1010 1011->1012 1012->1010
                                          APIs
                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0027AC85
                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0027AC96
                                          • IsDialogMessageW.USER32(00010452,?), ref: 0027ACAA
                                          • TranslateMessage.USER32(?), ref: 0027ACB8
                                          • DispatchMessageW.USER32(?), ref: 0027ACC2
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Message$DialogDispatchPeekTranslate
                                          • String ID:
                                          • API String ID: 1266772231-0
                                          • Opcode ID: fbcc444b086542c35d97987402c27d7e131d77e9e03f47e5de7e8cf98159f1e0
                                          • Instruction ID: ac92198bc784fd609d6f1ad4559380884d226a0b04ff8225157ecdd113850f5e
                                          • Opcode Fuzzy Hash: fbcc444b086542c35d97987402c27d7e131d77e9e03f47e5de7e8cf98159f1e0
                                          • Instruction Fuzzy Hash: CAF0BD7191222AEB8B209FE5AC4CDEF7F6CEE15261740841AF519D2110EE35D519C7B1
                                          Function 0026984E Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1013 26984e-26985a 1014 269867-26987e ReadFile 1013->1014 1015 26985c-269864 GetStdHandle 1013->1015 1016 269880-269889 call 269989 1014->1016 1017 2698da 1014->1017 1015->1014 1021 2698a2-2698a6 1016->1021 1022 26988b-269893 1016->1022 1019 2698dd-2698e2 1017->1019 1024 2698b7-2698bb 1021->1024 1025 2698a8-2698b1 GetLastError 1021->1025 1022->1021 1023 269895 1022->1023 1028 269896-2698a0 call 26984e 1023->1028 1026 2698d5-2698d8 1024->1026 1027 2698bd-2698c5 1024->1027 1025->1024 1029 2698b3-2698b5 1025->1029 1026->1019 1027->1026 1030 2698c7-2698d0 GetLastError 1027->1030 1028->1019 1029->1019 1030->1026 1032 2698d2-2698d3 1030->1032 1032->1028
                                          APIs
                                          • GetStdHandle.KERNEL32(000000F6), ref: 0026985E
                                          • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 00269876
                                          • GetLastError.KERNEL32 ref: 002698A8
                                          • GetLastError.KERNEL32 ref: 002698C7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ErrorLast$FileHandleRead
                                          • String ID:
                                          • API String ID: 2244327787-0
                                          • Opcode ID: 124687e685dbbb5254114c048688b0cafeca7309f7d7a378e6e34657c7ba1f6d
                                          • Instruction ID: 00956832cf9fe025e6e50a01579d90aca1355e6b570f44a3c12c4c068c616023
                                          • Opcode Fuzzy Hash: 124687e685dbbb5254114c048688b0cafeca7309f7d7a378e6e34657c7ba1f6d
                                          • Instruction Fuzzy Hash: 6411AC30920205EBDB209F59D808A7937ACEF02730F10852AF82A87580DF759EE49F51
                                          Function 0028A4F4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1034 28a4f4-28a508 1035 28a50a-28a513 1034->1035 1036 28a515-28a530 LoadLibraryExW 1034->1036 1037 28a56c-28a56e 1035->1037 1038 28a559-28a55f 1036->1038 1039 28a532-28a53b GetLastError 1036->1039 1042 28a568 1038->1042 1043 28a561-28a562 FreeLibrary 1038->1043 1040 28a54a 1039->1040 1041 28a53d-28a548 LoadLibraryExW 1039->1041 1044 28a54c-28a54e 1040->1044 1041->1044 1045 28a56a-28a56b 1042->1045 1043->1042 1044->1038 1046 28a550-28a557 1044->1046 1045->1037 1046->1045
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,0026CFE0,00000000,00000000,?,0028A49B,0026CFE0,00000000,00000000,00000000,?,0028A698,00000006,FlsSetValue), ref: 0028A526
                                          • GetLastError.KERNEL32(?,0028A49B,0026CFE0,00000000,00000000,00000000,?,0028A698,00000006,FlsSetValue,00297348,00297350,00000000,00000364,?,00289077), ref: 0028A532
                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0028A49B,0026CFE0,00000000,00000000,00000000,?,0028A698,00000006,FlsSetValue,00297348,00297350,00000000), ref: 0028A540
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: LibraryLoad$ErrorLast
                                          • String ID:
                                          • API String ID: 3177248105-0
                                          • Opcode ID: 62ceb2fc1f0e7b7d9b129d479a9e8f965246530f53fe9e5a8a9dc8b6dd28309b
                                          • Instruction ID: 91bcf3d479a097652f25c481378bae6629efad58e015625872a9660c6bd3ba55
                                          • Opcode Fuzzy Hash: 62ceb2fc1f0e7b7d9b129d479a9e8f965246530f53fe9e5a8a9dc8b6dd28309b
                                          • Instruction Fuzzy Hash: 3D01FC3AA33223ABD7219E6CAC48A567798AF457A17500523F906D31C1DB39DD50C7D1
                                          Function 0028B188 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00288FA5: GetLastError.KERNEL32(?,002A0EE8,00283E14,002A0EE8,?,?,00283713,00000050,?,002A0EE8,00000200), ref: 00288FA9
                                            • Part of subcall function 00288FA5: _free.LIBCMT ref: 00288FDC
                                            • Part of subcall function 00288FA5: SetLastError.KERNEL32(00000000,?,002A0EE8,00000200), ref: 0028901D
                                            • Part of subcall function 00288FA5: _abort.LIBCMT ref: 00289023
                                            • Part of subcall function 0028B2AE: _abort.LIBCMT ref: 0028B2E0
                                            • Part of subcall function 0028B2AE: _free.LIBCMT ref: 0028B314
                                            • Part of subcall function 0028AF1B: GetOEMCP.KERNEL32(00000000,?,?,0028B1A5,?), ref: 0028AF46
                                          • _free.LIBCMT ref: 0028B200
                                          • _free.LIBCMT ref: 0028B236
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: _free$ErrorLast_abort
                                          • String ID: )
                                          • API String ID: 2991157371-1411676355
                                          • Opcode ID: 1b4b6c7efd1157f2312c9a2da0b3723730f9847677810ab588486c566eb5cd66
                                          • Instruction ID: 4923169855986da97de95bd6b0bb76105819b8dd000e957de572bcf1d52e583f
                                          • Opcode Fuzzy Hash: 1b4b6c7efd1157f2312c9a2da0b3723730f9847677810ab588486c566eb5cd66
                                          • Instruction Fuzzy Hash: 07312639922205AFDB12FFA8D845B6D77E5EF01320F25009DE8189B2E1EB715D61CF50
                                          Function 00269F2F Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetStdHandle.KERNEL32(000000F5,?,00000001,?,?,0026CC94,00000001,?,?,?,00000000,00274ECD,?,?,?), ref: 00269F4C
                                          • WriteFile.KERNEL32(?,?,?,00000000,00000000,?,?,00000000,00274ECD,?,?,?,?,?,00274972,?), ref: 00269F8E
                                          • WriteFile.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000001,?,?,0026CC94,00000001,?,?), ref: 00269FB8
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: FileWrite$Handle
                                          • String ID:
                                          • API String ID: 4209713984-0
                                          • Opcode ID: be6397323c373670aec6cdfda1eb8614648e4c11dd19659c5c6750c0ba1e6c24
                                          • Instruction ID: 0c9b41831e1cd8477fff7aaf24c4c036455e546fe28c9fd1e78813369dcf570c
                                          • Opcode Fuzzy Hash: be6397323c373670aec6cdfda1eb8614648e4c11dd19659c5c6750c0ba1e6c24
                                          • Instruction Fuzzy Hash: 9D31E271218306DBDF248F24E848B6ABBA8EB51710F044559F845EB681CB75DDE8CBA2
                                          Function 0026A207 Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,0026A113,?,00000001,00000000,?,?), ref: 0026A22E
                                          • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,0026A113,?,00000001,00000000,?,?), ref: 0026A261
                                          • GetLastError.KERNEL32(?,?,?,?,0026A113,?,00000001,00000000,?,?), ref: 0026A27E
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: CreateDirectory$ErrorLast
                                          • String ID:
                                          • API String ID: 2485089472-0
                                          • Opcode ID: ff66ee758a2dec9a51508945b1d386fc21a58027d595e71e97d0786618245e06
                                          • Instruction ID: dbe14a32d98cc2331f9d7951bca70a0d15f4de52c89756434d5060d8e93736e3
                                          • Opcode Fuzzy Hash: ff66ee758a2dec9a51508945b1d386fc21a58027d595e71e97d0786618245e06
                                          • Instruction Fuzzy Hash: 0101CC311B021966DB22AFB55C59BEA3348AF0B781F044452FC05F6091DBA2CAE08EA3
                                          Function 0028AFF4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 0028B019
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Info
                                          • String ID:
                                          • API String ID: 1807457897-3916222277
                                          • Opcode ID: ee354276c91067cdbeda819582990a66257a3ecec798e72c97e534c709f54b6e
                                          • Instruction ID: f7dd1f5c9eeb23a3453409b58f56a8eda59316801ae2e82d7c67efce6a39bf12
                                          • Opcode Fuzzy Hash: ee354276c91067cdbeda819582990a66257a3ecec798e72c97e534c709f54b6e
                                          • Instruction Fuzzy Hash: 0541497851534C9ADF229E248C98BF7BBADDB05304F1404EDE59E87182D3359A55CF20
                                          Function 0028A72C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,3FE85006,00000001,?,?), ref: 0028A79D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: String
                                          • String ID: LCMapStringEx
                                          • API String ID: 2568140703-3893581201
                                          • Opcode ID: 3eab1b45f612a0b4d00e48fe5954ce03bba72597a772751f184c4b8c41823019
                                          • Instruction ID: 935d7c63eaa799a9f53a4b3a6cc7b18153e30e187bf3beb36ec61d0898448e65
                                          • Opcode Fuzzy Hash: 3eab1b45f612a0b4d00e48fe5954ce03bba72597a772751f184c4b8c41823019
                                          • Instruction Fuzzy Hash: DD011336525209BBCF02AFA0DC05DAE7F66EF08710F054156FE1825160CA728931BB91
                                          Function 0028A6CA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                          Download Yara Rule
                                          APIs
                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00289D2F), ref: 0028A715
                                          Strings
                                          • InitializeCriticalSectionEx, xrefs: 0028A6E5
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: CountCriticalInitializeSectionSpin
                                          • String ID: InitializeCriticalSectionEx
                                          • API String ID: 2593887523-3084827643
                                          • Opcode ID: 5e2b6b9d08eed4359b58375b1c4f73747a00bc2ec0dc1ba8f465189eb264f9c4
                                          • Instruction ID: 7b9849161a47ae81cd5952e7f05678cf5c0b288e0878e78f7e25cd9fa39b5e92
                                          • Opcode Fuzzy Hash: 5e2b6b9d08eed4359b58375b1c4f73747a00bc2ec0dc1ba8f465189eb264f9c4
                                          • Instruction Fuzzy Hash: 56F0E93566521CBBCF01AF60DC0AC9E7F65EF05720B004056FC1916260DE714E30FB91
                                          Function 0028A56F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Alloc
                                          • String ID: FlsAlloc
                                          • API String ID: 2773662609-671089009
                                          • Opcode ID: ff5143a7bb8b8252bebca7f2422663db3717dab021136746786c9ee99f4541e0
                                          • Instruction ID: f6ec56f04837f9bfcfaba6b580bc69dc87e63b2509571c577377b7b91ddfacd6
                                          • Opcode Fuzzy Hash: ff5143a7bb8b8252bebca7f2422663db3717dab021136746786c9ee99f4541e0
                                          • Instruction Fuzzy Hash: 18E05C74B762287B9A11BB509C0586DBB54CF56710B810157FC0517280DD740E2097D9
                                          Function 0028329A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                          Download Yara Rule
                                          APIs
                                          • try_get_function.LIBVCRUNTIME ref: 002832AF
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: try_get_function
                                          • String ID: FlsAlloc
                                          • API String ID: 2742660187-671089009
                                          • Opcode ID: 827cd451f8155a1b760c35bd9fa546e3c24c9db6a8c23462b108147b0043f725
                                          • Instruction ID: bf72243145f368cbee70b336f24548a4948a52907a4aae8cf74e4502ad98adee
                                          • Opcode Fuzzy Hash: 827cd451f8155a1b760c35bd9fa546e3c24c9db6a8c23462b108147b0043f725
                                          • Instruction Fuzzy Hash: 05D02B267916346AD91232C06C039AE7E088B03FB5F450153FF0C1A182C56549300BD5
                                          Function 0027E1F9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027E20B
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID: 3So
                                          • API String ID: 1269201914-1105799393
                                          • Opcode ID: 271ea6147b730c0e1191c3acfaef8dc364b85f70be3b07b3cdf5e07af5c17e18
                                          • Instruction ID: a63c282822fe0c194adc80eb28caabbd448bbfea19d209fff77cc239fefbcb82
                                          • Opcode Fuzzy Hash: 271ea6147b730c0e1191c3acfaef8dc364b85f70be3b07b3cdf5e07af5c17e18
                                          • Instruction Fuzzy Hash: FBB0129127E001BD360C11007F06D36032CC8C1B50330C11FF50ED4081D9D04C394433
                                          Function 0028B350 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0028AF1B: GetOEMCP.KERNEL32(00000000,?,?,0028B1A5,?), ref: 0028AF46
                                          • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0028B1EA,?,00000000), ref: 0028B3C4
                                          • GetCPInfo.KERNEL32(00000000,0028B1EA,?,?,?,0028B1EA,?,00000000), ref: 0028B3D7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: CodeInfoPageValid
                                          • String ID:
                                          • API String ID: 546120528-0
                                          • Opcode ID: 41b200219c5fb81a10dbb21af3dca365f750b6d2c5234ff13e8c8728ab5cccf3
                                          • Instruction ID: 770bedb7fc09f08fe241fc5c85c18758160d1bc58802804a57716ea729d2358a
                                          • Opcode Fuzzy Hash: 41b200219c5fb81a10dbb21af3dca365f750b6d2c5234ff13e8c8728ab5cccf3
                                          • Instruction Fuzzy Hash: 30517978D212069EDB22EF75C8926BBBBE4EF45310F18806ED086876D3D7359955CF80
                                          Function 00261385 Relevance: 3.1, APIs: 2, Instructions: 97COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00261385
                                            • Part of subcall function 00266057: __EH_prolog.LIBCMT ref: 0026605C
                                            • Part of subcall function 0026C827: __EH_prolog.LIBCMT ref: 0026C82C
                                            • Part of subcall function 0026C827: new.LIBCMT ref: 0026C86F
                                            • Part of subcall function 0026C827: new.LIBCMT ref: 0026C893
                                          • new.LIBCMT ref: 002613FE
                                            • Part of subcall function 0026B07D: __EH_prolog.LIBCMT ref: 0026B082
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: 1dd46c9f0c9eecfadf3d1ed542d5bccea4beca5c5d19e69f322601fa0bda076a
                                          • Instruction ID: cd86a926c9c583631eb4c6fd5df0c25516d2f44e4226d17449fa3676b76ab1b1
                                          • Opcode Fuzzy Hash: 1dd46c9f0c9eecfadf3d1ed542d5bccea4beca5c5d19e69f322601fa0bda076a
                                          • Instruction Fuzzy Hash: 2C4137B0815B409ED724DF7984869E7FBE5FF18300F544A6ED5EE83282DB3265A4CB11
                                          Function 00261380 Relevance: 3.1, APIs: 2, Instructions: 95COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00261385
                                            • Part of subcall function 00266057: __EH_prolog.LIBCMT ref: 0026605C
                                            • Part of subcall function 0026C827: __EH_prolog.LIBCMT ref: 0026C82C
                                            • Part of subcall function 0026C827: new.LIBCMT ref: 0026C86F
                                            • Part of subcall function 0026C827: new.LIBCMT ref: 0026C893
                                          • new.LIBCMT ref: 002613FE
                                            • Part of subcall function 0026B07D: __EH_prolog.LIBCMT ref: 0026B082
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: 465a8765a01dc63c9725c805f419ff65c1eff7232c861209791fa78238911d54
                                          • Instruction ID: 1253faa35363f14454e9f4e98cbe676628495f301a88b70d87d8cea7f3d1cfbe
                                          • Opcode Fuzzy Hash: 465a8765a01dc63c9725c805f419ff65c1eff7232c861209791fa78238911d54
                                          • Instruction Fuzzy Hash: AC4134B0815B409EE724DF7984869E7FBE5FF18300F544A6ED5EE83282DB3265A4CB11
                                          Function 0026971E Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00269EDC,?,?,00267867), ref: 002697A6
                                          • CreateFileW.KERNEL32(?,00000000,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00269EDC,?,?,00267867), ref: 002697DB
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: 2c9e162f9b3f92e6dd535169d10fef3181cfd86721600124fb0d59532d7fd677
                                          • Instruction ID: eb8eb02c03b54fe7c3cb4f8b07793e87eb83ecab52abb7940ed0019d0cd7aee8
                                          • Opcode Fuzzy Hash: 2c9e162f9b3f92e6dd535169d10fef3181cfd86721600124fb0d59532d7fd677
                                          • Instruction Fuzzy Hash: 3F2123B0420749AFE7318F24CC85BA7B7ECEB49764F00492EF1E582191C7B4ACD99B61
                                          Function 00269D62 Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00267547,?,?,?,?), ref: 00269D7C
                                          • SetFileTime.KERNELBASE(?,?,?,?), ref: 00269E2C
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: File$BuffersFlushTime
                                          • String ID:
                                          • API String ID: 1392018926-0
                                          • Opcode ID: 332e723c782d9dddf87626abf9464d5fd03d7387a8fbe4522aac63b7a7d50043
                                          • Instruction ID: 321176de8aceabd9cc0ec0c59287642cde65f46da50f326a3ba51cc61406f94e
                                          • Opcode Fuzzy Hash: 332e723c782d9dddf87626abf9464d5fd03d7387a8fbe4522aac63b7a7d50043
                                          • Instruction Fuzzy Hash: 5221F631168246AFC710EF25C491AABBBECAF51708F04482DB4C083141DB39DA9CCB91
                                          Function 0028A458 Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetProcAddress.KERNEL32(00000000,00293958), ref: 0028A4B8
                                          • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 0028A4C5
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AddressProc__crt_fast_encode_pointer
                                          • String ID:
                                          • API String ID: 2279764990-0
                                          • Opcode ID: 21abc6148a8bd4bf04e111c838bbde408aa99f41c6b044800414d99d66a71726
                                          • Instruction ID: c5922d71e0b3e99681c702c1fc15b45d0aceaa51b9a0fcf924aa35bba1ba673c
                                          • Opcode Fuzzy Hash: 21abc6148a8bd4bf04e111c838bbde408aa99f41c6b044800414d99d66a71726
                                          • Instruction Fuzzy Hash: B8110A3B6321215BBF21EE28FC4885A7395AB847247164122FD15AB294EE70EC61C7D2
                                          Function 00269B59 Relevance: 3.1, APIs: 2, Instructions: 57COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetFilePointer.KERNELBASE(?,?,?,?,-00001964,?,00000800,-00001964,00269B35,?,?,00000000,?,?,00268D9C,?), ref: 00269BC0
                                          • GetLastError.KERNEL32 ref: 00269BCD
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ErrorFileLastPointer
                                          • String ID:
                                          • API String ID: 2976181284-0
                                          • Opcode ID: 2dd9514d16292a483fd49235b80832325f42612dc5ec11ba727d52494cc4c416
                                          • Instruction ID: 6d4b1e3dc4050d523f7d76ce2bfc125b33d777d371882236de56fd4fbca0f879
                                          • Opcode Fuzzy Hash: 2dd9514d16292a483fd49235b80832325f42612dc5ec11ba727d52494cc4c416
                                          • Instruction Fuzzy Hash: 6C01E1322242069B8B08CE29BC8496AB39DEFC1325B14452EE81287280CE719CD99A20
                                          Function 00269E40 Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 00269E76
                                          • GetLastError.KERNEL32 ref: 00269E82
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ErrorFileLastPointer
                                          • String ID:
                                          • API String ID: 2976181284-0
                                          • Opcode ID: 6c5cd014cd2fbd72e99f4d5d568c488829616b17e4ae26b2f2f2334291c6c436
                                          • Instruction ID: 11dcf5477eb542615957f100e870fc0f7c1bf2d42eda29e22e8d87f5c713c2ea
                                          • Opcode Fuzzy Hash: 6c5cd014cd2fbd72e99f4d5d568c488829616b17e4ae26b2f2f2334291c6c436
                                          • Instruction Fuzzy Hash: B7019E757242015FEB34DE29DC88B6BB6DD9B88314F14493FB146C3690DE72ECD88A10
                                          Function 00288606 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00288627
                                            • Part of subcall function 00288518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0028C13D,00000000,?,002867E2,?,00000008,?,002889AD,?,?,?), ref: 0028854A
                                          • HeapReAlloc.KERNEL32(00000000,?,?,?,?,002A0F50,0026CE57,?,?,?,?,?,?), ref: 00288663
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Heap$AllocAllocate_free
                                          • String ID:
                                          • API String ID: 2447670028-0
                                          • Opcode ID: 8acd4269bd1e09840b97020a60af56dc4096cf080f43a7bd3461706e9fd89232
                                          • Instruction ID: aad212ce0bc21e46be3c3eb27c370f83c44ab196b5a3c7ab757ef9949cbdbf8d
                                          • Opcode Fuzzy Hash: 8acd4269bd1e09840b97020a60af56dc4096cf080f43a7bd3461706e9fd89232
                                          • Instruction Fuzzy Hash: C6F0C23E573126A6CB213E21AC04E6B275C9F927B0FA88116F824961D5FF30CC305BA5
                                          Function 00270908 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetCurrentProcess.KERNEL32(?,?), ref: 00270915
                                          • GetProcessAffinityMask.KERNEL32(00000000), ref: 0027091C
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Process$AffinityCurrentMask
                                          • String ID:
                                          • API String ID: 1231390398-0
                                          • Opcode ID: e4925b2d607b61f6f092912a9f81d431aaf4bd3e4b6be13c20e8373722558df8
                                          • Instruction ID: c21ca1520c8f4f3c27942b88d73445ce8cf5a7e59316c0a6c34053907e81cb8b
                                          • Opcode Fuzzy Hash: e4925b2d607b61f6f092912a9f81d431aaf4bd3e4b6be13c20e8373722558df8
                                          • Instruction Fuzzy Hash: C0E09B36A20106EB6F05CEA49C445FB739DDB04710710817ABA0ED3101F570DD158660
                                          Function 0026A444 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0026A27A,?,?,?,0026A113,?,00000001,00000000,?,?), ref: 0026A458
                                          • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0026A27A,?,?,?,0026A113,?,00000001,00000000,?,?), ref: 0026A489
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: be59509793e2a8e43edb218c2d1072e4a2a62d78e1dc409d54f217970d9c88cf
                                          • Instruction ID: 964b1a0cdaaad164b13192395d0e7b35ed2aefe5d1d7f6080e203ad440141e94
                                          • Opcode Fuzzy Hash: be59509793e2a8e43edb218c2d1072e4a2a62d78e1dc409d54f217970d9c88cf
                                          • Instruction Fuzzy Hash: 98F0303125020D7BDF129F61DC45FE9776CBB04385F448051BC8896161DB769EF8AE51
                                          Function 0027D573 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ItemText_swprintf
                                          • String ID:
                                          • API String ID: 3011073432-0
                                          • Opcode ID: 02b72b1ccc45eb1e29e5e4cd9015ffb5a5201fd063367ae9038c09f31aa890a8
                                          • Instruction ID: cae335de33ed0ad8ad303d674c23828f803058376394cda21570bde802836caf
                                          • Opcode Fuzzy Hash: 02b72b1ccc45eb1e29e5e4cd9015ffb5a5201fd063367ae9038c09f31aa890a8
                                          • Instruction Fuzzy Hash: 78F0EC7296034C7BDB11BB709C07FAD375C9B09745F044595B608570A2DD716E704B61
                                          Function 0026A12D Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • DeleteFileW.KERNELBASE(?,?,?,0026984C,?,?,00269688,?,?,?,?,00291FA1,000000FF), ref: 0026A13E
                                          • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,0026984C,?,?,00269688,?,?,?,?,00291FA1,000000FF), ref: 0026A16C
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: DeleteFile
                                          • String ID:
                                          • API String ID: 4033686569-0
                                          • Opcode ID: 5f6a10892a04c33c6e8da4cd02173e6f10925a07c9de92b8cf9d8aacefc08195
                                          • Instruction ID: f70d218ec336b8a856b254c123cf14fbc884e5019d3e3a05fc93a7290ab3adee
                                          • Opcode Fuzzy Hash: 5f6a10892a04c33c6e8da4cd02173e6f10925a07c9de92b8cf9d8aacefc08195
                                          • Instruction Fuzzy Hash: 27E092756502096BDB119F70EC46FF9775CFB09381F4840A6B888D7060DB71DDE4AEA1
                                          Function 0027A39D Relevance: 3.0, APIs: 2, Instructions: 27comCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GdiplusShutdown.GDIPLUS(?,?,?,?,00291FA1,000000FF), ref: 0027A3D1
                                          • OleUninitialize.OLE32(?,?,?,?,00291FA1,000000FF), ref: 0027A3D6
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: GdiplusShutdownUninitialize
                                          • String ID:
                                          • API String ID: 3856339756-0
                                          • Opcode ID: f61cf384c589ebe782a627beb92028de2dfdf825f9e9d25fd5db31ca89679a3b
                                          • Instruction ID: 8f2dbee8acd25fc2fa4cb914ef62987e4530adc24927b53a3bc4cacc4e0e83a9
                                          • Opcode Fuzzy Hash: f61cf384c589ebe782a627beb92028de2dfdf825f9e9d25fd5db31ca89679a3b
                                          • Instruction Fuzzy Hash: 94F03032918655DFC710DB4DEC05B15FBA8FB49B20F04436AF41983761CF746C10CA91
                                          Function 0026A194 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesW.KERNELBASE(?,?,?,0026A189,?,002676B2,?,?,?,?), ref: 0026A1A5
                                          • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,0026A189,?,002676B2,?,?,?,?), ref: 0026A1D1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 0880db24b8f2c722db69dc7918bf7c240d1b0e26194e19ffbc58db586de13865
                                          • Instruction ID: 3e35d3df727f7be0f496a76ba23f058aa3da87f9a4a6d358da24e0b9a2e7f884
                                          • Opcode Fuzzy Hash: 0880db24b8f2c722db69dc7918bf7c240d1b0e26194e19ffbc58db586de13865
                                          • Instruction Fuzzy Hash: 63E092365101285BCB21EB68DC09BE9B75CAB093E1F0042E2FD49E3290D7709DA49EE1
                                          Function 00270085 Relevance: 3.0, APIs: 2, Instructions: 25libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 002700A0
                                          • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0026EB86,Crypt32.dll,00000000,0026EC0A,?,?,0026EBEC,?,?,?), ref: 002700C2
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: DirectoryLibraryLoadSystem
                                          • String ID:
                                          • API String ID: 1175261203-0
                                          • Opcode ID: 67781c74898ce0b50662548add565709180c6251a10e25dc7a537bf9ae33ae40
                                          • Instruction ID: 7499ebe1bea035b7870be2fd680219e2be7932e43a85791d3e8d3df5f3c5fa3c
                                          • Opcode Fuzzy Hash: 67781c74898ce0b50662548add565709180c6251a10e25dc7a537bf9ae33ae40
                                          • Instruction Fuzzy Hash: 59E0127691115C6ADB219AA4AC09FE7776CEF0D392F0440A6BA48D3104DA749A948FB0
                                          Function 00279B0F Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00279B30
                                          • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00279B37
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: BitmapCreateFromGdipStream
                                          • String ID:
                                          • API String ID: 1918208029-0
                                          • Opcode ID: 0c01e0430c33d339bc26987012baf7799cd781287d5f361b74533d91a9cd2760
                                          • Instruction ID: 887bffc2ecff7a934539517be89a05370b0105b1ea828ba8609b7a8ef1e64879
                                          • Opcode Fuzzy Hash: 0c01e0430c33d339bc26987012baf7799cd781287d5f361b74533d91a9cd2760
                                          • Instruction Fuzzy Hash: A8E0ED71921318EBCB10DF98D501A9AB7ECEB09325F10C09BEC9993301D6B16E649FA1
                                          Function 0028215C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0028329A: try_get_function.LIBVCRUNTIME ref: 002832AF
                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0028217A
                                          • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00282185
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
                                          • String ID:
                                          • API String ID: 806969131-0
                                          • Opcode ID: 4afb961a63047de8a72fa09f3c404cfd4e20f217f5b9b5ff28de0d1f5f2a10d5
                                          • Instruction ID: da07b636429c71288a11d127da1fcca9d6011d09b0011b35cb71cf4912d4e90e
                                          • Opcode Fuzzy Hash: 4afb961a63047de8a72fa09f3c404cfd4e20f217f5b9b5ff28de0d1f5f2a10d5
                                          • Instruction Fuzzy Hash: 6ED0A73C136302E86C047AB0284A5A823445963F703F00786EA24850D7EE10403C6B11
                                          Function 0027DC67 Relevance: 3.0, APIs: 2, Instructions: 13COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • DloadLock.DELAYIMP ref: 0027DC73
                                          • DloadProtectSection.DELAYIMP ref: 0027DC8F
                                            • Part of subcall function 0027DE67: DloadObtainSection.DELAYIMP ref: 0027DE77
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Dload$Section$LockObtainProtect
                                          • String ID:
                                          • API String ID: 731663317-0
                                          • Opcode ID: 1d4835c18a7041e1b5f7aaefe2ecc006c86bfcf2fbf9cc50664f35504cb487b3
                                          • Instruction ID: 08de29650ade6a066a5737198fbaabe84cf446a1fda0ea6b45a5a8f80b466816
                                          • Opcode Fuzzy Hash: 1d4835c18a7041e1b5f7aaefe2ecc006c86bfcf2fbf9cc50664f35504cb487b3
                                          • Instruction Fuzzy Hash: D0D0C9741202918AC312AB14A9CAB1C22B4BF14744FA4864BE15D864A5DBF945B0CA06
                                          Function 002612E6 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ItemShowWindow
                                          • String ID:
                                          • API String ID: 3351165006-0
                                          • Opcode ID: 011acd373d063aafef1efd1e92e3554a3afbfb159dd7312ffadadf1f306e0238
                                          • Instruction ID: 87e4af31014f1b5ec3c22af38c1a9353fd4b14d48c24b93ecce7ff83321748e2
                                          • Opcode Fuzzy Hash: 011acd373d063aafef1efd1e92e3554a3afbfb159dd7312ffadadf1f306e0238
                                          • Instruction Fuzzy Hash: 44C01272058200FECB010BB0EC0DD2FBBA8EBA4212F09C908B2A9C0061CA38C018DB11
                                          Function 002619A6 Relevance: 1.8, APIs: 1, Instructions: 310COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: 6a016438fe84a2d77aeac4cf4b630457932025de5385cf4e2b5c390057cc797f
                                          • Instruction ID: 092854a891a77c82bf651e002063b42c59d48fdd18e3ac3f919c4292b4dcabad
                                          • Opcode Fuzzy Hash: 6a016438fe84a2d77aeac4cf4b630457932025de5385cf4e2b5c390057cc797f
                                          • Instruction Fuzzy Hash: 36C19130A242559FEF15CF68C485BAD7BA5AF0A304F1C40BADC45DB286CB71ADB4CB61
                                          Function 00263B3D Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: 1479ec189bbe364e01e21a0bd99e88f0328887a5602d2f19f1529b5852f0bd81
                                          • Instruction ID: 71f19393d3a710d35aa17bd605ba87e24ed55b4adaa762604e2cf1d1cb56a63c
                                          • Opcode Fuzzy Hash: 1479ec189bbe364e01e21a0bd99e88f0328887a5602d2f19f1529b5852f0bd81
                                          • Instruction Fuzzy Hash: C071F371124F459EDB25DF70CC91AEBB7E8AF14301F44495EE5AB87242DA327AA8CF10
                                          Function 0026837F Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00268384
                                            • Part of subcall function 00261380: __EH_prolog.LIBCMT ref: 00261385
                                            • Part of subcall function 00261380: new.LIBCMT ref: 002613FE
                                            • Part of subcall function 002619A6: __EH_prolog.LIBCMT ref: 002619AB
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: e30ab225568800c3f8963bab8f620ef178ca250e9262915685a16184127a1e31
                                          • Instruction ID: de2c44a11cdd7d719126bfc4eba8c96f8d35a4352bedb6c73ccd46f2fdd28466
                                          • Opcode Fuzzy Hash: e30ab225568800c3f8963bab8f620ef178ca250e9262915685a16184127a1e31
                                          • Instruction Fuzzy Hash: 4C4191318606559ADF20EB60CC55BFA73B8AF54300F0441EAE58AA7093DF756EE8DF60
                                          Function 00261E00 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00261E05
                                            • Part of subcall function 00263B3D: __EH_prolog.LIBCMT ref: 00263B42
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: 0c20714964ad4cb5697011d2291453d22677075eaf7cac08907fbc0a8174e736
                                          • Instruction ID: 823c501a1fe4d1158d94414d46f37d574d0070f2d235660e41d13f95b3121c66
                                          • Opcode Fuzzy Hash: 0c20714964ad4cb5697011d2291453d22677075eaf7cac08907fbc0a8174e736
                                          • Instruction Fuzzy Hash: 942128719241099ECB11EF99D9519EEBBF5BF58300B1444AEE849A7251CB326E70CF60
                                          Function 0027A7C3 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 0027A7C8
                                            • Part of subcall function 00261380: __EH_prolog.LIBCMT ref: 00261385
                                            • Part of subcall function 00261380: new.LIBCMT ref: 002613FE
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: dc7055942035531c7d96d2fdaae7d5debc4d06e0faf4f32801cf54ea735152b2
                                          • Instruction ID: 47181cacb0cccad58156ee74378a9674e94651d1b3e702af4e4ae454223f5468
                                          • Opcode Fuzzy Hash: dc7055942035531c7d96d2fdaae7d5debc4d06e0faf4f32801cf54ea735152b2
                                          • Instruction Fuzzy Hash: 81219C75C14249AECF14DF94C9429EEB7B4EF19300F0444EEE809A7202DB356E26CFA1
                                          Function 002692E6 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: 81bf507f821144d85e84b51bea1df0fd245bcd9fbd0d82b70ff749f5cd1511db
                                          • Instruction ID: 805e178eb71f684bd242d5be992a74a5c39d084562b9381bc291937aad93318b
                                          • Opcode Fuzzy Hash: 81bf507f821144d85e84b51bea1df0fd245bcd9fbd0d82b70ff749f5cd1511db
                                          • Instruction Fuzzy Hash: B11182739205299BCF22BEA8CC419EDB739AF88750F154155F805A7351DA348DB18AA0
                                          Function 0026AA88 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dae87922ec1b8facf4cbd1f95d3770f60e2097a5265b52e6532e4d2d30c47c6e
                                          • Instruction ID: 36bebe2fb72c454e105a7dbd7224996eae5ecfbb2436cead719d63ee81142588
                                          • Opcode Fuzzy Hash: dae87922ec1b8facf4cbd1f95d3770f60e2097a5265b52e6532e4d2d30c47c6e
                                          • Instruction Fuzzy Hash: E2F081305217069FDB30DEA4C941616B7F8EB15320F20891BD496D3680E770DCE0CF92
                                          Function 00265BD7 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00265BDC
                                            • Part of subcall function 0026B07D: __EH_prolog.LIBCMT ref: 0026B082
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: ee080efe7007955c38b4b6caff3df9016150d1ae2212fe5e149da665a966b881
                                          • Instruction ID: 780177779df2bb4f351cf762f3b4ecddf455716a60d9641246bfc720baba001f
                                          • Opcode Fuzzy Hash: ee080efe7007955c38b4b6caff3df9016150d1ae2212fe5e149da665a966b881
                                          • Instruction Fuzzy Hash: 5E016D30A25694DACB25F7A4D1553DDFBA49F19700F40819DE86A53283CBB41B58CA62
                                          Function 00288518 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0028C13D,00000000,?,002867E2,?,00000008,?,002889AD,?,?,?), ref: 0028854A
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: f81b26e474efd518ae3a43886561e66aaec2008517aed19fa3964544a6ae963e
                                          • Instruction ID: aaa86f735c2e6740e802a37a0eedab9d2cc0a29c31606ceb4efcc8f56c4f17ed
                                          • Opcode Fuzzy Hash: f81b26e474efd518ae3a43886561e66aaec2008517aed19fa3964544a6ae963e
                                          • Instruction Fuzzy Hash: 11E0A0695731625AEB213A695C05B5A67CC9B413B0FD64210AC18A20C1CE68DC204BA5
                                          Function 002696D0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,0026968F,?,?,?,?,00291FA1,000000FF), ref: 002696EB
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: 827382a05cb3014245cbc3142b8b8f9cf45f9cb558419cde3f50a0356c611269
                                          • Instruction ID: 06a0b35bc6b59c16737197262a176ed149a0607e078374635dd834e300b0ac0b
                                          • Opcode Fuzzy Hash: 827382a05cb3014245cbc3142b8b8f9cf45f9cb558419cde3f50a0356c611269
                                          • Instruction Fuzzy Hash: 8CF05E70566B068FDB318E24D589792B7EC9B12735F088B1E90E7538A0DB7168ED8F00
                                          Function 0026A4C6 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0026A4F5
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: CloseFind
                                          • String ID:
                                          • API String ID: 1863332320-0
                                          • Opcode ID: c0c6420279e86c3ba55375948fedd03d9bdc37ac9bf13e999ff12d46ba779c70
                                          • Instruction ID: a572e6438948693a54d3b069cfd1ee153df3c571b30530bf569f90bddf92cd10
                                          • Opcode Fuzzy Hash: c0c6420279e86c3ba55375948fedd03d9bdc37ac9bf13e999ff12d46ba779c70
                                          • Instruction Fuzzy Hash: 86F0E931429380AACB225B7848047C7BB90AF06331F04CA49F1FD22195C2B414E59F23
                                          Function 0027067C Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SetThreadExecutionState.KERNEL32(00000001), ref: 002706B1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ExecutionStateThread
                                          • String ID:
                                          • API String ID: 2211380416-0
                                          • Opcode ID: 3a21879c325969a50ab84b1d5efda6f7a955e645dba13a2591d6a47d2a1572db
                                          • Instruction ID: f60dc69b81d047b5dbaa265f65d992d61e860748b2381b59f37daf23c5653c39
                                          • Opcode Fuzzy Hash: 3a21879c325969a50ab84b1d5efda6f7a955e645dba13a2591d6a47d2a1572db
                                          • Instruction Fuzzy Hash: 8FD02B247340106AC6313778B88EBFE1A0A0FC3710F08406AB40D675838F670CFA4AE2
                                          Function 00279D7B Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GdipAlloc.GDIPLUS(00000010), ref: 00279D81
                                            • Part of subcall function 00279B0F: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00279B30
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Gdip$AllocBitmapCreateFromStream
                                          • String ID:
                                          • API String ID: 1915507550-0
                                          • Opcode ID: 4cf3c4e169e0f80c123d24ade4c43f63bdfd109b4bf71df52acedaf40aa9962d
                                          • Instruction ID: 70696f9c0434a67cc9a147d190becbc68b66617550f603034a2d414e8894a7a0
                                          • Opcode Fuzzy Hash: 4cf3c4e169e0f80c123d24ade4c43f63bdfd109b4bf71df52acedaf40aa9962d
                                          • Instruction Fuzzy Hash: 3BD09E306783096A9F51BA659C0296A7AA9EB04350F10C165BC0C86151E971DA70AA61
                                          Function 00269989 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileType.KERNELBASE(000000FF,00269887), ref: 00269995
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: FileType
                                          • String ID:
                                          • API String ID: 3081899298-0
                                          • Opcode ID: 6f326cf22875cda1a471ff79c4750a76b353806878ed3039c62bffeb5ceb3875
                                          • Instruction ID: 4162b171e29ee5115b11d5e6c07b291231b9c2db5176cd4f9e3729ff7639c8c8
                                          • Opcode Fuzzy Hash: 6f326cf22875cda1a471ff79c4750a76b353806878ed3039c62bffeb5ceb3875
                                          • Instruction Fuzzy Hash: 77D01231032182958F258E345D090997755DB83366B3CC6A8D025C40A1DB33C8D3F541
                                          Function 0027D41A Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 0027D43F
                                            • Part of subcall function 0027AC74: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0027AC85
                                            • Part of subcall function 0027AC74: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0027AC96
                                            • Part of subcall function 0027AC74: IsDialogMessageW.USER32(00010452,?), ref: 0027ACAA
                                            • Part of subcall function 0027AC74: TranslateMessage.USER32(?), ref: 0027ACB8
                                            • Part of subcall function 0027AC74: DispatchMessageW.USER32(?), ref: 0027ACC2
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Message$DialogDispatchItemPeekSendTranslate
                                          • String ID:
                                          • API String ID: 897784432-0
                                          • Opcode ID: 9a9f8e361adfcca6545080fdffeeee28f043e6ba9a59ba0dab154c2f970a2abe
                                          • Instruction ID: c9bb256d3d06b5b122eb96b8128df2d62be81883488719e6a36c499e5a41aaf9
                                          • Opcode Fuzzy Hash: 9a9f8e361adfcca6545080fdffeeee28f043e6ba9a59ba0dab154c2f970a2abe
                                          • Instruction Fuzzy Hash: 4ED09E31154300BBDA162B51DE06F0F7AE6AB88B04F004554B348740B28AB29D30AF16
                                          Function 0027D8AC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: d88b6130f628bd37d215eb84a5f7d7d64693caa1df1c2791d81b0645ed93f204
                                          • Instruction ID: a42ef3496fc45d8bb31e32269de433230244a5f2c1e52c4ef8e3efebc8fd9db1
                                          • Opcode Fuzzy Hash: d88b6130f628bd37d215eb84a5f7d7d64693caa1df1c2791d81b0645ed93f204
                                          • Instruction Fuzzy Hash: 6BB012D527C101AC310861047D46E3B022CDCC1B11330C11EF00ED01C1DCD05C390933
                                          Function 0027D8B6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: cc3ac605646146f1d962506833c3f204b23a31e99025cfbd2943b473989a7fe9
                                          • Instruction ID: 7229b9e4720cf19cbfd9624ec101f9d0825dfbf3bad2f01543bda197483bd198
                                          • Opcode Fuzzy Hash: cc3ac605646146f1d962506833c3f204b23a31e99025cfbd2943b473989a7fe9
                                          • Instruction Fuzzy Hash: 21B0129127C101AC310861047D06E36022CCCC2B11330C12FF40ED02C1D8D05C3E0833
                                          Function 0027D891 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: b211066204447d23227e81db0013784748cb8654ab287ecd37a039bb031bfa52
                                          • Instruction ID: ea04b7fecf5e814258ba02d1bdb3c4b1b6f2296a9bbd390e9fa23a4e1e04bb52
                                          • Opcode Fuzzy Hash: b211066204447d23227e81db0013784748cb8654ab287ecd37a039bb031bfa52
                                          • Instruction Fuzzy Hash: FAB09295278201AC250821006956D3A0228C881B11320862EF00EA0081D8905C694832
                                          Function 0027D8E8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: de9b83b1b03ed68e8e702d20b1038ec30c654eab387eae53ffcb3a546ca6c21f
                                          • Instruction ID: ac353051e2b414f7e2b8abb26ef22d43c05ed5ee402fc091788b153d791afc8b
                                          • Opcode Fuzzy Hash: de9b83b1b03ed68e8e702d20b1038ec30c654eab387eae53ffcb3a546ca6c21f
                                          • Instruction Fuzzy Hash: D0B012A127C101AC314861047D06F36022CCCC1B11330C21EF00ED01C1D8D05C790833
                                          Function 0027D8F2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 6999824445cfd543e1ebd272b5b89e6ae196ddee4566e8e306aee9c039323cd3
                                          • Instruction ID: 42eb9fe707815a2d5fff88de1a70f1aeb1f0f09504c98b0fe699f9c6a3e5191a
                                          • Opcode Fuzzy Hash: 6999824445cfd543e1ebd272b5b89e6ae196ddee4566e8e306aee9c039323cd3
                                          • Instruction Fuzzy Hash: F3B012A127C001AC310C61057E06F36022CCCC1B11330C11EF00ED01C1D8D05D3A0833
                                          Function 0027D8FC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 0d081b43858a9749b4f0dc99d25acb1da3a761c48bd465a3cd1eef145754c117
                                          • Instruction ID: c11937ceb49e58839bca960022d83c8d7c6efba5944b24aebe3e46c54f68d319
                                          • Opcode Fuzzy Hash: 0d081b43858a9749b4f0dc99d25acb1da3a761c48bd465a3cd1eef145754c117
                                          • Instruction Fuzzy Hash: F8B012A127C001AC310C61057D06F36022CCCC1B11330C11EF00ED01C1DCD05C390833
                                          Function 0027D8C0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 8d5a49fcb4bf370eca73c09001f1accbe84766b3bad18f9270849d5fa697fd51
                                          • Instruction ID: 43dac74c7e98cde2ffd011a498eb0888b666fad7f5e7a72b15fe46d7f8bdf662
                                          • Opcode Fuzzy Hash: 8d5a49fcb4bf370eca73c09001f1accbe84766b3bad18f9270849d5fa697fd51
                                          • Instruction Fuzzy Hash: 52B0129127C101AC314861047D06E36022CCCC1B11330C22EF00ED02C1D8D05CBE0833
                                          Function 0027D8CA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 4f3489481de239608d3f462df1dbd0f194089820ed114f749910b2eb5c0132ef
                                          • Instruction ID: 78e7c314a92ccde7e4b9b23e414e3f4bb3e4c599bac49f7e1ccdc9a09f6fe7c8
                                          • Opcode Fuzzy Hash: 4f3489481de239608d3f462df1dbd0f194089820ed114f749910b2eb5c0132ef
                                          • Instruction Fuzzy Hash: 9EB0129127C001AC310C61057E06E36022CCCC1B11330C12EF00ED02C1D8E05C3F1833
                                          Function 0027D8DE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 8b5cf946c39b706149c2b5604e9388a7ba4b832e54b0de8da1fa22315bb6441a
                                          • Instruction ID: 1afdc8b0f2369ddf36d756a066ef7a634c6d9c7bae6363d46eef2bcab67f8faf
                                          • Opcode Fuzzy Hash: 8b5cf946c39b706149c2b5604e9388a7ba4b832e54b0de8da1fa22315bb6441a
                                          • Instruction Fuzzy Hash: 45B012A227C101AC310861047D06F36022CCCC2B11330C11EF40ED01C1D8D05C390833
                                          Function 0027D924 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 73945b2cf8544fb6efe123b894538df8fefd533ff16bcbebf21f5314487c05e3
                                          • Instruction ID: 4f4f787054b6ca6736ff30dd9d339ac7d8268dc3b8dbcff05c1b9da8d406d25d
                                          • Opcode Fuzzy Hash: 73945b2cf8544fb6efe123b894538df8fefd533ff16bcbebf21f5314487c05e3
                                          • Instruction Fuzzy Hash: 7DB0129127D401AC350861047E06E36026DCCC1B11330C11EF00ED01C1DCD05C390833
                                          Function 0027D92E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 8719201a53d5818d34aedab6dd9617b79d21170d00cec0975c85fe756e5d5f30
                                          • Instruction ID: 35909b5846d3490f5a33d4e4c2153ba477bbb3ca5fd6f10b7d16d6da0bd74138
                                          • Opcode Fuzzy Hash: 8719201a53d5818d34aedab6dd9617b79d21170d00cec0975c85fe756e5d5f30
                                          • Instruction Fuzzy Hash: 88B0129127C101AC310961147D06E36026CCCC2B11330C11EF50ED01C1D9D05C390C33
                                          Function 0027D906 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: dbf6a803a1bc6bc2514c83259d85a35dc41748ca85e2169d9bb3d75d61498091
                                          • Instruction ID: dfd489feb7dd7dbe876a3e147614cb38e67d047a88032ed220c685ca50db9ab3
                                          • Opcode Fuzzy Hash: dbf6a803a1bc6bc2514c83259d85a35dc41748ca85e2169d9bb3d75d61498091
                                          • Instruction Fuzzy Hash: D2B012912BD101AC350861047E06E36022DCCC2B11330C11EF40ED01C1D8D05C390833
                                          Function 0027D910 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: eb0df409829bbcac42dd22d8142eb40e8de1097c9196f2e9a110555f7d318e96
                                          • Instruction ID: 100672d7c5a1f748f37e171bc0483bb9c3c2c754ace1c1cd9aed47ce5ae3e53a
                                          • Opcode Fuzzy Hash: eb0df409829bbcac42dd22d8142eb40e8de1097c9196f2e9a110555f7d318e96
                                          • Instruction Fuzzy Hash: FDB012A127D101AC354862047E06E36022DCCC1B11330C21EF00ED01C1D8D09C790833
                                          Function 0027D942 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 5b579e5e01cdc9d2e167433f3a7d145d0ff5f52ccc8eafec38725565171a3e52
                                          • Instruction ID: d8533b1a6a49a9f3063f39aa5d8a1962aed16042ad8a15150560f8f87687ea90
                                          • Opcode Fuzzy Hash: 5b579e5e01cdc9d2e167433f3a7d145d0ff5f52ccc8eafec38725565171a3e52
                                          • Instruction Fuzzy Hash: E2B012E127C001AC310D61057E06E3602ACCCC1B11330C11EF00ED01C1D8D05C3A0C33
                                          Function 0027DACF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DAB2
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 1bcdda18acde230e2c06a7eae6842dfa4351bef6deb742ea6216202221f57d9b
                                          • Instruction ID: d8d1957f911ad373a30a3ad05a3100cfa99c7dbc538edfba1a687bce8716dc50
                                          • Opcode Fuzzy Hash: 1bcdda18acde230e2c06a7eae6842dfa4351bef6deb742ea6216202221f57d9b
                                          • Instruction Fuzzy Hash: B6B012A627C101EC320871057E02E3A026CC8C0B10330C21FF40EC0044D8944C384832
                                          Function 0027DAD9 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DAB2
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 7e5cd1e02e29bdf85d2dc6afee636e8448d74aa357abc4cd7eb3f395bb01b443
                                          • Instruction ID: 35432e72a8ca65ef659522027659e7ca9d8578a3ce378ca70c546db8cf66750a
                                          • Opcode Fuzzy Hash: 7e5cd1e02e29bdf85d2dc6afee636e8448d74aa357abc4cd7eb3f395bb01b443
                                          • Instruction Fuzzy Hash: 0CB0129527C001AC320871057E02F3E026CD8C4B10330C62FF00FC0044DC904C3D4836
                                          Function 0027DB01 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DAB2
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 933895c6c7a880ac4aefd1430abf9e8b79d07b3bfe75c19a1bf04a220c27cea6
                                          • Instruction ID: e03975b5a719044169d6206f2d70d644df849bfc8110cf0dc7093fe350396bca
                                          • Opcode Fuzzy Hash: 933895c6c7a880ac4aefd1430abf9e8b79d07b3bfe75c19a1bf04a220c27cea6
                                          • Instruction Fuzzy Hash: BDB012D52BC111AC320871057E02F3A026CE8C0B10330C21FF40EC0044DC904C384932
                                          Function 0027DBE8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DBD5
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 398b3cacc54487add3287cfc7051d07045f5de6a02b25ca9f7f11194f0ef7db6
                                          • Instruction ID: 74e3a370d68bf2badc03d6b3166a1c4d7ebc0f1ddb9659be270c39737ab0c7a9
                                          • Opcode Fuzzy Hash: 398b3cacc54487add3287cfc7051d07045f5de6a02b25ca9f7f11194f0ef7db6
                                          • Instruction Fuzzy Hash: B0B09295279102AD210851042906E36023CC884B10360C51EF40EC1040D9A04C294432
                                          Function 0027DBFC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DBD5
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: bd82a4c50743a82d8222a0a2321675c36e0194c846940708ec912da636c2c4f8
                                          • Instruction ID: e23a91fb98d778ed94efb9c31db6a6db426e80c4b8d43bec2ed2c588bd3c340d
                                          • Opcode Fuzzy Hash: bd82a4c50743a82d8222a0a2321675c36e0194c846940708ec912da636c2c4f8
                                          • Instruction Fuzzy Hash: 69B09295279002AD210851042A06E36022CC884B10360C51EF10EC0040D9A04C2A4432
                                          Function 0027DBC3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DBD5
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: e0029f73674b14f427c25ea150cda9c04f7131200ed6d91b6f5a48182a53dc3c
                                          • Instruction ID: a2adf53e3d98dcb5c2a9b1b3e44e02c10e198bc5331d23ed8c6cd930e82c841e
                                          • Opcode Fuzzy Hash: e0029f73674b14f427c25ea150cda9c04f7131200ed6d91b6f5a48182a53dc3c
                                          • Instruction Fuzzy Hash: 54B09295279106AD220811002D06D36022CD880B10360862EF00E9004099A04C694432
                                          Function 0027DBDE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DBD5
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 620125c9eb69e16afc9656486d10312fa5028d658deadd0656479bb1f3a1f346
                                          • Instruction ID: 762b5e56b12c493fc32d01fe33c874577c08409cc0530b2cfe2e701ccf9839d9
                                          • Opcode Fuzzy Hash: 620125c9eb69e16afc9656486d10312fa5028d658deadd0656479bb1f3a1f346
                                          • Instruction Fuzzy Hash: AEB0129537D001AD310861143D07F36023DD8D4B10370C52FF00FD0440DDA04C3D8432
                                          Function 0027DC24 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DC36
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 62b25a36af0e2f626aa936378b70157ed8bc5f14d6596910b608fe629751ab4d
                                          • Instruction ID: f034b039257221c6193e1d7965a965227e290aa3f6b4d1b35d07afe0f3cb8476
                                          • Opcode Fuzzy Hash: 62b25a36af0e2f626aa936378b70157ed8bc5f14d6596910b608fe629751ab4d
                                          • Instruction Fuzzy Hash: DEB09295278201AD210921106A02E36023CC9C0F10320861EF10EA004299D06C685432
                                          Function 0027DC53 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DC36
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: f02cc90242c2db900491bf31b84d7796c3a25d067e955831ffc0f36e0a5a2fbb
                                          • Instruction ID: 87897fc0344bfc060253961f22fe005ecf1a3a537db9d8c65dd4617a7d685013
                                          • Opcode Fuzzy Hash: f02cc90242c2db900491bf31b84d7796c3a25d067e955831ffc0f36e0a5a2fbb
                                          • Instruction Fuzzy Hash: E5B0129527C201ED310D61147D02F37023CC8C5F10330C61FF50ED0042D9D06C384432
                                          Function 0027DC5D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DC36
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 50d2fa9d355b69572e0c6cfdf2d55a3f97662bcfec388081a9e5848634fad461
                                          • Instruction ID: 91edd5eef05059612989d2be802024cd6dd6716cbd2048904632826e5ac4b2d7
                                          • Opcode Fuzzy Hash: 50d2fa9d355b69572e0c6cfdf2d55a3f97662bcfec388081a9e5848634fad461
                                          • Instruction Fuzzy Hash: C5B09295278201AD310961146902E36023CC8C0F10320861FF10ED0042D9D06C284432
                                          Function 0027D8D9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 8f1c4c17b94d0f00f2cdf61d63bdbd923634b8e4e17150cf368625a16419e1c8
                                          • Instruction ID: 0b09a9c9a7994d6dce8cfea4622f7bf04e48bbcf4f5b535804ecdd95fd10f182
                                          • Opcode Fuzzy Hash: 8f1c4c17b94d0f00f2cdf61d63bdbd923634b8e4e17150cf368625a16419e1c8
                                          • Instruction Fuzzy Hash: F5A001A66BD512BC35196251BE5AD3A062CCCC6B62330C91EF44FA45C1E9A0686A5832
                                          Function 0027D93D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 277258be910182c2cb5a83bbf7a8de8684498fe73a984455ed08e005456e4a0b
                                          • Instruction ID: 0b09a9c9a7994d6dce8cfea4622f7bf04e48bbcf4f5b535804ecdd95fd10f182
                                          • Opcode Fuzzy Hash: 277258be910182c2cb5a83bbf7a8de8684498fe73a984455ed08e005456e4a0b
                                          • Instruction Fuzzy Hash: F5A001A66BD512BC35196251BE5AD3A062CCCC6B62330C91EF44FA45C1E9A0686A5832
                                          Function 0027D91F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: a66bd282d304aecd00b5221b577af5dee013983b50b25f3698306df505190f24
                                          • Instruction ID: 0b09a9c9a7994d6dce8cfea4622f7bf04e48bbcf4f5b535804ecdd95fd10f182
                                          • Opcode Fuzzy Hash: a66bd282d304aecd00b5221b577af5dee013983b50b25f3698306df505190f24
                                          • Instruction Fuzzy Hash: F5A001A66BD512BC35196251BE5AD3A062CCCC6B62330C91EF44FA45C1E9A0686A5832
                                          Function 0027D965 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 7183cb7dd32faea90aa0642c8803a809454178d220a79eef92229a61927e1a34
                                          • Instruction ID: 0b09a9c9a7994d6dce8cfea4622f7bf04e48bbcf4f5b535804ecdd95fd10f182
                                          • Opcode Fuzzy Hash: 7183cb7dd32faea90aa0642c8803a809454178d220a79eef92229a61927e1a34
                                          • Instruction Fuzzy Hash: F5A001A66BD512BC35196251BE5AD3A062CCCC6B62330C91EF44FA45C1E9A0686A5832
                                          Function 0027D96F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 8c26822f885de9f063fc5688eec1b1505d7b94a291b42546ddf53b0ba4f8ad37
                                          • Instruction ID: 0b09a9c9a7994d6dce8cfea4622f7bf04e48bbcf4f5b535804ecdd95fd10f182
                                          • Opcode Fuzzy Hash: 8c26822f885de9f063fc5688eec1b1505d7b94a291b42546ddf53b0ba4f8ad37
                                          • Instruction Fuzzy Hash: F5A001A66BD512BC35196251BE5AD3A062CCCC6B62330C91EF44FA45C1E9A0686A5832
                                          Function 0027D979 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: da35090970b6d1760d6efadaf72e5e1e5fe348dbeedfaf84cf3a5a9fb95e62ca
                                          • Instruction ID: 0b09a9c9a7994d6dce8cfea4622f7bf04e48bbcf4f5b535804ecdd95fd10f182
                                          • Opcode Fuzzy Hash: da35090970b6d1760d6efadaf72e5e1e5fe348dbeedfaf84cf3a5a9fb95e62ca
                                          • Instruction Fuzzy Hash: F5A001A66BD512BC35196251BE5AD3A062CCCC6B62330C91EF44FA45C1E9A0686A5832
                                          Function 0027D951 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: ba5e3c5c61715d9ba4db222de073aec6798b80492db6bb13c3d1afb2ebb02152
                                          • Instruction ID: 0b09a9c9a7994d6dce8cfea4622f7bf04e48bbcf4f5b535804ecdd95fd10f182
                                          • Opcode Fuzzy Hash: ba5e3c5c61715d9ba4db222de073aec6798b80492db6bb13c3d1afb2ebb02152
                                          • Instruction Fuzzy Hash: F5A001A66BD512BC35196251BE5AD3A062CCCC6B62330C91EF44FA45C1E9A0686A5832
                                          Function 0027D95B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: f65b358db6bdf1e28722a1bd7d2dd7b881115e029ee4689231d1667c9cb01799
                                          • Instruction ID: 0b09a9c9a7994d6dce8cfea4622f7bf04e48bbcf4f5b535804ecdd95fd10f182
                                          • Opcode Fuzzy Hash: f65b358db6bdf1e28722a1bd7d2dd7b881115e029ee4689231d1667c9cb01799
                                          • Instruction Fuzzy Hash: F5A001A66BD512BC35196251BE5AD3A062CCCC6B62330C91EF44FA45C1E9A0686A5832
                                          Function 0027D983 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: bdaa17a5ffa2dea4aead5c61c74885629e7cc363b4c93ee04cfdc9f28360c61a
                                          • Instruction ID: 0b09a9c9a7994d6dce8cfea4622f7bf04e48bbcf4f5b535804ecdd95fd10f182
                                          • Opcode Fuzzy Hash: bdaa17a5ffa2dea4aead5c61c74885629e7cc363b4c93ee04cfdc9f28360c61a
                                          • Instruction Fuzzy Hash: F5A001A66BD512BC35196251BE5AD3A062CCCC6B62330C91EF44FA45C1E9A0686A5832
                                          Function 0027D98D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 91ec1fcf691f18699e1de766da779274679171572fb737ef07d0258b34605297
                                          • Instruction ID: 0b09a9c9a7994d6dce8cfea4622f7bf04e48bbcf4f5b535804ecdd95fd10f182
                                          • Opcode Fuzzy Hash: 91ec1fcf691f18699e1de766da779274679171572fb737ef07d0258b34605297
                                          • Instruction Fuzzy Hash: F5A001A66BD512BC35196251BE5AD3A062CCCC6B62330C91EF44FA45C1E9A0686A5832
                                          Function 0027D997 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027D8A3
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: b998eb766a8e19e688ae7fb82ee5ef2123e14e4cd7f0e7f276ee3f97b7b07fee
                                          • Instruction ID: 0b09a9c9a7994d6dce8cfea4622f7bf04e48bbcf4f5b535804ecdd95fd10f182
                                          • Opcode Fuzzy Hash: b998eb766a8e19e688ae7fb82ee5ef2123e14e4cd7f0e7f276ee3f97b7b07fee
                                          • Instruction Fuzzy Hash: F5A001A66BD512BC35196251BE5AD3A062CCCC6B62330C91EF44FA45C1E9A0686A5832
                                          Function 0027DAA5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DAB2
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 41873603552c1ee7434a7a435fac5673df721f2f59079f11d09c5a9607baf4f6
                                          • Instruction ID: 46aaa8e1ac8e78a4f63e5edfe6ad24c2498503f521ff70c66c920f6a13bb20c1
                                          • Opcode Fuzzy Hash: 41873603552c1ee7434a7a435fac5673df721f2f59079f11d09c5a9607baf4f6
                                          • Instruction Fuzzy Hash: FFA011AA2BC0023C3208B202BE02C3A022CE8C0B22330C20EF00FA0088A8A008280832
                                          Function 0027DAE8 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DAB2
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: d46ed7ec00a5d001b54110af83960e85f1b3904ab7a2303ff07d15a2041d69dd
                                          • Instruction ID: 8899908e3281facdd5f1f64a5f77386640c1f79e6d401517005b8b87eecd2997
                                          • Opcode Fuzzy Hash: d46ed7ec00a5d001b54110af83960e85f1b3904ab7a2303ff07d15a2041d69dd
                                          • Instruction Fuzzy Hash: 94A001AA2BD112BC36197252BE16D3A026CD8C5B61330CA5EF40F94489A9A458695876
                                          Function 0027DAF2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DAB2
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 8f702f7185e028186985d5b95a39c807c07c187f07f4af9a8e1dcc8a61e4f395
                                          • Instruction ID: 8899908e3281facdd5f1f64a5f77386640c1f79e6d401517005b8b87eecd2997
                                          • Opcode Fuzzy Hash: 8f702f7185e028186985d5b95a39c807c07c187f07f4af9a8e1dcc8a61e4f395
                                          • Instruction Fuzzy Hash: 94A001AA2BD112BC36197252BE16D3A026CD8C5B61330CA5EF40F94489A9A458695876
                                          Function 0027DAFC Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DAB2
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: b73c541e3a301e4a5fa1e14c8641828697c6cef505e500a6ba25f41afa8c12f7
                                          • Instruction ID: 8899908e3281facdd5f1f64a5f77386640c1f79e6d401517005b8b87eecd2997
                                          • Opcode Fuzzy Hash: b73c541e3a301e4a5fa1e14c8641828697c6cef505e500a6ba25f41afa8c12f7
                                          • Instruction Fuzzy Hash: 94A001AA2BD112BC36197252BE16D3A026CD8C5B61330CA5EF40F94489A9A458695876
                                          Function 0027DAC0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DAB2
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 71bbafe03a0614c2e075d3a9f32c71819338214061dca93018518921598bc353
                                          • Instruction ID: 8899908e3281facdd5f1f64a5f77386640c1f79e6d401517005b8b87eecd2997
                                          • Opcode Fuzzy Hash: 71bbafe03a0614c2e075d3a9f32c71819338214061dca93018518921598bc353
                                          • Instruction Fuzzy Hash: 94A001AA2BD112BC36197252BE16D3A026CD8C5B61330CA5EF40F94489A9A458695876
                                          Function 0027DACA Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DAB2
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: df0c011c86cbf40a3e8d52f1811b3b5367d3adcb771894325624946b23a28316
                                          • Instruction ID: 8899908e3281facdd5f1f64a5f77386640c1f79e6d401517005b8b87eecd2997
                                          • Opcode Fuzzy Hash: df0c011c86cbf40a3e8d52f1811b3b5367d3adcb771894325624946b23a28316
                                          • Instruction Fuzzy Hash: 94A001AA2BD112BC36197252BE16D3A026CD8C5B61330CA5EF40F94489A9A458695876
                                          Function 0027DBF7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DBD5
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: e3432d0d37e0224cc03d0de821a85e56ea7de47cf1e007c66decf028d7e5aea5
                                          • Instruction ID: 05a68a5cdd26f6eb25f721aa232841f2bdbb21e7ba087969cb68a66b45a34f0a
                                          • Opcode Fuzzy Hash: e3432d0d37e0224cc03d0de821a85e56ea7de47cf1e007c66decf028d7e5aea5
                                          • Instruction Fuzzy Hash: 41A011AA2BE002BC300822003E0BC3A023CC8C8B203B0C80EF00F80080AAA00C2A0832
                                          Function 0027DC0B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DBD5
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: d77a76665756834e5780b5b03845701fdc8e3b51c71a3ee4abe57852e20fdbf0
                                          • Instruction ID: 05a68a5cdd26f6eb25f721aa232841f2bdbb21e7ba087969cb68a66b45a34f0a
                                          • Opcode Fuzzy Hash: d77a76665756834e5780b5b03845701fdc8e3b51c71a3ee4abe57852e20fdbf0
                                          • Instruction Fuzzy Hash: 41A011AA2BE002BC300822003E0BC3A023CC8C8B203B0C80EF00F80080AAA00C2A0832
                                          Function 0027DC15 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DBD5
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 549adb3a011dfd1aa59cdfe71ba70758a7a0f96aefd519da7122af96e20f93ef
                                          • Instruction ID: 05a68a5cdd26f6eb25f721aa232841f2bdbb21e7ba087969cb68a66b45a34f0a
                                          • Opcode Fuzzy Hash: 549adb3a011dfd1aa59cdfe71ba70758a7a0f96aefd519da7122af96e20f93ef
                                          • Instruction Fuzzy Hash: 41A011AA2BE002BC300822003E0BC3A023CC8C8B203B0C80EF00F80080AAA00C2A0832
                                          Function 0027DC1F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DBD5
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 4cda02e2a91572d1759096e1845b8bf9027756531644c4eaaa066fc7f4a372dd
                                          • Instruction ID: 05a68a5cdd26f6eb25f721aa232841f2bdbb21e7ba087969cb68a66b45a34f0a
                                          • Opcode Fuzzy Hash: 4cda02e2a91572d1759096e1845b8bf9027756531644c4eaaa066fc7f4a372dd
                                          • Instruction Fuzzy Hash: 41A011AA2BE002BC300822003E0BC3A023CC8C8B203B0C80EF00F80080AAA00C2A0832
                                          Function 0027DC44 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DC36
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: 70b2ca854cb5e457dda970850df565851109fd8f451fcdce748c1ab3ee784d82
                                          • Instruction ID: 59db652cb499918264f31232e117497c446574793c78e2307db200a94b4ba6c7
                                          • Opcode Fuzzy Hash: 70b2ca854cb5e457dda970850df565851109fd8f451fcdce748c1ab3ee784d82
                                          • Instruction Fuzzy Hash: 61A0029557D112BD351D61517D16D77023CC8C5F51370C91EF54F9445195D06C655431
                                          Function 0027DC4E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0027DC36
                                            • Part of subcall function 0027DF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0027DFD6
                                            • Part of subcall function 0027DF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0027DFE7
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                          • String ID:
                                          • API String ID: 1269201914-0
                                          • Opcode ID: cd57ec4694dd5ee73b67e4b0c8d39c5793cc993158269c6d23ea80ef55e83ac9
                                          • Instruction ID: 59db652cb499918264f31232e117497c446574793c78e2307db200a94b4ba6c7
                                          • Opcode Fuzzy Hash: cd57ec4694dd5ee73b67e4b0c8d39c5793cc993158269c6d23ea80ef55e83ac9
                                          • Instruction Fuzzy Hash: 61A0029557D112BD351D61517D16D77023CC8C5F51370C91EF54F9445195D06C655431
                                          Function 00269EBF Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SetEndOfFile.KERNELBASE(?,00269104,?,?,-00001964), ref: 00269EC2
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: File
                                          • String ID:
                                          • API String ID: 749574446-0
                                          • Opcode ID: 274bad9e16e10fba1290ce33652e94bc1891a69c4f56be78ebfc43324428f0f6
                                          • Instruction ID: 2de52f567a80e379c520c1c254a5403acb8dd057229e1d06497564c1bf8284b8
                                          • Opcode Fuzzy Hash: 274bad9e16e10fba1290ce33652e94bc1891a69c4f56be78ebfc43324428f0f6
                                          • Instruction Fuzzy Hash: 8CB011320A000A8A8E002B30EC088283A20EA2230A30082A0A002CA0A0CB22C022AA00
                                          Function 0027A322 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetCurrentDirectoryW.KERNELBASE(?,0027A587,C:\Users\user\Desktop,00000000,002A946A,00000006), ref: 0027A326
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: CurrentDirectory
                                          • String ID:
                                          • API String ID: 1611563598-0
                                          • Opcode ID: 59b8dc7383bd875321e8b63b79e487af97990005285287eb996e12e8866e03d2
                                          • Instruction ID: 9e0c42d7720e8ad78f9623a2f6c5c924de191f81a83aa8285e0acc4870bdf4c9
                                          • Opcode Fuzzy Hash: 59b8dc7383bd875321e8b63b79e487af97990005285287eb996e12e8866e03d2
                                          • Instruction Fuzzy Hash: 54A01230194006568E004B30DC0DC1576505760702F0086227006C00B0CB308C14A500

                                          Non-executed Functions

                                          Function 0027B8E0 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0026130B: GetDlgItem.USER32(00000000,00003021), ref: 0026134F
                                            • Part of subcall function 0026130B: SetWindowTextW.USER32(00000000,002935B4), ref: 00261365
                                          • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 0027B971
                                          • EndDialog.USER32(?,00000006), ref: 0027B984
                                          • GetDlgItem.USER32(?,0000006C), ref: 0027B9A0
                                          • SetFocus.USER32(00000000), ref: 0027B9A7
                                          • SetDlgItemTextW.USER32(?,00000065,?), ref: 0027B9E1
                                          • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 0027BA18
                                          • FindFirstFileW.KERNEL32(?,?), ref: 0027BA2E
                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0027BA4C
                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 0027BA5C
                                          • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0027BA78
                                          • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0027BA94
                                          • _swprintf.LIBCMT ref: 0027BAC4
                                            • Part of subcall function 0026400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0026401D
                                          • SetDlgItemTextW.USER32(?,0000006A,?), ref: 0027BAD7
                                          • FindClose.KERNEL32(00000000), ref: 0027BADE
                                          • _swprintf.LIBCMT ref: 0027BB37
                                          • SetDlgItemTextW.USER32(?,00000068,?), ref: 0027BB4A
                                          • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 0027BB67
                                          • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 0027BB87
                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 0027BB97
                                          • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0027BBB1
                                          • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0027BBC9
                                          • _swprintf.LIBCMT ref: 0027BBF5
                                          • SetDlgItemTextW.USER32(?,0000006B,?), ref: 0027BC08
                                          • _swprintf.LIBCMT ref: 0027BC5C
                                          • SetDlgItemTextW.USER32(?,00000069,?), ref: 0027BC6F
                                            • Part of subcall function 0027A63C: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0027A662
                                            • Part of subcall function 0027A63C: GetNumberFormatW.KERNEL32(00000400,00000000,?,0029E600,?,?), ref: 0027A6B1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                          • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                          • API String ID: 797121971-1840816070
                                          • Opcode ID: 67c29cce59dca10f6ead297b5c90d84c7e0a7d5883d493da4a7186a94b1e6c40
                                          • Instruction ID: 20240411d7b0a38236ba3bebae56df14ddda8a9cb3f64e146857a134f455cd28
                                          • Opcode Fuzzy Hash: 67c29cce59dca10f6ead297b5c90d84c7e0a7d5883d493da4a7186a94b1e6c40
                                          • Instruction Fuzzy Hash: DE91B272258349BFD621DBA0DC4DFFB77ACEB4A704F04481AB74DD2091DB71AA148B62
                                          Function 0026718C Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 296fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00267191
                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,00000001), ref: 002672F1
                                          • CloseHandle.KERNEL32(00000000), ref: 00267301
                                            • Part of subcall function 00267BF5: GetCurrentProcess.KERNEL32(00000020,?), ref: 00267C04
                                            • Part of subcall function 00267BF5: GetLastError.KERNEL32 ref: 00267C4A
                                            • Part of subcall function 00267BF5: CloseHandle.KERNEL32(?), ref: 00267C59
                                          • CreateDirectoryW.KERNEL32(?,00000000,?,00000001), ref: 0026730C
                                          • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 0026741A
                                          • DeviceIoControl.KERNEL32(00000000,000900A4,?,-00000008,00000000,00000000,?,00000000), ref: 00267446
                                          • CloseHandle.KERNEL32(?), ref: 00267457
                                          • GetLastError.KERNEL32 ref: 00267467
                                          • RemoveDirectoryW.KERNEL32(?), ref: 002674B3
                                          • DeleteFileW.KERNEL32(?), ref: 002674DB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: CloseCreateFileHandle$DirectoryErrorLast$ControlCurrentDeleteDeviceH_prologProcessRemove
                                          • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                          • API String ID: 3935142422-3508440684
                                          • Opcode ID: cd07d24127a8121fd9e00dd9605ac3889e70528d34a620db11c279d855856059
                                          • Instruction ID: 465b8d8f29d7d38b76a82102fcc249a09b3d86846d14ff47890cda4511c89821
                                          • Opcode Fuzzy Hash: cd07d24127a8121fd9e00dd9605ac3889e70528d34a620db11c279d855856059
                                          • Instruction Fuzzy Hash: 64B1F671924215ABDF20DF64EC45BEE7778AF04704F044199F949E7181DB34AAA9CF60
                                          Function 00263281 Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 608COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: H_prolog_memcmp
                                          • String ID: CMT$h%u$hc%u
                                          • API String ID: 3004599000-3282847064
                                          • Opcode ID: 9599b3d41d73525500449ad1887fee4bb7d5e98a0c00fa547e959a8f2e26da97
                                          • Instruction ID: 01459504faa684b10299c9e56e0b1d58edaac3df1e55c3286d4e370fa4f3deb1
                                          • Opcode Fuzzy Hash: 9599b3d41d73525500449ad1887fee4bb7d5e98a0c00fa547e959a8f2e26da97
                                          • Instruction Fuzzy Hash: FF32A4715242859FDF14DF74C895AEA37E5AF55300F04447EFD8A8B282DB70AAA8CF60
                                          Function 0028D00E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: __floor_pentium4
                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                          • API String ID: 4168288129-2761157908
                                          • Opcode ID: 5a2291ac6b9399828d85d3259913a41ea199bce8b017390d83baa0b85817c7a9
                                          • Instruction ID: c9b351d6e6b0d4adb7f6cf77409791742634e2c1d533bd7b413a28f43eb54d3f
                                          • Opcode Fuzzy Hash: 5a2291ac6b9399828d85d3259913a41ea199bce8b017390d83baa0b85817c7a9
                                          • Instruction Fuzzy Hash: 67C26C75E2A6298FDF24EE28DD407E9B3B5EB44304F1541EAD80DE7280E774AE958F40
                                          Function 002627E8 Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 794COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 002627F1
                                          • _strlen.LIBCMT ref: 00262D7F
                                            • Part of subcall function 0027137A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0026B652,00000000,?,?,?,00010452), ref: 00271396
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00262EE0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ByteCharH_prologMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                          • String ID: CMT
                                          • API String ID: 1706572503-2756464174
                                          • Opcode ID: 3de93753968a477f98e0ebd5b322418901265dd9cd8fb64115419a689a1e1e17
                                          • Instruction ID: c9cbdfcceb3a1a9d96cc19c6f8b5dc5b256ae0dbf176722c122b690a58d9903f
                                          • Opcode Fuzzy Hash: 3de93753968a477f98e0ebd5b322418901265dd9cd8fb64115419a689a1e1e17
                                          • Instruction Fuzzy Hash: F7623571520685CFDF18DF34C8856EA3BE1EF54300F15457EEC9A9B282DB70A9A9CB60
                                          Function 0028866F Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00288767
                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00288771
                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0028877E
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                          • String ID:
                                          • API String ID: 3906539128-0
                                          • Opcode ID: f0c1ede195153a279a7e0c48cbba1eb3dd76df0ae8fd15f3ffc0449c118dc859
                                          • Instruction ID: d84449c58f79a910ebb8fbae392588a03edea85b75952235df275efe6f631f99
                                          • Opcode Fuzzy Hash: f0c1ede195153a279a7e0c48cbba1eb3dd76df0ae8fd15f3ffc0449c118dc859
                                          • Instruction Fuzzy Hash: 8931D6759112299BCB61DF24DD88B8CBBB8BF08310F5041EAE90CA7290EB349F958F44
                                          Function 0028AAA8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .
                                          • API String ID: 0-248832578
                                          • Opcode ID: ad130e737bd1afc10a3ad52208f630ae2249aadad17627b9a891320bcd23000f
                                          • Instruction ID: f008a4ef9ab3195b238332ee4595297f47c4c453bf7b7bc630a2eaa018f57768
                                          • Opcode Fuzzy Hash: ad130e737bd1afc10a3ad52208f630ae2249aadad17627b9a891320bcd23000f
                                          • Instruction Fuzzy Hash: B131057981120A6FEB24EE78CC84EFB7BBEDB85314F0401AAF51997291EA309D55CB50
                                          Function 0028CB60 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3f40ebe10d214b85774591126f504afcb75e73f030a81f23e755a653bb72e8d1
                                          • Instruction ID: 60b1fd8c6269d4f1dd3700d057e0d6fd38474a86b9396f7a998793ef3aea6597
                                          • Opcode Fuzzy Hash: 3f40ebe10d214b85774591126f504afcb75e73f030a81f23e755a653bb72e8d1
                                          • Instruction Fuzzy Hash: 41025C75E1121A9BDF14DFA9C8806ADFBF1EF88314F25816AE919E7384D730AD11CB90
                                          Function 0027A63C Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0027A662
                                          • GetNumberFormatW.KERNEL32(00000400,00000000,?,0029E600,?,?), ref: 0027A6B1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: FormatInfoLocaleNumber
                                          • String ID:
                                          • API String ID: 2169056816-0
                                          • Opcode ID: c965b8dfab0960c7ed2dfca4269eff69930111700d51ebfec016c130def291c5
                                          • Instruction ID: 4f324ca38f6555cdd4d57bb47b4ba92f257097c41b7a6362a87fd961f18d4660
                                          • Opcode Fuzzy Hash: c965b8dfab0960c7ed2dfca4269eff69930111700d51ebfec016c130def291c5
                                          • Instruction Fuzzy Hash: B6015A36510208BADB10CFA4EC49FAB7BBCEF19710F015523BA1897160D3709A648BA9
                                          Function 00266EC9 Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(0027117C,?,00000200), ref: 00266EC9
                                          • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00266EEA
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ErrorFormatLastMessage
                                          • String ID:
                                          • API String ID: 3479602957-0
                                          • Opcode ID: f9d153a9600eed86ddf25365c6822a63c6747a4573e941b5d588b6cb975af926
                                          • Instruction ID: 7c91318d9ea0db3b702ffefd45c7477b399fdc9324da992522352404befd243f
                                          • Opcode Fuzzy Hash: f9d153a9600eed86ddf25365c6822a63c6747a4573e941b5d588b6cb975af926
                                          • Instruction Fuzzy Hash: 50D0C9353E8302BFEB114A75DC0EF2B7BA4A755B82F208515B356E90E0CAB19464D629
                                          Function 00291194 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0029118F,?,?,00000008,?,?,00290E2F,00000000), ref: 002913C1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ExceptionRaise
                                          • String ID:
                                          • API String ID: 3997070919-0
                                          • Opcode ID: 3ca74114594c8cb63ad1b36ac113fb122e69dae9415910a0d888208ca1eaab21
                                          • Instruction ID: 87617989a48c233a6d4610a04d84094db83dff4cbd1a62db90607cef9e73810a
                                          • Opcode Fuzzy Hash: 3ca74114594c8cb63ad1b36ac113fb122e69dae9415910a0d888208ca1eaab21
                                          • Instruction Fuzzy Hash: F6B1713562060ADFDB15CF29C486B657BF0FF09364F258698E899CF2A1C335D9A1CB40
                                          Function 0026407E Relevance: 1.6, Strings: 1, Instructions: 332COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: gj
                                          • API String ID: 0-4203073231
                                          • Opcode ID: 82e4332bd4fc7482edf02a9bad5c26223f867df67ce201812bb773f4aa6ab67e
                                          • Instruction ID: cd4c1ef011eeee53fa548f54a734c0a6331fd35b33c6aec2f9c9c88fb6682dca
                                          • Opcode Fuzzy Hash: 82e4332bd4fc7482edf02a9bad5c26223f867df67ce201812bb773f4aa6ab67e
                                          • Instruction Fuzzy Hash: 25F1C2B2A083418FD748CF29D880A1AFBE1BFCC208F15896EF598D7711E634E9558F56
                                          Function 0026ACF5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetVersionExW.KERNEL32(?), ref: 0026AD1A
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Version
                                          • String ID:
                                          • API String ID: 1889659487-0
                                          • Opcode ID: 7f70dff55b3fe00cd4be54fdae45fea0ed2af33eb4871376923a950424fed69a
                                          • Instruction ID: ed310a648abf6a81ce84e8f36e9f58c7322664541a705c2fae27bcbe04030e30
                                          • Opcode Fuzzy Hash: 7f70dff55b3fe00cd4be54fdae45fea0ed2af33eb4871376923a950424fed69a
                                          • Instruction Fuzzy Hash: 76F030B491021C8FCB28CF58FC896E973B5F759715F200296D915A3754DB70AD90CE61
                                          Function 0027F063 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetUnhandledExceptionFilter.KERNEL32(Function_0001F070,0027EAC5), ref: 0027F068
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterUnhandled
                                          • String ID:
                                          • API String ID: 3192549508-0
                                          • Opcode ID: 8da0e20779c2e3dd7220514b79f653cbb0a51a96c0274145f9f73d68a1941201
                                          • Instruction ID: 32c4d0a818465aaecd821930d3811910b06074b3e08f6a0e9904bb95783ed2ef
                                          • Opcode Fuzzy Hash: 8da0e20779c2e3dd7220514b79f653cbb0a51a96c0274145f9f73d68a1941201
                                          • Instruction Fuzzy Hash:
                                          Function 0028B710 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: HeapProcess
                                          • String ID:
                                          • API String ID: 54951025-0
                                          • Opcode ID: 148615ab466af01fd4da41aae19165e0216cd7869593bca42662b8b5495fb48e
                                          • Instruction ID: 78c7cd10fd04ac37602317262da7615618c90fc309da401da02223876ce3987a
                                          • Opcode Fuzzy Hash: 148615ab466af01fd4da41aae19165e0216cd7869593bca42662b8b5495fb48e
                                          • Instruction Fuzzy Hash: 9CA001B46012418B9740CF76BA0E6093AADAA46695719826AA509C6171EA2485609F01
                                          Function 00275C77 Relevance: .8, Instructions: 800COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8a6e4fef8a49dcc930715721b7d4fffbd12b6467634e9eef11ded152ea66fbae
                                          • Instruction ID: 5f9fd3766e39bed677715e1cab69388983289b27c530492b3be2b1ef83da342b
                                          • Opcode Fuzzy Hash: 8a6e4fef8a49dcc930715721b7d4fffbd12b6467634e9eef11ded152ea66fbae
                                          • Instruction Fuzzy Hash: CA621731624B858FCB29CF38C8946B9BBE1AF55304F08C56DD8AE8B742D774E965CB10
                                          Function 002770BF Relevance: .8, Instructions: 773COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 575a8806441ce9a72c04ae9113137d22797e0c306676329538b0a0bf3ae15e30
                                          • Instruction ID: 69fcafeee8226bf11610cebd1d91c385ce13040bf3d48f87a394581749824a1f
                                          • Opcode Fuzzy Hash: 575a8806441ce9a72c04ae9113137d22797e0c306676329538b0a0bf3ae15e30
                                          • Instruction Fuzzy Hash: 206213706287869FC719CF28C8906B9FBE1BF55308F14C66DD9AA87742D730E965CB80
                                          Function 0026ED14 Relevance: .7, Instructions: 694COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5448180e84c52624f7729a892eb382d9b2428a7fa06f80140d36ae3f2e7eaf5
                                          • Instruction ID: 17095d1d6903ceaf6affc7c87b8107af0d1908ba8030497e4e925fb166bf2dfb
                                          • Opcode Fuzzy Hash: d5448180e84c52624f7729a892eb382d9b2428a7fa06f80140d36ae3f2e7eaf5
                                          • Instruction Fuzzy Hash: 71524B726187018FC718CF19C891A6AF7E1FFCC304F498A2DE9859B245D734EA19CB86
                                          Function 00276A7B Relevance: .5, Instructions: 509COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 17866be0ab458d1b9e7ce6092f5549755b40dd3e0fa0b6bb5c6061b2986b8b8e
                                          • Instruction ID: cd70f54e4955ea1eaa70dfef8396bf5aaffaba3712ab2e6bb026f43c6a772749
                                          • Opcode Fuzzy Hash: 17866be0ab458d1b9e7ce6092f5549755b40dd3e0fa0b6bb5c6061b2986b8b8e
                                          • Instruction Fuzzy Hash: CB12E6B1624B068FC728CF28C8D47B9B7E0FB55308F14892ED59BC7A81D774A8A5CB45
                                          Function 0026BE13 Relevance: .4, Instructions: 449COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f55faad0b2ba0a3330763efcc059673c3474f75b74fad4728d756f4c97647daa
                                          • Instruction ID: b6d337735b01dcd100fea8c11b282926843c61da1fd5562c11eb21a41a9af7fb
                                          • Opcode Fuzzy Hash: f55faad0b2ba0a3330763efcc059673c3474f75b74fad4728d756f4c97647daa
                                          • Instruction Fuzzy Hash: B0F1AC716283018FC718EF28C484A6ABBE5EFC9314F648A2EF4D597351D730E9A58F52
                                          Function 00280B43 Relevance: .3, Instructions: 345COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                          • Instruction ID: abf07bd973d51604b0f7fe08be3eeed587f1f4c0217de763523611e088146d73
                                          • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                          • Instruction Fuzzy Hash: BFC1953A2270930ADFAD9A3985B443FFAA15AA27B131A075DD4B2CB1D5FE20D53CD710
                                          Function 00280F78 Relevance: .3, Instructions: 341COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                          • Instruction ID: 264a4c8d699ab7e5faa7cf5264991c2626d5a38f6b3c249abe20a39f0d99df0b
                                          • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                          • Instruction Fuzzy Hash: 2AC1C63A2260930ADF6D9A39857443FFAA55AA27B131A076DD8B3CB0D4FE10D539D720
                                          Function 0028070E Relevance: .3, Instructions: 331COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                          • Instruction ID: fc765407a9a332f5c757012a55e45b50353739f62060e623e6e1ad978e0037a1
                                          • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                          • Instruction Fuzzy Hash: CDC1A43A2261530ADFAD9A3985B443FFAA15EA17B131A036DD4B2CB0D1FE10D578DB10
                                          Function 00276646 Relevance: .3, Instructions: 325COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: H_prolog
                                          • String ID:
                                          • API String ID: 3519838083-0
                                          • Opcode ID: f1e0d6464ba3c3f5f7776ce64e081966dca76f80a01a59f5b24d891cd7b57949
                                          • Instruction ID: 13027833bf4fabc60554494c0f2387647b5d866757fa93bb5f08723edac2b2bf
                                          • Opcode Fuzzy Hash: f1e0d6464ba3c3f5f7776ce64e081966dca76f80a01a59f5b24d891cd7b57949
                                          • Instruction Fuzzy Hash: 39D12CB1A147428FDB14CF28C88875BBBE4FF55308F08856DE9489B642D734ED68CB96
                                          Function 002802F6 Relevance: .3, Instructions: 323COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                          • Instruction ID: 3c6bb9db827f06fbf7cfb99bf92d640eec6f5ec2f0f376f62f71dc10cf0f1adc
                                          • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                          • Instruction Fuzzy Hash: AFC1B63A2261530ADFAD9A3985B443FFAA15AA17B131A076DD4B3CB1D4FE10D53CDB20
                                          Function 0026E2A0 Relevance: .3, Instructions: 318COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f1e4acb664876439683a844f7e4e8b0217e40e4dda3d760f72b3a9083de118ed
                                          • Instruction ID: 53fd985840fb8d2707a1287ba564782e2452f4b2b7238e5150220d2836e92290
                                          • Opcode Fuzzy Hash: f1e4acb664876439683a844f7e4e8b0217e40e4dda3d760f72b3a9083de118ed
                                          • Instruction Fuzzy Hash: B4E136745183948FC304CF29E89496BBBF1AF8A300F89095EF9D587352C735EA19DB62
                                          Function 00273A3C Relevance: .3, Instructions: 263COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4b6a3d46f10441a3051e9d0d7f9b8667803012905bf4d198d95ae77b69715ff4
                                          • Instruction ID: 5f12bd9662b13b39aec4f0d92a8cf281281076831afd0bb4377d6e49430b400b
                                          • Opcode Fuzzy Hash: 4b6a3d46f10441a3051e9d0d7f9b8667803012905bf4d198d95ae77b69715ff4
                                          • Instruction Fuzzy Hash: 5C918E702243498BD725EF64C8D1BBEB3D5FB80304F10892DE59B97282DB749764EB42
                                          Function 00284969 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ce0f6c0436bc9080f0c01ca9e6a539402e5722a03f18cd0fefc91404fda0550
                                          • Instruction ID: 800766a297d4c2268adbe2b469baa03ecc929167906ccde2fb8be12ff391f885
                                          • Opcode Fuzzy Hash: 7ce0f6c0436bc9080f0c01ca9e6a539402e5722a03f18cd0fefc91404fda0550
                                          • Instruction Fuzzy Hash: 29617A7D6B270B97DE3CBD288865BBF2388EB01704F14061AE882DF2C1D551EE718759
                                          Function 00273D6D Relevance: .2, Instructions: 232COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2fa2980f550074fd9d5fffc8fceb723f20dffd391df208c388f2810114909e4d
                                          • Instruction ID: 9c094eadc2b46017a14732386ca954b3654bdea1d017ff15705f44a15c48fa9c
                                          • Opcode Fuzzy Hash: 2fa2980f550074fd9d5fffc8fceb723f20dffd391df208c388f2810114909e4d
                                          • Instruction Fuzzy Hash: C07140717243464BDB34DE28C8C1BAD77E4AF90304F00892DE5CE8B682DB749AD59B52
                                          Function 0028473A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d25a7c413b64cc1c4dee81fed1a27e24b1c019bc61537549567cd7e8aefb3c1
                                          • Instruction ID: ca41463cdba247afb107f65c96aedde273a6e6a026935af6fffc8cebc3981619
                                          • Opcode Fuzzy Hash: 1d25a7c413b64cc1c4dee81fed1a27e24b1c019bc61537549567cd7e8aefb3c1
                                          • Instruction Fuzzy Hash: AB51757C633A8757DB34BD288C55BBFA7899B13300F18050AE982DB2C2C354DD318756
                                          Function 0026DE6C Relevance: .2, Instructions: 190COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 23b00c05cd085263c028c622e48b1cc33983ef3b79d1044695b748fcbbf3e398
                                          • Instruction ID: 7a1e1854108fbfaff32db7b84bf70d60363438a1032bbf185d782091f23aa55f
                                          • Opcode Fuzzy Hash: 23b00c05cd085263c028c622e48b1cc33983ef3b79d1044695b748fcbbf3e398
                                          • Instruction Fuzzy Hash: 1381618162D6E49FCB164F7D3CA82F63FA15733340F1D40AAC4C5862A3C97649A8E721
                                          Function 0026E8A0 Relevance: .2, Instructions: 154COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a6e0fef79bc8c5ad96c4410e352f2b23a43c767b1b7a649024e0c8287241a8d6
                                          • Instruction ID: 3b717774c04648191bd3c0bbf2d54c8732cc2f8e251cbca0f6803ee302a3225f
                                          • Opcode Fuzzy Hash: a6e0fef79bc8c5ad96c4410e352f2b23a43c767b1b7a649024e0c8287241a8d6
                                          • Instruction Fuzzy Hash: 7E51D0385093D24FCB12CF24918446FBFE1BEDA314F5A48AEE4D54B212D330DA99CB92
                                          Function 0026F968 Relevance: .1, Instructions: 131COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4bd0afa224b27a4e60fedaaf2f9aa986394cefc9e6230ec8f6f954d658392924
                                          • Instruction ID: 50963b29f73b6e00f8abbc37780fb6a19f0fd8f2b4dc39a424a237d91dd6a9c4
                                          • Opcode Fuzzy Hash: 4bd0afa224b27a4e60fedaaf2f9aa986394cefc9e6230ec8f6f954d658392924
                                          • Instruction Fuzzy Hash: DA512771A083118BC748CF19D48055AF7E1FF88354F058A2EE899A7741D734E959CB9A
                                          Function 002737C1 Relevance: .1, Instructions: 112COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 680dd35d5b71cc1049d84931067584ed44f7cee91fcb56c6d02cf908e44fe073
                                          • Instruction ID: 89ec14d271c94b6e8d28b74d696b4d8178f71d9da385dda60fef5869303e5bbd
                                          • Opcode Fuzzy Hash: 680dd35d5b71cc1049d84931067584ed44f7cee91fcb56c6d02cf908e44fe073
                                          • Instruction Fuzzy Hash: 0F31A4B16247468FC714DE28C85126EFBE0FB95300F14892DE499D7742C735EA6ACF92
                                          Function 00265F3C Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f08e180a0ff5af0a2d51327f4664df1e6152955e185a6600bedb1c70c109529b
                                          • Instruction ID: 3cab8aaf3110b93e72b27b39f5fd11f381db1fc735b900ffd6eee43a8eb88e19
                                          • Opcode Fuzzy Hash: f08e180a0ff5af0a2d51327f4664df1e6152955e185a6600bedb1c70c109529b
                                          • Instruction Fuzzy Hash: C021C832A201724BCB88CF2EECD44367795A787311746812FEE46CB2D1C534ED65C7A0
                                          Function 0026DA98 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 236COMMON
                                          Download Yara Rule
                                          APIs
                                          • _swprintf.LIBCMT ref: 0026DABE
                                            • Part of subcall function 0026400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0026401D
                                            • Part of subcall function 00271596: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,002A0EE8,00000200,0026D202,00000000,?,00000050,002A0EE8), ref: 002715B3
                                          • _strlen.LIBCMT ref: 0026DADF
                                          • SetDlgItemTextW.USER32(?,0029E154,?), ref: 0026DB3F
                                          • GetWindowRect.USER32(?,?), ref: 0026DB79
                                          • GetClientRect.USER32(?,?), ref: 0026DB85
                                          • GetWindowLongW.USER32(?,000000F0), ref: 0026DC25
                                          • GetWindowRect.USER32(?,?), ref: 0026DC52
                                          • SetWindowTextW.USER32(?,?), ref: 0026DC95
                                          • GetSystemMetrics.USER32(00000008), ref: 0026DC9D
                                          • GetWindow.USER32(?,00000005), ref: 0026DCA8
                                          • GetWindowRect.USER32(00000000,?), ref: 0026DCD5
                                          • GetWindow.USER32(00000000,00000002), ref: 0026DD47
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                          • String ID: $%s:$CAPTION$T)$d
                                          • API String ID: 2407758923-4047969145
                                          • Opcode ID: 38b47d96b5d480b04778aa4a1068a40d3fedf0007836c5c716d16d6c9f51b8f3
                                          • Instruction ID: 646e9341c022b1ca19eef4b5769a15ea2e0065ae18846ee2ccedc44997e83297
                                          • Opcode Fuzzy Hash: 38b47d96b5d480b04778aa4a1068a40d3fedf0007836c5c716d16d6c9f51b8f3
                                          • Instruction Fuzzy Hash: 0E81B272618305AFD710DF68DD88F6BBBE9EB88704F04092DFA88D3251D670E859CB52
                                          Function 0028C233 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • ___free_lconv_mon.LIBCMT ref: 0028C277
                                            • Part of subcall function 0028BE12: _free.LIBCMT ref: 0028BE2F
                                            • Part of subcall function 0028BE12: _free.LIBCMT ref: 0028BE41
                                            • Part of subcall function 0028BE12: _free.LIBCMT ref: 0028BE53
                                            • Part of subcall function 0028BE12: _free.LIBCMT ref: 0028BE65
                                            • Part of subcall function 0028BE12: _free.LIBCMT ref: 0028BE77
                                            • Part of subcall function 0028BE12: _free.LIBCMT ref: 0028BE89
                                            • Part of subcall function 0028BE12: _free.LIBCMT ref: 0028BE9B
                                            • Part of subcall function 0028BE12: _free.LIBCMT ref: 0028BEAD
                                            • Part of subcall function 0028BE12: _free.LIBCMT ref: 0028BEBF
                                            • Part of subcall function 0028BE12: _free.LIBCMT ref: 0028BED1
                                            • Part of subcall function 0028BE12: _free.LIBCMT ref: 0028BEE3
                                            • Part of subcall function 0028BE12: _free.LIBCMT ref: 0028BEF5
                                            • Part of subcall function 0028BE12: _free.LIBCMT ref: 0028BF07
                                          • _free.LIBCMT ref: 0028C26C
                                            • Part of subcall function 002884DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0028BFA7,00293958,00000000,00293958,00000000,?,0028BFCE,00293958,00000007,00293958,?,0028C3CB,00293958), ref: 002884F4
                                            • Part of subcall function 002884DE: GetLastError.KERNEL32(00293958,?,0028BFA7,00293958,00000000,00293958,00000000,?,0028BFCE,00293958,00000007,00293958,?,0028C3CB,00293958,00293958), ref: 00288506
                                          • _free.LIBCMT ref: 0028C28E
                                          • _free.LIBCMT ref: 0028C2A3
                                          • _free.LIBCMT ref: 0028C2AE
                                          • _free.LIBCMT ref: 0028C2D0
                                          • _free.LIBCMT ref: 0028C2E3
                                          • _free.LIBCMT ref: 0028C2F1
                                          • _free.LIBCMT ref: 0028C2FC
                                          • _free.LIBCMT ref: 0028C334
                                          • _free.LIBCMT ref: 0028C33B
                                          • _free.LIBCMT ref: 0028C358
                                          • _free.LIBCMT ref: 0028C370
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                          • String ID: P)
                                          • API String ID: 161543041-2918619148
                                          • Opcode ID: cf1611061894a3052bc2ec454dacdefe81a8ff4fd7108f5b4064440a300d7fb0
                                          • Instruction ID: c4027217646e47259bfd3b166dbf32444146197303d2dfad559bc320f8ef370b
                                          • Opcode Fuzzy Hash: cf1611061894a3052bc2ec454dacdefe81a8ff4fd7108f5b4064440a300d7fb0
                                          • Instruction Fuzzy Hash: 55318B3A6222069FEB21BE78D945B5A73E9FF00310F60846AF448D75D1EF31BC618B60
                                          Function 0027CD2E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetWindow.USER32(?,00000005), ref: 0027CD51
                                          • GetClassNameW.USER32(00000000,?,00000800), ref: 0027CD7D
                                            • Part of subcall function 002717AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,0026BB05,00000000,.exe,?,?,00000800,?,?,002785DF,?), ref: 002717C2
                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 0027CD99
                                          • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 0027CDB0
                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 0027CDC4
                                          • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 0027CDED
                                          • DeleteObject.GDI32(00000000), ref: 0027CDF4
                                          • GetWindow.USER32(00000000,00000002), ref: 0027CDFD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                          • String ID: STATIC
                                          • API String ID: 3820355801-1882779555
                                          • Opcode ID: 064daa7e2d275f1a8382c9c01191e5898e69d178b6d72f98ce7900e3c92ff933
                                          • Instruction ID: c18058391ad53662b0aa0f8cc37b68b5dd8756d453527c122affc3d82ed0ea64
                                          • Opcode Fuzzy Hash: 064daa7e2d275f1a8382c9c01191e5898e69d178b6d72f98ce7900e3c92ff933
                                          • Instruction Fuzzy Hash: 0A112732150311FBE6306B70AC0DFAF365CAF55740F108025FA4EA1192CE7089298AA4
                                          Function 00288EB1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00288EC5
                                            • Part of subcall function 002884DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0028BFA7,00293958,00000000,00293958,00000000,?,0028BFCE,00293958,00000007,00293958,?,0028C3CB,00293958), ref: 002884F4
                                            • Part of subcall function 002884DE: GetLastError.KERNEL32(00293958,?,0028BFA7,00293958,00000000,00293958,00000000,?,0028BFCE,00293958,00000007,00293958,?,0028C3CB,00293958,00293958), ref: 00288506
                                          • _free.LIBCMT ref: 00288ED1
                                          • _free.LIBCMT ref: 00288EDC
                                          • _free.LIBCMT ref: 00288EE7
                                          • _free.LIBCMT ref: 00288EF2
                                          • _free.LIBCMT ref: 00288EFD
                                          • _free.LIBCMT ref: 00288F08
                                          • _free.LIBCMT ref: 00288F13
                                          • _free.LIBCMT ref: 00288F1E
                                          • _free.LIBCMT ref: 00288F2C
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 9fd6a978734a09f93d5b2a11f5b95cad6a3769b919611a792301fa214974569a
                                          • Instruction ID: f2f0478c7604b4decd16f86065eb4789f52e84cac29084f7c492d203d60ffc6a
                                          • Opcode Fuzzy Hash: 9fd6a978734a09f93d5b2a11f5b95cad6a3769b919611a792301fa214974569a
                                          • Instruction Fuzzy Hash: 0511747A52110DAFCB11FF54C942CDA3BA5FF04350B9141A5BA088B6A6EA31EE61DF80
                                          Function 00262162 Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 480COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ;%u$x%u$xc%u
                                          • API String ID: 0-2277559157
                                          • Opcode ID: 6ea8e7b39355e5049ae01479ad4f7f89aa497ebbfb4fe76e5a6217d2d6ec5615
                                          • Instruction ID: 8eb8b233c57849099003198f5e2e4b81719b989bcf218d351f3daa95fc47fa66
                                          • Opcode Fuzzy Hash: 6ea8e7b39355e5049ae01479ad4f7f89aa497ebbfb4fe76e5a6217d2d6ec5615
                                          • Instruction Fuzzy Hash: A3F14970624781DBDB15EE34C895BFE7799AFD4300F084469F8858B283DA6499ECCBA1
                                          Function 0027ACD0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0026130B: GetDlgItem.USER32(00000000,00003021), ref: 0026134F
                                            • Part of subcall function 0026130B: SetWindowTextW.USER32(00000000,002935B4), ref: 00261365
                                          • EndDialog.USER32(?,00000001), ref: 0027AD20
                                          • SendMessageW.USER32(?,00000080,00000001,?), ref: 0027AD47
                                          • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 0027AD60
                                          • SetWindowTextW.USER32(?,?), ref: 0027AD71
                                          • GetDlgItem.USER32(?,00000065), ref: 0027AD7A
                                          • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 0027AD8E
                                          • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0027ADA4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: MessageSend$Item$TextWindow$Dialog
                                          • String ID: LICENSEDLG
                                          • API String ID: 3214253823-2177901306
                                          • Opcode ID: 762f85c58ee3da9bc35d8c9d93f68d79bf22772ebc227e5be9b4af455fb54450
                                          • Instruction ID: 016a7644d4f71cccc459f5d603e2ff633b728093e375545a8bd5b9a4a9bcc787
                                          • Opcode Fuzzy Hash: 762f85c58ee3da9bc35d8c9d93f68d79bf22772ebc227e5be9b4af455fb54450
                                          • Instruction Fuzzy Hash: EE21E432264205BBD6315F21FC4DE7F3F6CEB9AB56F014015F209A24A0CEA25925DA32
                                          Function 00269443 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00269448
                                          • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 0026946B
                                          • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 0026948A
                                            • Part of subcall function 002717AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,0026BB05,00000000,.exe,?,?,00000800,?,?,002785DF,?), ref: 002717C2
                                          • _swprintf.LIBCMT ref: 00269526
                                            • Part of subcall function 0026400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0026401D
                                          • MoveFileW.KERNEL32(?,?), ref: 00269595
                                          • MoveFileW.KERNEL32(?,?), ref: 002695D5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf
                                          • String ID: rtmp%d
                                          • API String ID: 2111052971-3303766350
                                          • Opcode ID: 2cdd04252e9b2633fa75f2f6c753b17224b550bad4c9e23d632b1698f3701bf6
                                          • Instruction ID: 8427a0cb42f3c7d587219d44544fef0fe9f8405f97a18fa5a6f8a462aa6c5dad
                                          • Opcode Fuzzy Hash: 2cdd04252e9b2633fa75f2f6c753b17224b550bad4c9e23d632b1698f3701bf6
                                          • Instruction Fuzzy Hash: 13413E71920259A6CF20EF64CD85AEA777CAF15380F0444E6B549E3042EF749BE9CE64
                                          Function 00288FA5 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,002A0EE8,00283E14,002A0EE8,?,?,00283713,00000050,?,002A0EE8,00000200), ref: 00288FA9
                                          • _free.LIBCMT ref: 00288FDC
                                          • _free.LIBCMT ref: 00289004
                                          • SetLastError.KERNEL32(00000000,?,002A0EE8,00000200), ref: 00289011
                                          • SetLastError.KERNEL32(00000000,?,002A0EE8,00000200), ref: 0028901D
                                          • _abort.LIBCMT ref: 00289023
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ErrorLast$_free$_abort
                                          • String ID: X)
                                          • API String ID: 3160817290-2642858957
                                          • Opcode ID: a9db273a1e17924977d6f5609b333b7c241c933cd78fdb3af6a679ab71fe4188
                                          • Instruction ID: bc0694bbdbe67be73b120197df56f5d7089b90ff0a2126eb121d253f24f3056b
                                          • Opcode Fuzzy Hash: a9db273a1e17924977d6f5609b333b7c241c933cd78fdb3af6a679ab71fe4188
                                          • Instruction Fuzzy Hash: A6F0493E5375116AC6117B243C0AB3B192E5BD1360BA50116F505D25D2EE20D8319B15
                                          Function 00270A8A Relevance: 12.1, APIs: 8, Instructions: 115timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • __aulldiv.LIBCMT ref: 00270A9D
                                            • Part of subcall function 0026ACF5: GetVersionExW.KERNEL32(?), ref: 0026AD1A
                                          • FileTimeToLocalFileTime.KERNEL32(?,00000001,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00270AC0
                                          • FileTimeToSystemTime.KERNEL32(?,?,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00270AD2
                                          • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00270AE3
                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00270AF3
                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00270B03
                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00270B3D
                                          • __aullrem.LIBCMT ref: 00270BCB
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                          • String ID:
                                          • API String ID: 1247370737-0
                                          • Opcode ID: 9487686e94739daa3779727161c1519546f2c5b40ac3c4c2cb2d8d1a6617230c
                                          • Instruction ID: 466cbd507d0e83232904b72ab8df028ec4e3d70de4c501235a23871c82be7654
                                          • Opcode Fuzzy Hash: 9487686e94739daa3779727161c1519546f2c5b40ac3c4c2cb2d8d1a6617230c
                                          • Instruction Fuzzy Hash: 344119B1408306DFC710DF65C88496BF7F8FB88718F008A2EF59692650E775E659CB61
                                          Function 0028EE2D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,0028F5A2,?,00000000,?,00000000,00000000), ref: 0028EE6F
                                          • __fassign.LIBCMT ref: 0028EEEA
                                          • __fassign.LIBCMT ref: 0028EF05
                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 0028EF2B
                                          • WriteFile.KERNEL32(?,?,00000000,0028F5A2,00000000,?,?,?,?,?,?,?,?,?,0028F5A2,?), ref: 0028EF4A
                                          • WriteFile.KERNEL32(?,?,00000001,0028F5A2,00000000,?,?,?,?,?,?,?,?,?,0028F5A2,?), ref: 0028EF83
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                          • String ID:
                                          • API String ID: 1324828854-0
                                          • Opcode ID: 6638186eb184a7b8990e421170e479c9c40087a46dac06b8d5070bd3da86cd17
                                          • Instruction ID: 47e55987becfb0246ac7c1107d23f5f3921b562109d376b7aa6e914efc15c875
                                          • Opcode Fuzzy Hash: 6638186eb184a7b8990e421170e479c9c40087a46dac06b8d5070bd3da86cd17
                                          • Instruction Fuzzy Hash: 51512674A112099FDF10DFA8DC85AEEBBF9EF19310F15411AE915E72D1E730A960CB60
                                          Function 0027C534 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTempPathW.KERNEL32(00000800,?), ref: 0027C54A
                                          • _swprintf.LIBCMT ref: 0027C57E
                                            • Part of subcall function 0026400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0026401D
                                          • SetDlgItemTextW.USER32(?,00000066,002A946A), ref: 0027C59E
                                          • _wcschr.LIBVCRUNTIME ref: 0027C5D1
                                          • EndDialog.USER32(?,00000001), ref: 0027C6B2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr
                                          • String ID: %s%s%u
                                          • API String ID: 2892007947-1360425832
                                          • Opcode ID: 387a0c466f7b98a7b365da18f033d66f3b18efbf896730bb96aa689603c68b82
                                          • Instruction ID: aedbc61ccb0bf70c8fb8298ebf63f77e9d6772faccc31a58781414b433b07232
                                          • Opcode Fuzzy Hash: 387a0c466f7b98a7b365da18f033d66f3b18efbf896730bb96aa689603c68b82
                                          • Instruction Fuzzy Hash: A341B371920618AADF26DFA0DC85EDA77BCEF49705F1080A6E50DE6060EB719BD4CF50
                                          Function 00278E62 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 125memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00278F38
                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00278F59
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AllocByteCharGlobalMultiWide
                                          • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                          • API String ID: 3286310052-4209811716
                                          • Opcode ID: fdcc4556970507e2fa31e928b6deedf5d4dad079e8ac6a4b4c38024afc8c8865
                                          • Instruction ID: c861e454fa0a39d8d1cf729d431542be8e59a2fe2a546f30d754f3baa22267fa
                                          • Opcode Fuzzy Hash: fdcc4556970507e2fa31e928b6deedf5d4dad079e8ac6a4b4c38024afc8c8865
                                          • Instruction Fuzzy Hash: 21319D355683027BDB20BF309C4AFAF7758DF42720F50801AF809961D2EF749A2987A2
                                          Function 00279635 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108COMMON
                                          Download Yara Rule
                                          APIs
                                          • ShowWindow.USER32(?,00000000), ref: 0027964E
                                          • GetWindowRect.USER32(?,00000000), ref: 00279693
                                          • ShowWindow.USER32(?,00000005,00000000), ref: 0027972A
                                          • SetWindowTextW.USER32(?,00000000), ref: 00279732
                                          • ShowWindow.USER32(00000000,00000005), ref: 00279748
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Window$Show$RectText
                                          • String ID: RarHtmlClassName
                                          • API String ID: 3937224194-1658105358
                                          • Opcode ID: 808aee0b1569a66bd0772eddbdb797f8a6efae4e5cc3397d798aedf41032218d
                                          • Instruction ID: 1c90f3ae0043a5dadb854bab7dcd078bfdebea30c7085d1744356f62ee5f85eb
                                          • Opcode Fuzzy Hash: 808aee0b1569a66bd0772eddbdb797f8a6efae4e5cc3397d798aedf41032218d
                                          • Instruction Fuzzy Hash: 1631AE71014310EFDB119F64AC4CF6BBBA8EB48701F048559FA4DAA262CB74D9A9CF61
                                          Function 0028BFB5 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0028BF79: _free.LIBCMT ref: 0028BFA2
                                          • _free.LIBCMT ref: 0028C003
                                            • Part of subcall function 002884DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0028BFA7,00293958,00000000,00293958,00000000,?,0028BFCE,00293958,00000007,00293958,?,0028C3CB,00293958), ref: 002884F4
                                            • Part of subcall function 002884DE: GetLastError.KERNEL32(00293958,?,0028BFA7,00293958,00000000,00293958,00000000,?,0028BFCE,00293958,00000007,00293958,?,0028C3CB,00293958,00293958), ref: 00288506
                                          • _free.LIBCMT ref: 0028C00E
                                          • _free.LIBCMT ref: 0028C019
                                          • _free.LIBCMT ref: 0028C06D
                                          • _free.LIBCMT ref: 0028C078
                                          • _free.LIBCMT ref: 0028C083
                                          • _free.LIBCMT ref: 0028C08E
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 11f2a1bb5d4160fb08a4b7348739aee2344f3630d5c617e2ee7e867637fc9caa
                                          • Instruction ID: 6cdaa5e9cc407d5cefc390ece10bd1ef5db3f8816950aa94ff9497b49f092a20
                                          • Opcode Fuzzy Hash: 11f2a1bb5d4160fb08a4b7348739aee2344f3630d5c617e2ee7e867637fc9caa
                                          • Instruction Fuzzy Hash: 14113076552B44F6D621BBB0CC07FCBB79D6F10700F408819B29966CD2DB65F9248F94
                                          Function 002820CA Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,?,002820C1,0027FB12), ref: 002820D8
                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 002820E6
                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 002820FF
                                          • SetLastError.KERNEL32(00000000,?,002820C1,0027FB12), ref: 00282151
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ErrorLastValue___vcrt_
                                          • String ID:
                                          • API String ID: 3852720340-0
                                          • Opcode ID: 2a5160f13044be1ef5e0b2131a239ffe3f73f8759b714eedd0159d99b49d518a
                                          • Instruction ID: add928016de3b40b9dcf4dbc417d5f68be44048003ecc36f0a6b3d4f810a3ebe
                                          • Opcode Fuzzy Hash: 2a5160f13044be1ef5e0b2131a239ffe3f73f8759b714eedd0159d99b49d518a
                                          • Instruction Fuzzy Hash: B901D83A13B312EEAA547FB5BC8D5262A4CEB21B70732062BF224550E2EE514C259B44
                                          Function 00289029 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(?,002A0EE8,00000200,0028895F,002858FE,?,?,?,?,0026D25E,?,02FB3708,00000063,00000004,0026CFE0,?), ref: 0028902E
                                          • _free.LIBCMT ref: 00289063
                                          • _free.LIBCMT ref: 0028908A
                                          • SetLastError.KERNEL32(00000000,00293958,00000050,002A0EE8), ref: 00289097
                                          • SetLastError.KERNEL32(00000000,00293958,00000050,002A0EE8), ref: 002890A0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ErrorLast$_free
                                          • String ID: X)
                                          • API String ID: 3170660625-2642858957
                                          • Opcode ID: 01ab540c16dcf5b0ecf3113c0eb1538d2607d970c98b871eb36acfe701f8c762
                                          • Instruction ID: 640af9a48bc1839fc2b150321a211e731a32e998d777dbfe8c23cff9840339c8
                                          • Opcode Fuzzy Hash: 01ab540c16dcf5b0ecf3113c0eb1538d2607d970c98b871eb36acfe701f8c762
                                          • Instruction Fuzzy Hash: CE01443E533B112A8722BB347C8993B262D9BD1372729012AF405922D2EF708CB18720
                                          Function 0027DC9A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                          • API String ID: 0-1718035505
                                          • Opcode ID: d4990ed090e93abc496187790f51547eb0208c4f82731fcfd477e490bc26eb9f
                                          • Instruction ID: 6e63b8b69a0aa7914e36a702910cb180017eb2e84cac0b6373c36edb840960ba
                                          • Opcode Fuzzy Hash: d4990ed090e93abc496187790f51547eb0208c4f82731fcfd477e490bc26eb9f
                                          • Instruction Fuzzy Hash: 8B01CD727717239B4F725F746CC96A617B49E42312320957FE609D3210EAB2C961D7A0
                                          Function 00288060 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 30COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 0028807E
                                            • Part of subcall function 002884DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0028BFA7,00293958,00000000,00293958,00000000,?,0028BFCE,00293958,00000007,00293958,?,0028C3CB,00293958), ref: 002884F4
                                            • Part of subcall function 002884DE: GetLastError.KERNEL32(00293958,?,0028BFA7,00293958,00000000,00293958,00000000,?,0028BFCE,00293958,00000007,00293958,?,0028C3CB,00293958,00293958), ref: 00288506
                                          • _free.LIBCMT ref: 00288090
                                          • _free.LIBCMT ref: 002880A3
                                          • _free.LIBCMT ref: 002880B4
                                          • _free.LIBCMT ref: 002880C5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID: )
                                          • API String ID: 776569668-1411676355
                                          • Opcode ID: 8ded580d95c44fc663cc4cf905b3f5d7797d7bc3fb420014000e19a8f4af108d
                                          • Instruction ID: e8f745c54f7a0c00ca6fd9f44e959fc57fe0a2c867e5c5c669ac7ff731d38801
                                          • Opcode Fuzzy Hash: 8ded580d95c44fc663cc4cf905b3f5d7797d7bc3fb420014000e19a8f4af108d
                                          • Instruction Fuzzy Hash: 18F03A7E822125CB9B11BF16BC0A8153B69FB16720359460AF80497BB2EB3118719FD2
                                          Function 00270CBE Relevance: 9.1, APIs: 6, Instructions: 94timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00270D0D
                                            • Part of subcall function 0026ACF5: GetVersionExW.KERNEL32(?), ref: 0026AD1A
                                          • LocalFileTimeToFileTime.KERNEL32(?,00270CB8), ref: 00270D31
                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00270D47
                                          • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00270D56
                                          • SystemTimeToFileTime.KERNEL32(?,00270CB8), ref: 00270D64
                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00270D72
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Time$File$System$Local$SpecificVersion
                                          • String ID:
                                          • API String ID: 2092733347-0
                                          • Opcode ID: 1949f823164570ee1b1390cbefa4c5c1fcadfb9b53ebb8da9bb96c75f5430e1b
                                          • Instruction ID: fdd12c51ff06d02874db94bf7f7c05047a2f08ade7cd80f47c7d46f45ffc5efc
                                          • Opcode Fuzzy Hash: 1949f823164570ee1b1390cbefa4c5c1fcadfb9b53ebb8da9bb96c75f5430e1b
                                          • Instruction Fuzzy Hash: 4D31F97A91020AEBCB10DFE5D8859EFFBBCFF58700B04456AE955E3210E730AA55CB64
                                          Function 002791B0 Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: _memcmp
                                          • String ID:
                                          • API String ID: 2931989736-0
                                          • Opcode ID: 87eb7422adc9f78abca4122b49bc26b300a50532a7e35b30a8eb5c21aa1b81fa
                                          • Instruction ID: 59cf4a6e7c4ff89a089ffa85847814b923c3a1dcd917b7b52ffb015e161156ef
                                          • Opcode Fuzzy Hash: 87eb7422adc9f78abca4122b49bc26b300a50532a7e35b30a8eb5c21aa1b81fa
                                          • Instruction Fuzzy Hash: BB21927162420FBBDB15AF10CD82E3B77ADEB52784B10C129FC0D9B202E270EDA59790
                                          Function 0027D2E6 Relevance: 9.0, APIs: 6, Instructions: 43windowsynchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0027D2F2
                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0027D30C
                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0027D31D
                                          • TranslateMessage.USER32(?), ref: 0027D327
                                          • DispatchMessageW.USER32(?), ref: 0027D331
                                          • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0027D33C
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                          • String ID:
                                          • API String ID: 2148572870-0
                                          • Opcode ID: ed1d258865f215f5aa09af104522cd2f50d270e426d3bdf164e9af630581f5fe
                                          • Instruction ID: 3ade7254420960ed0ed6f24d885a1215dc90be1a75d6834004ad7a399b003e0d
                                          • Opcode Fuzzy Hash: ed1d258865f215f5aa09af104522cd2f50d270e426d3bdf164e9af630581f5fe
                                          • Instruction Fuzzy Hash: CDF0EC72A01219ABCB209FA5EC4CEDBBF7DEF52791F048012F64AD2050DA359555CBE1
                                          Function 0027C40E Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON
                                          Download Yara Rule
                                          APIs
                                          • _wcschr.LIBVCRUNTIME ref: 0027C435
                                            • Part of subcall function 002717AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,0026BB05,00000000,.exe,?,?,00000800,?,?,002785DF,?), ref: 002717C2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: CompareString_wcschr
                                          • String ID: <$HIDE$MAX$MIN
                                          • API String ID: 2548945186-3358265660
                                          • Opcode ID: 06e6a2ed6f01fa050639787f3d65c1b994b8bb3d52309473a503b5f3832143c5
                                          • Instruction ID: a0c36ab2ffb61d92b3eba58da141038c0c3dd3ebd2a476e205b9227bd0a16dcb
                                          • Opcode Fuzzy Hash: 06e6a2ed6f01fa050639787f3d65c1b994b8bb3d52309473a503b5f3832143c5
                                          • Instruction Fuzzy Hash: 0431A476920619AADF25DE64DC51EEF77BCEB14300F10806AF90C92090EBB09AE48B60
                                          Function 0027A990 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0026130B: GetDlgItem.USER32(00000000,00003021), ref: 0026134F
                                            • Part of subcall function 0026130B: SetWindowTextW.USER32(00000000,002935B4), ref: 00261365
                                          • EndDialog.USER32(?,00000001), ref: 0027A9DE
                                          • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 0027A9F6
                                          • SetDlgItemTextW.USER32(?,00000067,?), ref: 0027AA24
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ItemText$DialogWindow
                                          • String ID: GETPASSWORD1$xj+
                                          • API String ID: 445417207-4119079146
                                          • Opcode ID: 0085998ec6cff8e859558ff3c783d5c003f124574ed01a9ff986d6e992040acb
                                          • Instruction ID: c4a58eecd80789d239255b73f3008047a58183d97ed7d3dda27d4633356030d8
                                          • Opcode Fuzzy Hash: 0085998ec6cff8e859558ff3c783d5c003f124574ed01a9ff986d6e992040acb
                                          • Instruction Fuzzy Hash: A3114833960119BADB219E659D09FFF373CEB89320F004012FB49B2080C6B199B5DB62
                                          Function 0027ADED Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadBitmapW.USER32(00000065), ref: 0027ADFD
                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 0027AE22
                                          • DeleteObject.GDI32(00000000), ref: 0027AE54
                                          • DeleteObject.GDI32(00000000), ref: 0027AE77
                                            • Part of subcall function 00279E1C: FindResourceW.KERNEL32(0027AE4D,PNG,?,?,?,0027AE4D,00000066), ref: 00279E2E
                                            • Part of subcall function 00279E1C: SizeofResource.KERNEL32(00000000,00000000,?,?,?,0027AE4D,00000066), ref: 00279E46
                                            • Part of subcall function 00279E1C: LoadResource.KERNEL32(00000000,?,?,?,0027AE4D,00000066), ref: 00279E59
                                            • Part of subcall function 00279E1C: LockResource.KERNEL32(00000000,?,?,?,0027AE4D,00000066), ref: 00279E64
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Resource$Object$DeleteLoad$BitmapFindLockSizeof
                                          • String ID: ]
                                          • API String ID: 142272564-3352871620
                                          • Opcode ID: 9ddd07da161c44e6c7ff00232d2b9864bbe4b6a5bc4923a241378bd5501b81ac
                                          • Instruction ID: 54594aa24953a64a80ef7307f1fa262e3d0d731b2a246295ea92415a50cbc7c2
                                          • Opcode Fuzzy Hash: 9ddd07da161c44e6c7ff00232d2b9864bbe4b6a5bc4923a241378bd5501b81ac
                                          • Instruction Fuzzy Hash: C601DB32550326A7C7107B64AC09E7F77799BC1B61F088026FD08A7291DF714C759AB2
                                          Function 0027CC90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0026130B: GetDlgItem.USER32(00000000,00003021), ref: 0026134F
                                            • Part of subcall function 0026130B: SetWindowTextW.USER32(00000000,002935B4), ref: 00261365
                                          • EndDialog.USER32(?,00000001), ref: 0027CCDB
                                          • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 0027CCF1
                                          • SetDlgItemTextW.USER32(?,00000066,?), ref: 0027CD05
                                          • SetDlgItemTextW.USER32(?,00000068), ref: 0027CD14
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ItemText$DialogWindow
                                          • String ID: RENAMEDLG
                                          • API String ID: 445417207-3299779563
                                          • Opcode ID: b09ef9cda360d1942b3973ae9cd5e5e97e6865b0099504d00df617ca38c95326
                                          • Instruction ID: a3d9ba493abd4b25e58c4af8d9e6d8aafa1ac1e18ef6c0950b9bb432ea4d32c3
                                          • Opcode Fuzzy Hash: b09ef9cda360d1942b3973ae9cd5e5e97e6865b0099504d00df617ca38c95326
                                          • Instruction Fuzzy Hash: 180168332A4311BBD5224F34AC0CF973B5CEB5A702F21801AF34EA20E1CAB558248B21
                                          Function 00282503 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • ___BuildCatchObject.LIBVCRUNTIME ref: 0028251A
                                            • Part of subcall function 00282B52: ___AdjustPointer.LIBCMT ref: 00282B9C
                                          • _UnwindNestedFrames.LIBCMT ref: 00282531
                                          • ___FrameUnwindToState.LIBVCRUNTIME ref: 00282543
                                          • CallCatchBlock.LIBVCRUNTIME ref: 00282567
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                          • String ID: /)(
                                          • API String ID: 2633735394-3181637598
                                          • Opcode ID: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
                                          • Instruction ID: fcd93b6ff8c817581890ce86247d3421d0fcbca75c83798deffa0daa6a564519
                                          • Opcode Fuzzy Hash: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
                                          • Instruction Fuzzy Hash: 26011336011109FBCF12AF65CD01EDA3BBAEF58714F058015F91866160C376E975EFA1
                                          Function 002875C2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00287573,00000000,?,00287513,00000000,0029BAD8,0000000C,0028766A,00000000,00000002), ref: 002875E2
                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 002875F5
                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00287573,00000000,?,00287513,00000000,0029BAD8,0000000C,0028766A,00000000,00000002), ref: 00287618
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AddressFreeHandleLibraryModuleProc
                                          • String ID: CorExitProcess$mscoree.dll
                                          • API String ID: 4061214504-1276376045
                                          • Opcode ID: 5d9752dd0eb61f28672cc923fcdae36acc5b8bb614f1c4ac6db66e83a199b3c5
                                          • Instruction ID: ade9f1a6a6662abb85e33726e7011384a5dac2def22d8fcbe682c0c3599e54a3
                                          • Opcode Fuzzy Hash: 5d9752dd0eb61f28672cc923fcdae36acc5b8bb614f1c4ac6db66e83a199b3c5
                                          • Instruction Fuzzy Hash: B5F0A434A1551CBBCB11AF54EC0DB9DBFB8EF04715F10406AF805A21A0EB318E50CB54
                                          Function 0026EB73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00270085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 002700A0
                                            • Part of subcall function 00270085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0026EB86,Crypt32.dll,00000000,0026EC0A,?,?,0026EBEC,?,?,?), ref: 002700C2
                                          • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0026EB92
                                          • GetProcAddress.KERNEL32(002A81C0,CryptUnprotectMemory), ref: 0026EBA2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AddressProc$DirectoryLibraryLoadSystem
                                          • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                          • API String ID: 2141747552-1753850145
                                          • Opcode ID: 319d5e7336ed290a87e3c1455985210739d8fd19b199374beaa0d3a6ed7d6c4c
                                          • Instruction ID: 3f944fcdc7f2d82a3b442f467b02c6972fc186c5db85d453477f630c455f219c
                                          • Opcode Fuzzy Hash: 319d5e7336ed290a87e3c1455985210739d8fd19b199374beaa0d3a6ed7d6c4c
                                          • Instruction Fuzzy Hash: 97E04F78420741DEDF20DF38E849B42BAE4AB15714B00C81EE4D6D3180D6B5D5948B50
                                          Function 00287DD9 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: 7f612dca40e53f44b30baf5eca3d7f75e076e438054363687f1c5f122bdd93e6
                                          • Instruction ID: ed85a662c1735677c9d2c6b92a0f02c615073005ac71a6a8d4ef7e0d96aaa8ba
                                          • Opcode Fuzzy Hash: 7f612dca40e53f44b30baf5eca3d7f75e076e438054363687f1c5f122bdd93e6
                                          • Instruction Fuzzy Hash: 06410636A213049FDB24EF78C881A5EB7B5EF88714F6545A9E515EB381EB30ED11CB80
                                          Function 0028B610 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetEnvironmentStringsW.KERNEL32 ref: 0028B619
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0028B63C
                                            • Part of subcall function 00288518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0028C13D,00000000,?,002867E2,?,00000008,?,002889AD,?,?,?), ref: 0028854A
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0028B662
                                          • _free.LIBCMT ref: 0028B675
                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0028B684
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                          • String ID:
                                          • API String ID: 336800556-0
                                          • Opcode ID: e30dc25448351d0d2f8c1830296fa52d7054ab2dbf8148c6cbafbc60c0b75734
                                          • Instruction ID: 65ffe2852716e14c6771cc71ba6bb885f61061ffc66103f057429bd27620d73b
                                          • Opcode Fuzzy Hash: e30dc25448351d0d2f8c1830296fa52d7054ab2dbf8148c6cbafbc60c0b75734
                                          • Instruction Fuzzy Hash: D301796A5132257B57226EB66C4CC7B696DDEC6BA0315021DBD04C2590EF608D1196B4
                                          Function 0027075B Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00270A41: ResetEvent.KERNEL32(?), ref: 00270A53
                                            • Part of subcall function 00270A41: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00270A67
                                          • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 0027078F
                                          • CloseHandle.KERNEL32(?,?), ref: 002707A9
                                          • DeleteCriticalSection.KERNEL32(?), ref: 002707C2
                                          • CloseHandle.KERNEL32(?), ref: 002707CE
                                          • CloseHandle.KERNEL32(?), ref: 002707DA
                                            • Part of subcall function 0027084E: WaitForSingleObject.KERNEL32(?,000000FF,00270A78,?), ref: 00270854
                                            • Part of subcall function 0027084E: GetLastError.KERNEL32(?), ref: 00270860
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                          • String ID:
                                          • API String ID: 1868215902-0
                                          • Opcode ID: 4baedceefb4a96478bf30f4f54ce35da2560439078522cc086efcc9eb69f46fd
                                          • Instruction ID: 137ba4b7aaff213d5482b514276fab7e5480a38b8debf85afe68fb929c740a12
                                          • Opcode Fuzzy Hash: 4baedceefb4a96478bf30f4f54ce35da2560439078522cc086efcc9eb69f46fd
                                          • Instruction Fuzzy Hash: 43019271450704EBC721DF69EC89F86BBE9FB49710F00451AF15E82160CB756A58CB90
                                          Function 0028BF10 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 0028BF28
                                            • Part of subcall function 002884DE: RtlFreeHeap.NTDLL(00000000,00000000,?,0028BFA7,00293958,00000000,00293958,00000000,?,0028BFCE,00293958,00000007,00293958,?,0028C3CB,00293958), ref: 002884F4
                                            • Part of subcall function 002884DE: GetLastError.KERNEL32(00293958,?,0028BFA7,00293958,00000000,00293958,00000000,?,0028BFCE,00293958,00000007,00293958,?,0028C3CB,00293958,00293958), ref: 00288506
                                          • _free.LIBCMT ref: 0028BF3A
                                          • _free.LIBCMT ref: 0028BF4C
                                          • _free.LIBCMT ref: 0028BF5E
                                          • _free.LIBCMT ref: 0028BF70
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: e258c3a37f113a4e4c4fb7c287bef0e350e7d0835197cd7d207ebe3ab8f8867d
                                          • Instruction ID: d6a7fc4dd7fe3de88aaa587304036ff2088fbe49e1a1895096e690eb7f8d11c9
                                          • Opcode Fuzzy Hash: e258c3a37f113a4e4c4fb7c287bef0e350e7d0835197cd7d207ebe3ab8f8867d
                                          • Instruction Fuzzy Hash: EAF0123B52A202A78A21FF64FE8AC1A73DDBA107107A5480AF108D7D91DF30FC908F64
                                          Function 002876BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\Modrinth.exe,00000104), ref: 002876FD
                                          • _free.LIBCMT ref: 002877C8
                                          • _free.LIBCMT ref: 002877D2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: _free$FileModuleName
                                          • String ID: C:\Users\user\AppData\Local\Temp\Modrinth.exe
                                          • API String ID: 2506810119-770967033
                                          • Opcode ID: b504571a2683efc6fffa6dbe7e0fa19d4c6df5d185c7807d9dd2f346f1122730
                                          • Instruction ID: 3017a084ca77b74284422a7318dff2097016d668bc8372f3ea104413bb30fa92
                                          • Opcode Fuzzy Hash: b504571a2683efc6fffa6dbe7e0fa19d4c6df5d185c7807d9dd2f346f1122730
                                          • Instruction Fuzzy Hash: CB31B179A26219AFDB21FF99DC85D9EBBECEB85310F340066E40497281D670DE60CB50
                                          Function 00267574 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00267579
                                            • Part of subcall function 00263B3D: __EH_prolog.LIBCMT ref: 00263B42
                                          • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00267640
                                            • Part of subcall function 00267BF5: GetCurrentProcess.KERNEL32(00000020,?), ref: 00267C04
                                            • Part of subcall function 00267BF5: GetLastError.KERNEL32 ref: 00267C4A
                                            • Part of subcall function 00267BF5: CloseHandle.KERNEL32(?), ref: 00267C59
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                          • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                          • API String ID: 3813983858-639343689
                                          • Opcode ID: 5a0d7945085614e172518b666a64da77ad36754c2624ed1b00c40ba30b6a5442
                                          • Instruction ID: 86c8e8f461a5ee3281b7141b4381339bb3e57c426277f3280135f373aacff116
                                          • Opcode Fuzzy Hash: 5a0d7945085614e172518b666a64da77ad36754c2624ed1b00c40ba30b6a5442
                                          • Instruction Fuzzy Hash: E331E771924249AFDF20EF64EC45BEEBBBCAF15358F008055F849A7152DB7049A4CFA1
                                          Function 0027A430 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0026130B: GetDlgItem.USER32(00000000,00003021), ref: 0026134F
                                            • Part of subcall function 0026130B: SetWindowTextW.USER32(00000000,002935B4), ref: 00261365
                                          • EndDialog.USER32(?,00000001), ref: 0027A4B8
                                          • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 0027A4CD
                                          • SetDlgItemTextW.USER32(?,00000066,?), ref: 0027A4E2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ItemText$DialogWindow
                                          • String ID: ASKNEXTVOL
                                          • API String ID: 445417207-3402441367
                                          • Opcode ID: 341e4be7b6b10e9226c19984fb0d9e3da872c21ebdbc46bf2392a0e5ed30d028
                                          • Instruction ID: c50798b77964744a078e43ce84f8fa8314b546e8e10d8e8bcb67ca3b9d2ea996
                                          • Opcode Fuzzy Hash: 341e4be7b6b10e9226c19984fb0d9e3da872c21ebdbc46bf2392a0e5ed30d028
                                          • Instruction Fuzzy Hash: 3411E632264241AFDB219F68EC5DF6A37A9FB8A311F144001F3099B0A0C7F39925DB26
                                          Function 0026D1C3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: __fprintf_l_strncpy
                                          • String ID: $%s$@%s
                                          • API String ID: 1857242416-834177443
                                          • Opcode ID: 3d0de6bc42df949ecde8fc40c0ac0ec845e2974c9e3f6b18cf6bd12f85864a61
                                          • Instruction ID: f5835b9b41a3225958645f48f80ccf3a010f97435073e6b31c03060c895acc4d
                                          • Opcode Fuzzy Hash: 3d0de6bc42df949ecde8fc40c0ac0ec845e2974c9e3f6b18cf6bd12f85864a61
                                          • Instruction Fuzzy Hash: 7F21967296024DABEF20DEA4CC46FDE7BA8AF05300F144512FE1496192D371EAA5DF51
                                          Function 0026B4F7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                          Download Yara Rule
                                          APIs
                                          • _swprintf.LIBCMT ref: 0026B51E
                                            • Part of subcall function 0026400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 0026401D
                                          • _wcschr.LIBVCRUNTIME ref: 0026B53C
                                          • _wcschr.LIBVCRUNTIME ref: 0026B54C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: _wcschr$__vswprintf_c_l_swprintf
                                          • String ID: %c:\
                                          • API String ID: 525462905-3142399695
                                          • Opcode ID: 0aeea1869260943a9679e9a543d3f8e2bad9125e10824d0b7053aa80f31089c7
                                          • Instruction ID: 94573d914ed61bcb073ea3b618ef840a1beea120ba3a12bd2bec6c996f19d5ce
                                          • Opcode Fuzzy Hash: 0aeea1869260943a9679e9a543d3f8e2bad9125e10824d0b7053aa80f31089c7
                                          • Instruction Fuzzy Hash: 9301D653934312AACA32AB759C82CABA7ACDE957607D04416F946C6481FB20D9F0C7A1
                                          Function 002706BA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                                          Download Yara Rule
                                          APIs
                                          • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,0026ABC5,00000008,?,00000000,?,0026CB88,?,00000000), ref: 002706F3
                                          • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,0026ABC5,00000008,?,00000000,?,0026CB88,?,00000000), ref: 002706FD
                                          • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,0026ABC5,00000008,?,00000000,?,0026CB88,?,00000000), ref: 0027070D
                                          Strings
                                          • Thread pool initialization failed., xrefs: 00270725
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Create$CriticalEventInitializeSectionSemaphore
                                          • String ID: Thread pool initialization failed.
                                          • API String ID: 3340455307-2182114853
                                          • Opcode ID: cd922a1af28c65545dd5e2e9163924f42d6b1bb51e4043943a6d1e552108be5d
                                          • Instruction ID: 85592ef2ab1234837bd19a5e8b5abe42036c8f1885647a04b1fa6e0dca838adb
                                          • Opcode Fuzzy Hash: cd922a1af28c65545dd5e2e9163924f42d6b1bb51e4043943a6d1e552108be5d
                                          • Instruction Fuzzy Hash: 3D1170B1610709AFC3315F66D8C8AA7FBECEB95755F10882EF1DE82200DA716994CB50
                                          Function 0027D38B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RENAMEDLG$REPLACEFILEDLG
                                          • API String ID: 0-56093855
                                          • Opcode ID: 678d07dd15a86edb949d3899b658bbc53974940f39f35c77fdf8517c46e8af60
                                          • Instruction ID: 5785f92b455ccfaaf960e57540cf54b73a30719bea17cf90cc22530bf612a583
                                          • Opcode Fuzzy Hash: 678d07dd15a86edb949d3899b658bbc53974940f39f35c77fdf8517c46e8af60
                                          • Instruction Fuzzy Hash: 42017171A20246AFDB119F14FD48E563FB9EB1A380B008426F40992270DE729C70EBA1
                                          Function 0027D287 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetEnvironmentVariableW.KERNEL32(sfxcmd,?), ref: 0027D29D
                                          • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0027D2D9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: EnvironmentVariable
                                          • String ID: sfxcmd$sfxpar
                                          • API String ID: 1431749950-3493335439
                                          • Opcode ID: 35a10663b30e8d2d1e89f1ed3a4376652ecb4f3ddefd59288ea0ddae24cbd69c
                                          • Instruction ID: 681a3c465e1d47d025e9f67f5b011cdd73dbe3e8255e7aae71d0a3c3da6a3db2
                                          • Opcode Fuzzy Hash: 35a10663b30e8d2d1e89f1ed3a4376652ecb4f3ddefd59288ea0ddae24cbd69c
                                          • Instruction Fuzzy Hash: 82F0A772921238A6CF216F95AC09ABA7768AF0D741B004552FC4C56152D671CD61DBF1
                                          Function 002891DE Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: __alldvrm$_strrchr
                                          • String ID:
                                          • API String ID: 1036877536-0
                                          • Opcode ID: 35fd0d8be5dca6c89d1c4a519db20ace465afc24967252a61766d950e54f80d3
                                          • Instruction ID: 417fb4ab58bf86e182243ee5b12e3878a77a024f62cfc63aa7d855cbe37ae77d
                                          • Opcode Fuzzy Hash: 35fd0d8be5dca6c89d1c4a519db20ace465afc24967252a61766d950e54f80d3
                                          • Instruction Fuzzy Hash: A8A18B799223869FEB21EF58C8917BEBBE5EF55310F1C41ADE8459B2C1C2349C92C750
                                          Function 0026A2AB Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000000,?,002680B7,?,?,?), ref: 0026A351
                                          • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000000,?,002680B7,?,?), ref: 0026A395
                                          • SetFileTime.KERNEL32(?,00000800,?,00000000,?,00000000,?,002680B7,?,?,?,?,?,?,?,?), ref: 0026A416
                                          • CloseHandle.KERNEL32(?,?,00000000,?,002680B7,?,?,?,?,?,?,?,?,?,?,?), ref: 0026A41D
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: File$Create$CloseHandleTime
                                          • String ID:
                                          • API String ID: 2287278272-0
                                          • Opcode ID: 6968e8bb15b106e8a059693d1d404c807f229ccb2eed4052f6741ea1b565bdf8
                                          • Instruction ID: c563bc69b30c20b57bd6ef87902d6bbeea2ff30d3b85bf4ec43122d3eaf9f065
                                          • Opcode Fuzzy Hash: 6968e8bb15b106e8a059693d1d404c807f229ccb2eed4052f6741ea1b565bdf8
                                          • Instruction Fuzzy Hash: 5141DF30298382AAD731DF24DC55BAFBBE8AB85700F04095DF5D0E3281D6649AA8DF53
                                          Function 0028C099 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,002889AD,?,00000000,?,00000001,?,?,00000001,002889AD,?), ref: 0028C0E6
                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0028C16F
                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,002867E2,?), ref: 0028C181
                                          • __freea.LIBCMT ref: 0028C18A
                                            • Part of subcall function 00288518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,0028C13D,00000000,?,002867E2,?,00000008,?,002889AD,?,?,?), ref: 0028854A
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                          • String ID:
                                          • API String ID: 2652629310-0
                                          • Opcode ID: af67a4af1761e90634b1e7f3bf07933cc11af164dddfb892edc39df4fb09a182
                                          • Instruction ID: 5ca4fd1dad1630323f5225189758c608351939dcdcbf69348652585e8785320d
                                          • Opcode Fuzzy Hash: af67a4af1761e90634b1e7f3bf07933cc11af164dddfb892edc39df4fb09a182
                                          • Instruction Fuzzy Hash: 6331F276A2110AABDF24EF74DC89DAE7BA5EB00710F154129FC08D7191EB35CD60CBA0
                                          Function 00279DBB Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDC.USER32(00000000), ref: 00279DBE
                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00279DCD
                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00279DDB
                                          • ReleaseDC.USER32(00000000,00000000), ref: 00279DE9
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: CapsDevice$Release
                                          • String ID:
                                          • API String ID: 1035833867-0
                                          • Opcode ID: f0d657eb06c6893129bc58cbeabc83c1434b1730ff9aff467c95cd30fd36709e
                                          • Instruction ID: 0b1a5931d3d5b5428bc9db71e0da4ffb756ff34f5efbc0177da0df2e7e5ef671
                                          • Opcode Fuzzy Hash: f0d657eb06c6893129bc58cbeabc83c1434b1730ff9aff467c95cd30fd36709e
                                          • Instruction Fuzzy Hash: 6DE0EC31985722E7D3205BA4BC0DF8B3B58AB1E712F050016F60696190EE704449CB95
                                          Function 00282016 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                          Download Yara Rule
                                          APIs
                                          • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00282016
                                          • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 0028201B
                                          • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00282020
                                            • Part of subcall function 0028310E: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 0028311F
                                          • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00282035
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                          • String ID:
                                          • API String ID: 1761009282-0
                                          • Opcode ID: 50341c1e121bd6f5d5b78c5b3ee2afe6a0478775b34c66270a9efbcfed992c13
                                          • Instruction ID: 546d4f2bd6e91e84a15c09b1bd62ce3305cb956f5c845db7723707366692bb70
                                          • Opcode Fuzzy Hash: 50341c1e121bd6f5d5b78c5b3ee2afe6a0478775b34c66270a9efbcfed992c13
                                          • Instruction Fuzzy Hash: FFC0023C037641D41C12BEB1221A2B907044872F94BA660C2AC84171C3DE46063E9B77
                                          Function 00279F5D Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 224COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00279DF1: GetDC.USER32(00000000), ref: 00279DF5
                                            • Part of subcall function 00279DF1: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00279E00
                                            • Part of subcall function 00279DF1: ReleaseDC.USER32(00000000,00000000), ref: 00279E0B
                                          • GetObjectW.GDI32(?,00000018,?), ref: 00279F8D
                                            • Part of subcall function 0027A1E5: GetDC.USER32(00000000), ref: 0027A1EE
                                            • Part of subcall function 0027A1E5: GetObjectW.GDI32(?,00000018,?), ref: 0027A21D
                                            • Part of subcall function 0027A1E5: ReleaseDC.USER32(00000000,?), ref: 0027A2B5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ObjectRelease$CapsDevice
                                          • String ID: (
                                          • API String ID: 1061551593-3887548279
                                          • Opcode ID: 3c3200f92ea713f3465a93f9599aed8750759159ecb0ddd4e0085e65b5aed904
                                          • Instruction ID: 5466b2167ededa16f44d897b0f106592db59a63bb3718818fbcce12510092fb8
                                          • Opcode Fuzzy Hash: 3c3200f92ea713f3465a93f9599aed8750759159ecb0ddd4e0085e65b5aed904
                                          • Instruction Fuzzy Hash: 40810371618314AFD714DF68D848A2ABBE9FFC8714F00891EF98AD7260DB71AD05CB52
                                          Function 00270E37 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: _swprintf
                                          • String ID: %ls$%s: %s
                                          • API String ID: 589789837-2259941744
                                          • Opcode ID: 59e2fa6103a970f6ca87d3e13de6df8b2c3f9eecd370e8ee3d670f3afc32e35e
                                          • Instruction ID: aa156191b6a8fdb1a3192a868e51eace275407ffc0bcdefa1efc095d6ab3ee3e
                                          • Opcode Fuzzy Hash: 59e2fa6103a970f6ca87d3e13de6df8b2c3f9eecd370e8ee3d670f3afc32e35e
                                          • Instruction Fuzzy Hash: B151D6716BC701FFEA312AA4CC82F367655AB15B00F20C906F78E648D5CAF254B86B17
                                          Function 0028A918 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 0028AA84
                                            • Part of subcall function 00288849: IsProcessorFeaturePresent.KERNEL32(00000017,00288838,00000050,00293958,?,0026CFE0,00000004,002A0EE8,?,?,00288845,00000000,00000000,00000000,00000000,00000000), ref: 0028884B
                                            • Part of subcall function 00288849: GetCurrentProcess.KERNEL32(C0000417,00293958,00000050,002A0EE8), ref: 0028886D
                                            • Part of subcall function 00288849: TerminateProcess.KERNEL32(00000000), ref: 00288874
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                          • String ID: *?$.
                                          • API String ID: 2667617558-3972193922
                                          • Opcode ID: 46d45437bf881060891f947650aec9d3ba4d76883fc361421d2bb44ca5e48db8
                                          • Instruction ID: ddd0b4769748aadd0c8bf9714805b6ff4b047b060bc9643d67ae2442d02bf791
                                          • Opcode Fuzzy Hash: 46d45437bf881060891f947650aec9d3ba4d76883fc361421d2bb44ca5e48db8
                                          • Instruction Fuzzy Hash: 8251C679D1110A9FEF14EFA8C8419ADB7F5FF58310F25816AE454E7380EA319E11CB51
                                          Function 0026772B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • __EH_prolog.LIBCMT ref: 00267730
                                          • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 002678CC
                                            • Part of subcall function 0026A444: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0026A27A,?,?,?,0026A113,?,00000001,00000000,?,?), ref: 0026A458
                                            • Part of subcall function 0026A444: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0026A27A,?,?,?,0026A113,?,00000001,00000000,?,?), ref: 0026A489
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: File$Attributes$H_prologTime
                                          • String ID: :
                                          • API String ID: 1861295151-336475711
                                          • Opcode ID: b11b2eea79af7d563ba7bcc638a47285abdde123612b91656c456d998ff5c99a
                                          • Instruction ID: 77168910892282fd9cabdcaf8986e10f55c8cf48fbfaf463a2ff49294295131d
                                          • Opcode Fuzzy Hash: b11b2eea79af7d563ba7bcc638a47285abdde123612b91656c456d998ff5c99a
                                          • Instruction Fuzzy Hash: 3A417271815258AAEB21EB50ED49EEEB37CEF45304F0040EAB609A3092DB745FE4DF61
                                          Function 0026B66C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: UNC$\\?\
                                          • API String ID: 0-253988292
                                          • Opcode ID: a2780c97c6b246708da0f4b46479f87d0f635eecafb0aac601804c87f0224130
                                          • Instruction ID: 34be35df0c715ab675dc3cf85e1d3d03c26a1ec2ef058407364b261448b2f2e1
                                          • Opcode Fuzzy Hash: a2780c97c6b246708da0f4b46479f87d0f635eecafb0aac601804c87f0224130
                                          • Instruction Fuzzy Hash: F141943646025AAACF23AF21DC45EEBBBADAF45750B104065F814D7152D771DAF0CEA0
                                          Function 00278FB6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Shell.Explorer$about:blank
                                          • API String ID: 0-874089819
                                          • Opcode ID: 84ae84d402db5fdcc9c518c4876abf183cf2f6d169582b569b8abdb204971fcb
                                          • Instruction ID: 763a25c2d5a4e53d1d9c2c3db40070225680153849528853227924764372d1c2
                                          • Opcode Fuzzy Hash: 84ae84d402db5fdcc9c518c4876abf183cf2f6d169582b569b8abdb204971fcb
                                          • Instruction Fuzzy Hash: F32191716343059FCB08DF68C899A2A77A8FF48311B14C55EF80D8B282DB70EC60CB61
                                          Function 0027D44D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                          Download Yara Rule
                                          APIs
                                          • DialogBoxParamW.USER32(GETPASSWORD1,00010452,0027A990,?,?), ref: 0027D4C5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: DialogParam
                                          • String ID: GETPASSWORD1$xj+
                                          • API String ID: 665744214-4119079146
                                          • Opcode ID: 07996a3cba491674db54d99012e281a8d6b5932535572f3329067f3c1fefde49
                                          • Instruction ID: 9ddccd8bc99e29645e9bb5b48e1814f312f368cb6eb4b130c19a499c70d3a5c4
                                          • Opcode Fuzzy Hash: 07996a3cba491674db54d99012e281a8d6b5932535572f3329067f3c1fefde49
                                          • Instruction Fuzzy Hash: A1113872630245ABDF22DE34EC0ABAB37A8BB0B750F148075BD4DA7181CEB06C609764
                                          Function 0026EBF2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0026EB73: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0026EB92
                                            • Part of subcall function 0026EB73: GetProcAddress.KERNEL32(002A81C0,CryptUnprotectMemory), ref: 0026EBA2
                                          • GetCurrentProcessId.KERNEL32(?,?,?,0026EBEC), ref: 0026EC84
                                          Strings
                                          • CryptUnprotectMemory failed, xrefs: 0026EC7C
                                          • CryptProtectMemory failed, xrefs: 0026EC3B
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: AddressProc$CurrentProcess
                                          • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                          • API String ID: 2190909847-396321323
                                          • Opcode ID: ee5bdab025bc6d8e03ab3f5b5c025ece1afe5a7fcf5e4855c15cb4504cc6fa58
                                          • Instruction ID: 9486bf4cc1d150e379cf08230708c429b477352acc701e97df303c072c9c87df
                                          • Opcode Fuzzy Hash: ee5bdab025bc6d8e03ab3f5b5c025ece1afe5a7fcf5e4855c15cb4504cc6fa58
                                          • Instruction Fuzzy Hash: 27115935A242255FDF149F34ED0AA6E3B14EF01710B06411BFC056B281CF71AEB187D0
                                          Function 00289B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: _free
                                          • String ID: X)
                                          • API String ID: 269201875-2642858957
                                          • Opcode ID: c6b7e848ecd260ad5155419380e861c4b587bcf83fb1c0a9f3f2989808b7843b
                                          • Instruction ID: 07acdd487d13ff49269ac4afc40b427b1f2eda87647b16e952ce7ace8019ac90
                                          • Opcode Fuzzy Hash: c6b7e848ecd260ad5155419380e861c4b587bcf83fb1c0a9f3f2989808b7843b
                                          • Instruction Fuzzy Hash: 0711DA79A222215AEB10EF38BC46F6672946B56334F090216F921CA1D1E770D8B18781
                                          Function 0027EC4A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0027F25E
                                          • ___raise_securityfailure.LIBCMT ref: 0027F345
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: FeaturePresentProcessor___raise_securityfailure
                                          • String ID: 8,
                                          • API String ID: 3761405300-1380941716
                                          • Opcode ID: 3c94525b4e8a27a5af1520592519301693bc6965f7b37b33fbd23c0b4fbe88c3
                                          • Instruction ID: 8dfc436771421a6c0a132ba44ddfba1a6127291af7e7f1e7a1ebe02a08bdb59d
                                          • Opcode Fuzzy Hash: 3c94525b4e8a27a5af1520592519301693bc6965f7b37b33fbd23c0b4fbe88c3
                                          • Instruction Fuzzy Hash: F12120B95A0304DBDB54DF94FAC9E403BA4FB4C310F10982AE90D8B3A1E3B06990CF45
                                          Function 00270889 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateThread.KERNEL32(00000000,00010000,002709D0,?,00000000,00000000), ref: 002708AD
                                          • SetThreadPriority.KERNEL32(?,00000000), ref: 002708F4
                                            • Part of subcall function 00266E91: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00266EAF
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: Thread$CreatePriority__vswprintf_c_l
                                          • String ID: CreateThread failed
                                          • API String ID: 2655393344-3849766595
                                          • Opcode ID: 790576cacb96bef071f71549870a765bb44d2ccc9838bb110561f0e66dd9a64d
                                          • Instruction ID: a3a0283a4eedd998a6e478dc68bdd54db94fab65b11db1737910b3436318c508
                                          • Opcode Fuzzy Hash: 790576cacb96bef071f71549870a765bb44d2ccc9838bb110561f0e66dd9a64d
                                          • Instruction Fuzzy Hash: 9101F9B1364306AFD634AF54FCC5F667398EB42711F10013EFA8AA6180CEB1B8659664
                                          Function 0028B2AE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00288FA5: GetLastError.KERNEL32(?,002A0EE8,00283E14,002A0EE8,?,?,00283713,00000050,?,002A0EE8,00000200), ref: 00288FA9
                                            • Part of subcall function 00288FA5: _free.LIBCMT ref: 00288FDC
                                            • Part of subcall function 00288FA5: SetLastError.KERNEL32(00000000,?,002A0EE8,00000200), ref: 0028901D
                                            • Part of subcall function 00288FA5: _abort.LIBCMT ref: 00289023
                                          • _abort.LIBCMT ref: 0028B2E0
                                          • _free.LIBCMT ref: 0028B314
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ErrorLast_abort_free
                                          • String ID: )
                                          • API String ID: 289325740-1411676355
                                          • Opcode ID: 07fdcac69fe7f36b0bf5a259e5ec7d2fb6391cdcf17f51faa2fb83ba69a94f34
                                          • Instruction ID: 838475978872605322c399a2911f1f4af5908e53eb572c7db9bebf6e2ebc6229
                                          • Opcode Fuzzy Hash: 07fdcac69fe7f36b0bf5a259e5ec7d2fb6391cdcf17f51faa2fb83ba69a94f34
                                          • Instruction Fuzzy Hash: 7F018479D32622DBCB26FF59980126DB364BF18B21B5A414EF824676C1CB307D618FD1
                                          Function 0026130B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0026DA98: _swprintf.LIBCMT ref: 0026DABE
                                            • Part of subcall function 0026DA98: _strlen.LIBCMT ref: 0026DADF
                                            • Part of subcall function 0026DA98: SetDlgItemTextW.USER32(?,0029E154,?), ref: 0026DB3F
                                            • Part of subcall function 0026DA98: GetWindowRect.USER32(?,?), ref: 0026DB79
                                            • Part of subcall function 0026DA98: GetClientRect.USER32(?,?), ref: 0026DB85
                                          • GetDlgItem.USER32(00000000,00003021), ref: 0026134F
                                          • SetWindowTextW.USER32(00000000,002935B4), ref: 00261365
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                          • String ID: 0
                                          • API String ID: 2622349952-4108050209
                                          • Opcode ID: e0cb98363d2981e7a65a6bb46d1238d79ab7e366d521501ef458733d6cac43da
                                          • Instruction ID: 7da49abd9cd56eebea19bf6a5a156f253f7380acc61b73e76baabee5d4e1836e
                                          • Opcode Fuzzy Hash: e0cb98363d2981e7a65a6bb46d1238d79ab7e366d521501ef458733d6cac43da
                                          • Instruction Fuzzy Hash: 2FF08C7012428DABDF254F60980DBEA3B98BF15305F0C8094FD4A546B1CBB4D9F5AA54
                                          Function 0027084E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WaitForSingleObject.KERNEL32(?,000000FF,00270A78,?), ref: 00270854
                                          • GetLastError.KERNEL32(?), ref: 00270860
                                            • Part of subcall function 00266E91: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00266EAF
                                          Strings
                                          • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00270869
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                          • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                          • API String ID: 1091760877-2248577382
                                          • Opcode ID: e5d82450cb9c7fb19500dfeefb11859a2744e66fa70c3a9925c6c1323b34e1ae
                                          • Instruction ID: 02357af44435393edde986e70053b3aedab5be011c5d615f6575778caf235da8
                                          • Opcode Fuzzy Hash: e5d82450cb9c7fb19500dfeefb11859a2744e66fa70c3a9925c6c1323b34e1ae
                                          • Instruction Fuzzy Hash: F4D05E31A2802167CA203764AC0EEAF79099F53730F204719F63DA51F5DE3209B186D6
                                          Function 0026DA4E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNEL32(00000000,?,0026D32F,?), ref: 0026DA53
                                          • FindResourceW.KERNEL32(00000000,RTL,00000005,?,0026D32F,?), ref: 0026DA61
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.2027330194.0000000000261000.00000020.00000001.01000000.00000005.sdmp, Offset: 00260000, based on PE: true
                                          • Associated: 00000002.00000002.2027315505.0000000000260000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027359587.0000000000293000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.000000000029E000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002A4000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027378875.00000000002C1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002C8000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          • Associated: 00000002.00000002.2027467495.00000000002ED000.00000002.00000001.01000000.00000005.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_260000_Modrinth.jbxd
                                          Similarity
                                          • API ID: FindHandleModuleResource
                                          • String ID: RTL
                                          • API String ID: 3537982541-834975271
                                          • Opcode ID: 0a54e351c6ae04e6bd0a7ef397135be67ec0bf1a49b425610da9e1f67b91ff91
                                          • Instruction ID: 761a6f4479dd30e73b320a910ed83699147ed802ad771b4488b0d7ff0bdd867d
                                          • Opcode Fuzzy Hash: 0a54e351c6ae04e6bd0a7ef397135be67ec0bf1a49b425610da9e1f67b91ff91
                                          • Instruction Fuzzy Hash: 25C08C32799390B6EB30AB707C0DB832E486B11F12F19044EF241DB2D0DAE6CE90C7A0

                                          Executed Functions

                                          Function 00007FF848A81199 Relevance: 8.9, Strings: 7, Instructions: 167COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $"$$$*$.$[$}
                                          • API String ID: 0-2227069639
                                          • Opcode ID: 9ad0f5feca90a89e17edc64ded557efe09e0cf78f06188ea7ed2ae54154ca4a7
                                          • Instruction ID: 58fe140c19bbb90f8ab9315c01bad9fdf6cedee2197581e89118b94b049166ec
                                          • Opcode Fuzzy Hash: 9ad0f5feca90a89e17edc64ded557efe09e0cf78f06188ea7ed2ae54154ca4a7
                                          • Instruction Fuzzy Hash: A3711470D092298FEB68EF54D8997FDB7B1AF48341F1040BAD00EA7281DBB85984DF25
                                          Function 00007FF848A7F7C8 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .$F
                                          • API String ID: 0-2747643899
                                          • Opcode ID: 069d7c0c038ff8284c7990297a53719dde2eeaa638af51bce62097e21888110f
                                          • Instruction ID: ec4d7e52f8f0c16bcbf6e067b46c64ced9e51befea205cf1fa087d42c1394701
                                          • Opcode Fuzzy Hash: 069d7c0c038ff8284c7990297a53719dde2eeaa638af51bce62097e21888110f
                                          • Instruction Fuzzy Hash: 0D514870D196298FDBA9EB18C8967E9B7B5FB48740F0001EAD10DE3281DB746E818F55
                                          Function 00007FF848A7E88A Relevance: 2.6, Strings: 2, Instructions: 50COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: d$}
                                          • API String ID: 0-1875072713
                                          • Opcode ID: a11421c1ed6d527a7395b78c8c14613d6a998517462d5e0f1d56376b95bee217
                                          • Instruction ID: b0a6333d0702c84266b6ee86138535e0b89bf8994124eaef90eda0c872179e75
                                          • Opcode Fuzzy Hash: a11421c1ed6d527a7395b78c8c14613d6a998517462d5e0f1d56376b95bee217
                                          • Instruction Fuzzy Hash: 3F110370D08629CFEB68EF04C8917A9B7B1BB54741F0045EAD40EA2281CB74AE90DF55
                                          Function 00007FF848A7CD55 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: yN_I
                                          • API String ID: 0-2136221807
                                          • Opcode ID: 79ac8250f8775824a547bff7a0de8e41125a9f395660480372c5b5b7031d32cf
                                          • Instruction ID: f817e1d3df7a0831b34df1c7da0e581a329e742769f23f5d8e32c448de0edc9e
                                          • Opcode Fuzzy Hash: 79ac8250f8775824a547bff7a0de8e41125a9f395660480372c5b5b7031d32cf
                                          • Instruction Fuzzy Hash: C0616872D0E65A8FEB54FB28E8162FD7BA0FF55390F04007BC44AD7182DF64A44987A6
                                          Function 00007FF848A7C8FD Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: {N_^
                                          • API String ID: 0-1452172579
                                          • Opcode ID: ac5ee3109a51dee57b8198212e4ee3f66efebc0273df2e81f6e9261844e9de47
                                          • Instruction ID: 7f185571a7b891ae2c78146bf8217bccf8da02caf711d98b7d0406c9aef8b86f
                                          • Opcode Fuzzy Hash: ac5ee3109a51dee57b8198212e4ee3f66efebc0273df2e81f6e9261844e9de47
                                          • Instruction Fuzzy Hash: BC31D63290E9978EE791FA7CA4161FD3760EF123B4F041177D50CC90C3EF68624192AA
                                          Function 00007FF848A81953 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: "
                                          • API String ID: 0-123907689
                                          • Opcode ID: a18404e174cfddd65c0f0628522a80589aee5a3021fbe1cd35acd867927b133f
                                          • Instruction ID: b6b04b1a81be53560256946fb885a7b25656765ced38bd4ef07a6daeffd5a333
                                          • Opcode Fuzzy Hash: a18404e174cfddd65c0f0628522a80589aee5a3021fbe1cd35acd867927b133f
                                          • Instruction Fuzzy Hash: D2011A34D0961ACFEB68DF45D8887EEB7B1EF91300F148176C408AB294EBB45984CF55
                                          Function 00007FF848A7C749 Relevance: .4, Instructions: 411COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e503f0a4710931235355f20e6841dfb010f65f47ced580b0fc31f2a6cb643c0a
                                          • Instruction ID: de57b45661aee505dea1847942c9cd048813ceffc53b16e38db6544dfb4193aa
                                          • Opcode Fuzzy Hash: e503f0a4710931235355f20e6841dfb010f65f47ced580b0fc31f2a6cb643c0a
                                          • Instruction Fuzzy Hash: 26E1E231A0E65A8FEB50FF68E4462FD7BB0EF55364F00047BD008D7192DF68A4859B69
                                          Function 00007FF848A7D989 Relevance: .4, Instructions: 394COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0d547a7173815d1630952026dff9010f3908626316708518aa8f784645215826
                                          • Instruction ID: a592c6d5a9ed175c54ad5b5f24b44f2e54f00e29211b1556a2c0567f20093dbf
                                          • Opcode Fuzzy Hash: 0d547a7173815d1630952026dff9010f3908626316708518aa8f784645215826
                                          • Instruction Fuzzy Hash: 3FE15B31D19A5A8FEB98EF68C4557BCB7A1FF58340F0401BAD00DE7296CB78A880DB55
                                          Function 00007FF848A807F0 Relevance: .4, Instructions: 358COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47931a07e030a2ec5a1bef1b3a7b8f5a90c8f378c2291737902311dd2369f16b
                                          • Instruction ID: 3b0d007ca89698dcade9d610194c7865cd1a8d192e042e7fee9c7785336f7999
                                          • Opcode Fuzzy Hash: 47931a07e030a2ec5a1bef1b3a7b8f5a90c8f378c2291737902311dd2369f16b
                                          • Instruction Fuzzy Hash: FDD12C30D1A65ACFEBA8EB68D4557BDB7B1FF19341F100079D00DA3292CB786881CB66
                                          Function 00007FF848A71738 Relevance: .3, Instructions: 287COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b7449a55e4954a583bcd6f2a65bc9ac6e94267a036fc7d255132dae140f532ab
                                          • Instruction ID: 776df4886eb766d10c665ab6a7629aa1f3291004b09c3be692a78f27b5532b4a
                                          • Opcode Fuzzy Hash: b7449a55e4954a583bcd6f2a65bc9ac6e94267a036fc7d255132dae140f532ab
                                          • Instruction Fuzzy Hash: 2481BE31A0DA498FDB48EE1C98566B977E2FF98754F14017AE44ED3286CEB4EC02C785
                                          Function 00007FF848A706C0 Relevance: .2, Instructions: 230COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b02722a6130e0258344787bdd5dde2d85cf40f1b075f522412f0d940ef157db9
                                          • Instruction ID: f7d10bdb49297c559afdf1a428a85931168a41e11390a4cc83d51e44fc6e8d3f
                                          • Opcode Fuzzy Hash: b02722a6130e0258344787bdd5dde2d85cf40f1b075f522412f0d940ef157db9
                                          • Instruction Fuzzy Hash: BE61D952D0EEC28FF215F6BC64161B93B90FF51760F0901F7D048DB09BE968D945529A
                                          Function 00007FF848A82953 Relevance: .2, Instructions: 220COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 17d4ebc3bf2570df01838945ff0edc655807e603240a5bf04361da8eeeda72da
                                          • Instruction ID: 210a8b2e77e79dc61afe92f8db8da73d70ccb2b1b7a1124f37086e8691d43e12
                                          • Opcode Fuzzy Hash: 17d4ebc3bf2570df01838945ff0edc655807e603240a5bf04361da8eeeda72da
                                          • Instruction Fuzzy Hash: 3291EF70D1992D8EEBA4EB68C8567ECB7B1FF58340F1041BAD00DE3292DF746A818B55
                                          Function 00007FF848A82881 Relevance: .2, Instructions: 207COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 208d7fd29c8a1498ecdbbc49fcebc914b8a01dfa70778c1273134ff5e1326cf2
                                          • Instruction ID: e286d04325e4b4748107d6a9d12163bfca3b23a88e7f581f97b4c19573be7e78
                                          • Opcode Fuzzy Hash: 208d7fd29c8a1498ecdbbc49fcebc914b8a01dfa70778c1273134ff5e1326cf2
                                          • Instruction Fuzzy Hash: BE71F770D0991D8EEBA4EB68D8557BDB7B1EF58341F1041BAC00DE3292DF746984CB29
                                          Function 00007FF848A71D8D Relevance: .2, Instructions: 190COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef9930d03f1252663c7fbe79e2f93d5a2a4c878cea5d495fe404ad405937eb3c
                                          • Instruction ID: fa6a1340fa4029aed6161c91d478b137575041d6981e43c41f81c15ceab213b8
                                          • Opcode Fuzzy Hash: ef9930d03f1252663c7fbe79e2f93d5a2a4c878cea5d495fe404ad405937eb3c
                                          • Instruction Fuzzy Hash: ED51E331A0CA498FDB48DE1888596BA73E2FF98750F14457EE44EC7286DF74E802CB81
                                          Function 00007FF848A851B0 Relevance: .2, Instructions: 182COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd6e99760567980b042bed3fcf92c7d932903da0f9c753c0d03edfb939b14323
                                          • Instruction ID: c747511a91936b73ad6540e6f0758cf1c057ffee876b15b1b929792a73205a63
                                          • Opcode Fuzzy Hash: cd6e99760567980b042bed3fcf92c7d932903da0f9c753c0d03edfb939b14323
                                          • Instruction Fuzzy Hash: 97513970D1991D8FEB94EB68D89ABADB7F1FF68340F00016AD40DE3291DF74A8818B55
                                          Function 00007FF848A73251 Relevance: .2, Instructions: 172COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 87d755637163f4eee97b5fc0a71db3942ea98e21c5a8f228fa5fdfd809eb438d
                                          • Instruction ID: ef8397110fc8d01c295c914dad69f75158e006599f9eb8f69bc14daf6a7e8855
                                          • Opcode Fuzzy Hash: 87d755637163f4eee97b5fc0a71db3942ea98e21c5a8f228fa5fdfd809eb438d
                                          • Instruction Fuzzy Hash: 05515571D0D51D8FEB54EFA8C4966EDBBB1EF58340F90403AD009E7291CB78A940DB69
                                          Function 00007FF848A73615 Relevance: .2, Instructions: 155COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c360ea71722e1dae6f8d05d015dc0e7e48f5bed99318b80ed0e09aaaa3045b6
                                          • Instruction ID: 645f15df4f6b76ecb18aaec19e0f53e0461b7b4fdbaeab79b08ea839ce134a4e
                                          • Opcode Fuzzy Hash: 1c360ea71722e1dae6f8d05d015dc0e7e48f5bed99318b80ed0e09aaaa3045b6
                                          • Instruction Fuzzy Hash: FB51AE31E1D98E9FEB88EB28C4657BDBBE0FF59350F4001BAD009D7295DF64A8008B15
                                          Function 00007FF848A721A5 Relevance: .1, Instructions: 140COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 982926e04e58fc9912ce74ed7668b8f21e1c520f8885f4255efc35940256312d
                                          • Instruction ID: 25894b1d60d77b7448459c8c360730539151e6b34da77cf68b9abcca2b2c9cb7
                                          • Opcode Fuzzy Hash: 982926e04e58fc9912ce74ed7668b8f21e1c520f8885f4255efc35940256312d
                                          • Instruction Fuzzy Hash: A8416B31E0EA894FE355E73894561B9BBE0EF86344F0405FBD44DC7192DF68E80183A6
                                          Function 00007FF848A7C77D Relevance: .1, Instructions: 139COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2ea364d7a4a08775dc718d719a1c4a759c6e497642590f4e2aaa8f011850ca25
                                          • Instruction ID: a3babcb4e786eba0608ed28db57056fa7396974607b9faf49c739d6bdf15614e
                                          • Opcode Fuzzy Hash: 2ea364d7a4a08775dc718d719a1c4a759c6e497642590f4e2aaa8f011850ca25
                                          • Instruction Fuzzy Hash: EF41283090D91D8FEBA4EB68C8957A9B7B1FF98344F10057AC00DE3292DF7869819F56
                                          Function 00007FF848A7BCF9 Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0291966bb6022b930c7fc7a91ad8fe9366dec6bb2cb7974568a431cc7b1aa6cb
                                          • Instruction ID: 827b5e05edc0de73ab1cebf8af65be8a320aa74b73e93b8dcf1e9563c62651a0
                                          • Opcode Fuzzy Hash: 0291966bb6022b930c7fc7a91ad8fe9366dec6bb2cb7974568a431cc7b1aa6cb
                                          • Instruction Fuzzy Hash: 80514AB0D0E2498FDB54EFA4C8556ED77B1EF09340F10003AD009E7292DBB8A844DB69
                                          Function 00007FF848A7C208 Relevance: .1, Instructions: 107COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf3f700d715cc157714be6e8af34bc0aec4c81cc90898596b673a2a2ae396baf
                                          • Instruction ID: 1f30fafe7095d29959a9086443b0087494b644b5077eac65ef2df84d82349f0d
                                          • Opcode Fuzzy Hash: cf3f700d715cc157714be6e8af34bc0aec4c81cc90898596b673a2a2ae396baf
                                          • Instruction Fuzzy Hash: DB311C34E1D81D9EDB94FB6898926BCB7F1FF58340F501039D00DE3282DF64A842AB55
                                          Function 00007FF848A81B10 Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d4fa7dc7695217fdc21351cc9281f93c82afc202c4493d32efb140224c918366
                                          • Instruction ID: 0d48ae485bab5ef1a192d6f4074e092201be3d5142955f794fb6fdfdb412898b
                                          • Opcode Fuzzy Hash: d4fa7dc7695217fdc21351cc9281f93c82afc202c4493d32efb140224c918366
                                          • Instruction Fuzzy Hash: 6231BE7184E7C68FD743DF7888296E53FF0AF27210B0905EBD484CB1A3E6685549C762
                                          Function 00007FF848A7CA20 Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9dedbb2faa1de4e351c79510592ee17ab2ea45fabcf647e691f0c03b0dd406e6
                                          • Instruction ID: c2bedff150089b269b349a5e42c7cf3d9ad938fc64f36764ef6a3bc176eb8f93
                                          • Opcode Fuzzy Hash: 9dedbb2faa1de4e351c79510592ee17ab2ea45fabcf647e691f0c03b0dd406e6
                                          • Instruction Fuzzy Hash: 8F318A30D1E90E9EEB44EBA4C4556EDB7B1FF58354F00063AC009E7295DF78A844CBA9
                                          Function 00007FF848A70805 Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f03f3cbfd2e3010aaa2b84ff31472a0f07c73b3e3307a3c35ef3dfabe4759957
                                          • Instruction ID: 083a8fce18644578e386914d7b48ceb0223111d22c56bfb049fa9802afc562d4
                                          • Opcode Fuzzy Hash: f03f3cbfd2e3010aaa2b84ff31472a0f07c73b3e3307a3c35ef3dfabe4759957
                                          • Instruction Fuzzy Hash: 4E213B62D0E5829FF700FBBC985B1F97BE0FF11394F081077D048C9083EE54A1569296
                                          Function 00007FF848A7AEDA Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c8c53c40b91330ac934418cf0c4fe0c8be32c19566671f530212e2f27b6ecf7
                                          • Instruction ID: cc69de61170fda9263ca995517ecd45523c7c76694c4b9fbfcbf623e95db6a16
                                          • Opcode Fuzzy Hash: 3c8c53c40b91330ac934418cf0c4fe0c8be32c19566671f530212e2f27b6ecf7
                                          • Instruction Fuzzy Hash: 68213CB4D1E90AAFE790FB68844A2BD76E0FF48341F014876D409C7096DFB4F5849665
                                          Function 00007FF848A7CC68 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ff050abf710b98b2fe304c985785e9d1d83d583f470097847da740c264da4d42
                                          • Instruction ID: 7f6e0e0d61632d414231295657cdfe714f7882b59d26ab02dd3c200adfa770a3
                                          • Opcode Fuzzy Hash: ff050abf710b98b2fe304c985785e9d1d83d583f470097847da740c264da4d42
                                          • Instruction Fuzzy Hash: BE21D73691D2669AE300FFBCB8072FD73A0EF41379F045577D54CD5083EE24628482A5
                                          Function 00007FF848A7C3DF Relevance: .1, Instructions: 82COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4c932280d3e1749149d4eedeec2c2890c345f7138e3472a9405b1615e11beab1
                                          • Instruction ID: 10de7b66c3bef979208c10f17e062aa43ca185a8a04c3bce41f7de9d4f1d8a51
                                          • Opcode Fuzzy Hash: 4c932280d3e1749149d4eedeec2c2890c345f7138e3472a9405b1615e11beab1
                                          • Instruction Fuzzy Hash: 91216B7188E2C55FD7439B205C2A4F53FB4EF03250F0A01EBE499CB0A3DA6C565AC362
                                          Function 00007FF848A73595 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5be7e900755c4c00cdd712fe8fc28462e6ec78fcc136447d1033ec63270175b
                                          • Instruction ID: 8436f18e929f173d8c1c334f2b8df1fbdfe1d5274be2bea3bc9d241db21a663d
                                          • Opcode Fuzzy Hash: d5be7e900755c4c00cdd712fe8fc28462e6ec78fcc136447d1033ec63270175b
                                          • Instruction Fuzzy Hash: EB218C7090A58E8FEB48EF28C45A1BE7BA0FF18344F9108BAD41AC7191DF75E540CB55
                                          Function 00007FF848A73511 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d9b69b523ef58f1eb38d440c2ebe26d3438aa4cc96ce9d8c4f9fed7cda0748f0
                                          • Instruction ID: 6a7ffa894298baae5fddba581297f2d160a80008cef8e0888023fbec326bf7c7
                                          • Opcode Fuzzy Hash: d9b69b523ef58f1eb38d440c2ebe26d3438aa4cc96ce9d8c4f9fed7cda0748f0
                                          • Instruction Fuzzy Hash: 22217970A0A94E8FEB59EF28C84A1BE77E1FF18341F8109BAE01AC7191DB75E500DB51
                                          Function 00007FF848A73468 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 77edf5bc89a565e6214dc1b417dcf9faaf35b0684fb664c69a19156cb51ea307
                                          • Instruction ID: 02a414cda9a387db079b84707ad4ccbff2fa6474ad13f0e0d6722e5f540343d3
                                          • Opcode Fuzzy Hash: 77edf5bc89a565e6214dc1b417dcf9faaf35b0684fb664c69a19156cb51ea307
                                          • Instruction Fuzzy Hash: 83218E3084E68A8FD743EB7888595A97FF0EF1A311F0A04F6D049CB0A2DB799545C721
                                          Function 00007FF848A73814 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e23113c27b3e46734cc262cce3d6594c6c170a5ceb3c5dfaed031281e1c29fdc
                                          • Instruction ID: aee7cc6ebeb94f1acf05da423cd36a2f79bef6bbe6e7fd3f86e1d5595acf2930
                                          • Opcode Fuzzy Hash: e23113c27b3e46734cc262cce3d6594c6c170a5ceb3c5dfaed031281e1c29fdc
                                          • Instruction Fuzzy Hash: 2021CAB191EA4A8FE748DF68C8263AE7BB0EB85350F6000BEC009C72D6CBF914558B40
                                          Function 00007FF848A82610 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9cd5b3bebd8cb2dc9f5fee0f6fb7693d0f3d22c4ca5cba8da7dad6be48ce6437
                                          • Instruction ID: ac54e22f3a165aad33d5eb2091a087a73d9b9edd9c00c1ff8398532a91b034a6
                                          • Opcode Fuzzy Hash: 9cd5b3bebd8cb2dc9f5fee0f6fb7693d0f3d22c4ca5cba8da7dad6be48ce6437
                                          • Instruction Fuzzy Hash: 48217C3085E6C94FD74AEB2098296F97FB0EF16209F1905FBD44AC60E3DB696844C726
                                          Function 00007FF848A70A01 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 11bea6e1eb7714488b0020ad2520560a459b45e7c48f1645e19ab114180fb276
                                          • Instruction ID: f158ab42b80106504c61f75654fd5376bee3d1f132ec3b559ad869b7df270e07
                                          • Opcode Fuzzy Hash: 11bea6e1eb7714488b0020ad2520560a459b45e7c48f1645e19ab114180fb276
                                          • Instruction Fuzzy Hash: E8119D70D0E54E9EE780FBA8884A2BD7BE0FF58390F4055B6D408C7092DF74A5449761
                                          Function 00007FF848A7122D Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1236b6b474468e4f5f404a02aea1c074fb392cfc047af67d2d90f4b9059958eb
                                          • Instruction ID: 3b1903291be3f26938d310fc106db9ec61bfbcf30e1a47ea0690c99171093ceb
                                          • Opcode Fuzzy Hash: 1236b6b474468e4f5f404a02aea1c074fb392cfc047af67d2d90f4b9059958eb
                                          • Instruction Fuzzy Hash: 0411B270D0E64A8FEB59EB68846E2B97BE0FF69350F4005BAC409D60D1EF649444C761
                                          Function 00007FF848A82801 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 79d347aa5debdd2c29cd1644b7cbc0620e94c6b9e76402f09398f923e176b7b2
                                          • Instruction ID: e17bd0ba800ed05983afa7f6b0fe568a985d50f949a90d185d65cea24c5e93bd
                                          • Opcode Fuzzy Hash: 79d347aa5debdd2c29cd1644b7cbc0620e94c6b9e76402f09398f923e176b7b2
                                          • Instruction Fuzzy Hash: 3411843090E64E9FEB91FB7494895F97BE0FF59344F0444B6D408C70A6DB749144C761
                                          Function 00007FF848A7BC75 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e5a82546feb7364d31558b46d50eb8715ee3631f36c0856f93ce33c5e564bbb1
                                          • Instruction ID: fd5add8f0a89c0f159ac5199fdb854a5a0ab2a1b6ed950fce4043acb26300d6b
                                          • Opcode Fuzzy Hash: e5a82546feb7364d31558b46d50eb8715ee3631f36c0856f93ce33c5e564bbb1
                                          • Instruction Fuzzy Hash: 7B118E74D0E64D8FEB88EF24C4592BD7BA0FF18341F0108BAD409C6191DFB5A554CB15
                                          Function 00007FF848A7C980 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ed0b501a22a01062aeb3aa91599d5a23e8cf3ec39ab4bc2c2f972f24e0da0860
                                          • Instruction ID: 01998e9664ba863865116f1e3af7be05c6a7ce8dc8da6870783328c4c031f120
                                          • Opcode Fuzzy Hash: ed0b501a22a01062aeb3aa91599d5a23e8cf3ec39ab4bc2c2f972f24e0da0860
                                          • Instruction Fuzzy Hash: 3A115E3190EA8E8FEB96FB28845A2B97BF0FF19341F1404BBD419CA092EF759540C756
                                          Function 00007FF848A7AC98 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea240bd68d10cafa60acbe2e09c0c7d6c8e72d9785f3306796c826d2f415c238
                                          • Instruction ID: d2f6dfbf89dbd6e3a79f2f10c494759dc79f96216a78fb2fa63fd2ae0d99ebe5
                                          • Opcode Fuzzy Hash: ea240bd68d10cafa60acbe2e09c0c7d6c8e72d9785f3306796c826d2f415c238
                                          • Instruction Fuzzy Hash: 9F114830919A0E8FDB88EF68C45E6BA7BE0FF28345F10057AE40AD2194DB74A140CB91
                                          Function 00007FF848A8361D Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 31a8f562c9f863773f969b0d262934ea1a3bab64b9510ac190361d38c7ec2190
                                          • Instruction ID: 6c859b6ce9902d32a9dd02149638adcdb13f63891f372046ca50af030be01dfc
                                          • Opcode Fuzzy Hash: 31a8f562c9f863773f969b0d262934ea1a3bab64b9510ac190361d38c7ec2190
                                          • Instruction Fuzzy Hash: F211A030D0E54A9EE741FB3CA84A6BAB7E0FF14340F0415B6D408D6296DFA4A5448766
                                          Function 00007FF848A705D8 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ff71495e7b4e6585166849cb5dd553b298cb3ba3546b13fd5f4c044e1a5cb029
                                          • Instruction ID: 56fc58867c33ec2cef331c93ec399e0eec7f3c462668b6785ea02d704cdcada4
                                          • Opcode Fuzzy Hash: ff71495e7b4e6585166849cb5dd553b298cb3ba3546b13fd5f4c044e1a5cb029
                                          • Instruction Fuzzy Hash: 9801883090AA0E8FEB98EF24C05A6BA77E1EF58384F50047AD80EC2182CBB5A550CB55
                                          Function 00007FF848A72ED1 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0815e760661d4c2f4c5479daab309b09c3c7227ba76df2b4172d8f32b601341e
                                          • Instruction ID: 67264f84eadf93ac2faf8ea31b398721991712c47a07d2769b5f0ed54b089a2d
                                          • Opcode Fuzzy Hash: 0815e760661d4c2f4c5479daab309b09c3c7227ba76df2b4172d8f32b601341e
                                          • Instruction Fuzzy Hash: 8301FD30C0E68E8FE741FB28884E1A97BE0FF19344F4108B6D40DC70A6EBB8E0548726
                                          Function 00007FF848A7CCD8 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e8b6af57bb9911d5c50cc9727fd94945de17a9888092df49f05c5b7d9d99712
                                          • Instruction ID: 77deb2cb57755928a57d0ee184c59e3d69b5f5891ff70a5049b78cd881a7b674
                                          • Opcode Fuzzy Hash: 0e8b6af57bb9911d5c50cc9727fd94945de17a9888092df49f05c5b7d9d99712
                                          • Instruction Fuzzy Hash: C4019E30D1E90E9EF780FB78984A6BAB6E0FF18354F0008B6D40DD2099EF74A590C666
                                          Function 00007FF848A7AE38 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f504f2eab4859cbc58e3586e8eb8acc0fcbb7a7e8dce1f211a8fa55d1ac15086
                                          • Instruction ID: b052b427849ade999a1ee1ca2bc1fa23af81d57f6e22a47053bdb47a24603b0e
                                          • Opcode Fuzzy Hash: f504f2eab4859cbc58e3586e8eb8acc0fcbb7a7e8dce1f211a8fa55d1ac15086
                                          • Instruction Fuzzy Hash: 5401563091A90E9FEB88FB68C45A2BE77E0FF18345F10087AE41ED2191DF75A590CB59
                                          Function 00007FF848A7C440 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1b888aa0cbe75a24aba6a6a190d369012a6d93827c4b724762473eb877fd1cc4
                                          • Instruction ID: 466c526dbfff62a6763d99f8289a6cef71aef4b5072dc5415894b64d3607dc1f
                                          • Opcode Fuzzy Hash: 1b888aa0cbe75a24aba6a6a190d369012a6d93827c4b724762473eb877fd1cc4
                                          • Instruction Fuzzy Hash: 43011A3091990E9FEB84EF64C45D2BA77E0FF18305F10087AD41AD2191DB71A650C755
                                          Function 00007FF848A71D05 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8faf826e89388641b25ad73f354d52c1d4599daf18995af6cd2fd1eff8154152
                                          • Instruction ID: d4485a614f06a97917ec09135d65165f7d931cee455189fd1dd203bdbd923012
                                          • Opcode Fuzzy Hash: 8faf826e89388641b25ad73f354d52c1d4599daf18995af6cd2fd1eff8154152
                                          • Instruction Fuzzy Hash: D101F43090E68E8FEB99EF24886A2F93BE0FF55340F5000BAD80CC6182CBB9D450DB51
                                          Function 00007FF848A80E00 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a697327e34b515c908bc014ec0ce0fdaa3bc0a451ff0a643be93230336b5259d
                                          • Instruction ID: 6f77fc42c28966b10e69a442beeef26385de4b6a816a1daaa2fdcb7240fc14aa
                                          • Opcode Fuzzy Hash: a697327e34b515c908bc014ec0ce0fdaa3bc0a451ff0a643be93230336b5259d
                                          • Instruction Fuzzy Hash: 3C015A3091A90E9FEB84FF64D4492BE76E1FF18301F00087AE41ED2190EB70A550C721
                                          Function 00007FF848A728AD Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 689c251e4e38353a73f1e05852e0c0cfa2e1167631e23f564771909acfff1c83
                                          • Instruction ID: 20b098a22428bfb99fac6f990dcf0ed1b74fe35c0a0cc90393db9e3d6f2b5138
                                          • Opcode Fuzzy Hash: 689c251e4e38353a73f1e05852e0c0cfa2e1167631e23f564771909acfff1c83
                                          • Instruction Fuzzy Hash: B4019A31C0E64E8FF751FB24888A1B97BE0EF19340F0148B6D409C70A2EB68E0849712
                                          Function 00007FF848A80DE1 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e76975fdf80488d47723c4b840a31d60946d5b5b1310deed67a860803cc65b59
                                          • Instruction ID: 684702d7c9e272bdbab6dd4d45863fcc4c8468b48bbaa5a937ea7c83d5972dfa
                                          • Opcode Fuzzy Hash: e76975fdf80488d47723c4b840a31d60946d5b5b1310deed67a860803cc65b59
                                          • Instruction Fuzzy Hash: CAF0AF71C0E68E8FEB94FF24981A2FE3BA0FF15341F40057AE818C2191EBB4A5548761
                                          Function 00007FF848A7AA59 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eac22b69fae03b53559debdfc1c196cbed682407b49fda9d69e3db68e72fd055
                                          • Instruction ID: eb4c0d05520ab3347210a3ef350c654ec802a702dbf5215fb8b4449ffabdc739
                                          • Opcode Fuzzy Hash: eac22b69fae03b53559debdfc1c196cbed682407b49fda9d69e3db68e72fd055
                                          • Instruction Fuzzy Hash: AA01A73094E6499FE752FB74884D6A97BE0EF1A340F1509F2D409C70A2DB38F484C726
                                          Function 00007FF848A72F49 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ed9825fd63ad08fc4eeba866c6d89a373ffdadac1d4915c89b5e57c18208e24
                                          • Instruction ID: 1e65f9753669d6400df8c27dc0eecfa9d00d83e0225c7b5be312cb661ae1f813
                                          • Opcode Fuzzy Hash: 7ed9825fd63ad08fc4eeba866c6d89a373ffdadac1d4915c89b5e57c18208e24
                                          • Instruction Fuzzy Hash: C601D43080E6894FE752F734845A1A97BE0EF56344F0509F2C40ACB09ADBA8E454C312
                                          Function 00007FF848A70608 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e76a5eb017420becb5cbfff52fe27af06c4faea4aeea6829cc7604e02f089d8
                                          • Instruction ID: 738c1f0bf37c7681d5bbb30c209c3f8924f6d8ee97b60b4c139677a1233a6079
                                          • Opcode Fuzzy Hash: 7e76a5eb017420becb5cbfff52fe27af06c4faea4aeea6829cc7604e02f089d8
                                          • Instruction Fuzzy Hash: 8101463091A90E9EEB59EB24844A2B976E0FF18349F10087EE40BD2191DF76A150C665
                                          Function 00007FF848A70610 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ec09d71bc59f827cba46ba8926fe9e040414c9ed7afe7da454b0b21028593621
                                          • Instruction ID: 74da782ad98891fb2fb89d2fce653ea2d6ae2b0e3bf4aa7a1528da4cfe437f2e
                                          • Opcode Fuzzy Hash: ec09d71bc59f827cba46ba8926fe9e040414c9ed7afe7da454b0b21028593621
                                          • Instruction Fuzzy Hash: D901693091AA0E9EEB48FF64804A2B977A0FF18349F10087EE40FC21D1DF76E550CA65
                                          Function 00007FF848A948C0 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c5afe255b5ae63e72b44bb8c6a530bcf8e86b2529de7a031ad14da47039de91
                                          • Instruction ID: 1c0cc8d74a925b06516828ffcd63ef17732e07f8bfc7a84bbf6f6a105ec79a0f
                                          • Opcode Fuzzy Hash: 3c5afe255b5ae63e72b44bb8c6a530bcf8e86b2529de7a031ad14da47039de91
                                          • Instruction Fuzzy Hash: 0F01193091E91E9EEB80FBA8884D6BAB7E4FF18345F0149B6D419D3055EF74A180C765
                                          Function 00007FF848A7E81F Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 79c167f85b46f2ad2b8d38f4a6f4a1b903dc86b42438e22cba533587c0b3e28a
                                          • Instruction ID: cf9a516922745c3fa97423f8b1108ac1d8541cb70a8f94b3f977c0b6892cd380
                                          • Opcode Fuzzy Hash: 79c167f85b46f2ad2b8d38f4a6f4a1b903dc86b42438e22cba533587c0b3e28a
                                          • Instruction Fuzzy Hash: E30117B1D09A598FEB64EF08C8957A9B3B2FB54341F0041EAD01DE3291CB746E80CF59
                                          Function 00007FF848A7AAC5 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f166e2019d06eec1256cfff013aeb2f9987e9534a4a69b7819589c537e926e6
                                          • Instruction ID: 3e3276c225a08af8ba662d52448e6b86ac9f006510a9dd66947f13afa05a314a
                                          • Opcode Fuzzy Hash: 2f166e2019d06eec1256cfff013aeb2f9987e9534a4a69b7819589c537e926e6
                                          • Instruction Fuzzy Hash: 27F0F42590F3865FE352FB3498961E93BA0DF42291F0944F7C088C6093DA6CA445D366
                                          Function 00007FF848A71240 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b98709a3ab2edf63f2c54a50bdb4c5cb3539244e5831c4c230bc93fee89ca81
                                          • Instruction ID: ae8b85b7aff3416dae6e8e5f3dca224dd8d405d0ab56322fa7f2f33fa7bbd1b3
                                          • Opcode Fuzzy Hash: 6b98709a3ab2edf63f2c54a50bdb4c5cb3539244e5831c4c230bc93fee89ca81
                                          • Instruction Fuzzy Hash: E4F0FF30D0EA4A8EFB98FA68841E3FA73E0FF56360F00017AD809C20C0EFA4505482A2
                                          Function 00007FF848A7AB28 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bde2bdffe890bb7201ad42d200ba9f7f340ae6c25249b2197c05a2cdecd18179
                                          • Instruction ID: ac40d8e34f1a54ed938897d0fb4d81f17199a7fd1bfd17a768e523a3a6ae7d21
                                          • Opcode Fuzzy Hash: bde2bdffe890bb7201ad42d200ba9f7f340ae6c25249b2197c05a2cdecd18179
                                          • Instruction Fuzzy Hash: 45F08C3091A50E9FEB58FB24D45A2BA76A0FF08348F5008BAE41ED2191DFB5A590CA65
                                          Function 00007FF848A705D0 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6889010c7ca23260b66175142456db747fc1c9f82437601da90e16c4e6accf3f
                                          • Instruction ID: dea75f7586a55d0709af76961d4e833437ccc1241d5617a4613629e97f15fe06
                                          • Opcode Fuzzy Hash: 6889010c7ca23260b66175142456db747fc1c9f82437601da90e16c4e6accf3f
                                          • Instruction Fuzzy Hash: 44F0C23090E64E8FEB98FE24841A6FA37E0EF05344F40043AE80DC2182CB79E550DB95
                                          Function 00007FF848A82F7D Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5dcd9faa81fd52a9318fd5ae2739ac1f9d19bf22faf19fad5be00c85e7a1aa0a
                                          • Instruction ID: aefa19c2c8b4a2cd044cad83e98897a6e04af7e937e4698b0b5deffbc7a302b8
                                          • Opcode Fuzzy Hash: 5dcd9faa81fd52a9318fd5ae2739ac1f9d19bf22faf19fad5be00c85e7a1aa0a
                                          • Instruction Fuzzy Hash: AF01D630C0E68A8FF791FB34581A2F97AE0FF54354F4405BAD408C60DAEFA89564C362
                                          Function 00007FF848A7C0D9 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 229f814647bf280717ca14af899dcd42ab77cf5efeb7ae4787a3f7c035b78e0c
                                          • Instruction ID: cf0fb1aff0a1633303050ce64a8b5e2ca8de43cf1ed3bcd0a73ad6d75edcd846
                                          • Opcode Fuzzy Hash: 229f814647bf280717ca14af899dcd42ab77cf5efeb7ae4787a3f7c035b78e0c
                                          • Instruction Fuzzy Hash: EF01693080E68A8FEB95EF24882A2BD7BB0FF15241F4504BBD818C6092EB789954C756
                                          Function 00007FF848A822B5 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8c3677a406b9aaaf077695dc9c8d9f1781814064faa78b1b55b9949b2d772900
                                          • Instruction ID: c4499e2371ac82455b1058983da0374347d95daf9c9ee1bb43593a90c77bd5d6
                                          • Opcode Fuzzy Hash: 8c3677a406b9aaaf077695dc9c8d9f1781814064faa78b1b55b9949b2d772900
                                          • Instruction Fuzzy Hash: 3FF0E93084F2894FEB64EF2498161F93B90FF45354F4004BAE819860C2EBB49450C762
                                          Function 00007FF848A727C9 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd0b43561c33fc17066a5bf20b3bd8cb404bc393ae90c5e967d0b3d8cc22e7e6
                                          • Instruction ID: 1499c1656137a956d71f720417e6290c178b915b514eed8ae79e15337f1242c8
                                          • Opcode Fuzzy Hash: cd0b43561c33fc17066a5bf20b3bd8cb404bc393ae90c5e967d0b3d8cc22e7e6
                                          • Instruction Fuzzy Hash: D0F06D3080E3898FEB6AAF24885A1B93FB0FF16345F4505FAD40AC60E2DB799454C766
                                          Function 00007FF848A7283D Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe6d02fdcaa0d5910bb4a927f8fbf97271504d937c14e7e26bf98c98bd900837
                                          • Instruction ID: 6749170872a2da80fe5f2e3698eaf520627db0343b5375a3fa69e801d55a4c3f
                                          • Opcode Fuzzy Hash: fe6d02fdcaa0d5910bb4a927f8fbf97271504d937c14e7e26bf98c98bd900837
                                          • Instruction Fuzzy Hash: 71F0243080E28A8FFB58AF2084062F93BA0FF15344F0000BED80AC51D1DB79D4008751
                                          Function 00007FF848A7BE01 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e329a48b8735815ea659d5fb75ba4bfdb7082ecb1bc4fe82a497c881ec2ef114
                                          • Instruction ID: e210e3277fc9d45bfd2cd62e6471dcce17df14942baebb407cb8e9b4719143b5
                                          • Opcode Fuzzy Hash: e329a48b8735815ea659d5fb75ba4bfdb7082ecb1bc4fe82a497c881ec2ef114
                                          • Instruction Fuzzy Hash: 1AF0F271D0910A9FDB04EF98E8919EDB7B2EF58300F24403AE406A3291DBB8A8849F55
                                          Function 00007FF848A76BE3 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 623133879d99703d8fb533ac78a47ac8c63bc601e33b4924c7a424018c6de30a
                                          • Instruction ID: 71190c04a48efa48efd96750477cffc567427ef8837b767decbe3d30b5149e4f
                                          • Opcode Fuzzy Hash: 623133879d99703d8fb533ac78a47ac8c63bc601e33b4924c7a424018c6de30a
                                          • Instruction Fuzzy Hash: B2E09A3090E91E8FDB98EA148C517E9B775EF45341F1001E9805EE7291DEB46AD09F15
                                          Function 00007FF848A70FCB Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cc84862067de021321c5d582435a784299b4db6033d2cbca90dd87ebdcc61631
                                          • Instruction ID: 20f115f122f48c75e3b7428a95ca682200489cd8f088c7de38295cf94f069887
                                          • Opcode Fuzzy Hash: cc84862067de021321c5d582435a784299b4db6033d2cbca90dd87ebdcc61631
                                          • Instruction Fuzzy Hash: CCE08230C2A44D8EEB90FB28CC81BADA6B0EF04300F1091B1C00CA3286CE74AE849B48
                                          Function 00007FF848A7B805 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cac0cc7a00ef17649b3fe8627ad8713be17aca5998ec8f64cb2142c1b2c7d9cf
                                          • Instruction ID: 0f21c127b59bd57e1ae9f53e894da70b3552a59db2763b92d7b1a289e67d327c
                                          • Opcode Fuzzy Hash: cac0cc7a00ef17649b3fe8627ad8713be17aca5998ec8f64cb2142c1b2c7d9cf
                                          • Instruction Fuzzy Hash: 4CD0C93091E85A9EEF90FA14C441EE9B374EF25340F1052B1840ED2146CE74AAC2AF85
                                          Function 00007FF848A816D1 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2399a2f752c623b66b29a1115e047d669df20a5079910444842b77c6841ec68a
                                          • Instruction ID: bb6679511dae665fba9fa2e84c3123a4f91caf57892e66699005e68e63b662e8
                                          • Opcode Fuzzy Hash: 2399a2f752c623b66b29a1115e047d669df20a5079910444842b77c6841ec68a
                                          • Instruction Fuzzy Hash: 15D0A73480D1058FE3058F20845CAA97B60EF40300F0000B9D04D9B192DA740044C714

                                          Non-executed Functions

                                          Function 00007FF848A7F8C5 Relevance: 5.0, Strings: 4, Instructions: 43COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.2136803849.00007FF848A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7ff848a70000_Componentwebfont.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 7$J$[$^
                                          • API String ID: 0-1280583431
                                          • Opcode ID: 4ce4d478d1c8811c8d049cb04ea8efb2f2643c05176731cb93968d5038b9c862
                                          • Instruction ID: b1ce97a6d91dd1e4be3d784a31934cfd204efeaa0bd1f7be98ea45ddd5900284
                                          • Opcode Fuzzy Hash: 4ce4d478d1c8811c8d049cb04ea8efb2f2643c05176731cb93968d5038b9c862
                                          • Instruction Fuzzy Hash: 89112870D09269CFEB68EF00C8957AAB7B5AB45741F0045B9D00E97280CBB8AE80DF46

                                          Executed Functions

                                          Function 00007FF848A91199 Relevance: 8.9, Strings: 7, Instructions: 167COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $"$$$*$.$[$}
                                          • API String ID: 0-2227069639
                                          • Opcode ID: 192261a421296f88a8bbb622b18df5058d17716a2eca8e9dfb89b75678166838
                                          • Instruction ID: c327cd135a3ac5491dbf79e1ebc83a7868e69f37c5d91d1847576f9f76e359fc
                                          • Opcode Fuzzy Hash: 192261a421296f88a8bbb622b18df5058d17716a2eca8e9dfb89b75678166838
                                          • Instruction Fuzzy Hash: 0471E370D0D2298FEB68EF54D8997FCB7B1AB58345F1045BAD00EA7281CBB85984CF25
                                          Function 00007FF848A8F7C8 Relevance: 2.6, Strings: 2, Instructions: 139COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .$F
                                          • API String ID: 0-2747643899
                                          • Opcode ID: e281769e9055cdccdb52e2e9a51e6173112e7b65d655b14c7f150bd5a4d4076b
                                          • Instruction ID: c8221939d1155ecf6c92b1ed51817325723bc8554b967cff50dd341080941a38
                                          • Opcode Fuzzy Hash: e281769e9055cdccdb52e2e9a51e6173112e7b65d655b14c7f150bd5a4d4076b
                                          • Instruction Fuzzy Hash: D7513570D196298FDBA9EB18C8967E9B7B5FB08340F1001EAD00DE2281DB746A818F46
                                          Function 00007FF848A8E88A Relevance: 2.6, Strings: 2, Instructions: 50COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: d$}
                                          • API String ID: 0-1875072713
                                          • Opcode ID: a11421c1ed6d527a7395b78c8c14613d6a998517462d5e0f1d56376b95bee217
                                          • Instruction ID: b03f67076338521727aeebab26401c569fa6350af38930763d8210739e350b55
                                          • Opcode Fuzzy Hash: a11421c1ed6d527a7395b78c8c14613d6a998517462d5e0f1d56376b95bee217
                                          • Instruction Fuzzy Hash: 9E110370D0962ACFDB68EF04D8917A9B7B1FB54341F0045EAD40EA2290CB746E90CFA5
                                          Function 00007FF848A8C8F3 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: {M_^
                                          • API String ID: 0-1422449530
                                          • Opcode ID: 8e6d2bc35597541f0accf46dc0f2a3743f5d16b03fa070229a3fb4e7f06a7ac4
                                          • Instruction ID: 1808fd02e56ceed63e25158524a33a743b0eb19677f6e1eeb529a7c4cb14758e
                                          • Opcode Fuzzy Hash: 8e6d2bc35597541f0accf46dc0f2a3743f5d16b03fa070229a3fb4e7f06a7ac4
                                          • Instruction Fuzzy Hash: 4531B67290E9568EE781FB6CB4161FC7760EF163B4F0411B7D40CC9083EF6826448ABA
                                          Function 00007FF848A91953 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: "
                                          • API String ID: 0-123907689
                                          • Opcode ID: 05fab3288787d43b6cb31c9e86580563eef5db97ee7b4bcd030049ade2309501
                                          • Instruction ID: 30deb5a4929eb18308215882b0101bf1a4ce23a5749ec561ed3ad5de3c28bd46
                                          • Opcode Fuzzy Hash: 05fab3288787d43b6cb31c9e86580563eef5db97ee7b4bcd030049ade2309501
                                          • Instruction Fuzzy Hash: F2010834D0961A8FEB28EF45C8887EDB7B1EB91304F148576C418AB284DBB85984CF45
                                          Function 00007FF848A932C8 Relevance: .5, Instructions: 473COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eb7fa3813f55b594bbe70c87046994de842ed879515d8cd62b6d4bd3df8d7088
                                          • Instruction ID: 2df0c0cc04bb086bba919af6618ff1db0c9bdddee628a3f4d6bd196da4b81f87
                                          • Opcode Fuzzy Hash: eb7fa3813f55b594bbe70c87046994de842ed879515d8cd62b6d4bd3df8d7088
                                          • Instruction Fuzzy Hash: 7D21913180E6C99FE742E738981A1AA7FF0EF06344F0509FBD058C71A3EB6465548762
                                          Function 00007FF848A8D989 Relevance: .4, Instructions: 394COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 003eb1b8eddb621bd06cb9688ff972453ab8a1e3c0fa0519fcf1b2e37be1bed2
                                          • Instruction ID: 8f38ab5518db013e9c2c2a512d2a6ea377b34b80d78d3926500f9a9baf66d37a
                                          • Opcode Fuzzy Hash: 003eb1b8eddb621bd06cb9688ff972453ab8a1e3c0fa0519fcf1b2e37be1bed2
                                          • Instruction Fuzzy Hash: DFE14A70D19A59CFEB98EB68D4557BCB7A1FF58340F1401BAC00DA7292CB786880CB65
                                          Function 00007FF848A81738 Relevance: .3, Instructions: 287COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c6632ff9b170b7dd2382266ad3f8a8d83797b21ab7ac95be4a14790d8ce63db3
                                          • Instruction ID: 9f5a984c04149e4ce993c082b5ffccaff2fca97eb8e14b29b77e85e53ea24349
                                          • Opcode Fuzzy Hash: c6632ff9b170b7dd2382266ad3f8a8d83797b21ab7ac95be4a14790d8ce63db3
                                          • Instruction Fuzzy Hash: F381C031A0DA498FDB48EE1CA8566B977E2FF98744F14017AE44EC3286CE74AC02C795
                                          Function 00007FF848A806C0 Relevance: .2, Instructions: 230COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea06e27fce6742f4428abee62b37486153f10261e813e55e6af46f7cdc8d5f6b
                                          • Instruction ID: 365a9e1ac6355027f57c318c1da8700a85a726ecec24e85fa3264aae1d05d286
                                          • Opcode Fuzzy Hash: ea06e27fce6742f4428abee62b37486153f10261e813e55e6af46f7cdc8d5f6b
                                          • Instruction Fuzzy Hash: 6061F752E0FEC28FE215F67C780A2B96B90FF52790F0901B7C048D709BD9B8954583BA
                                          Function 00007FF848A92953 Relevance: .2, Instructions: 220COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 467c05639bdc4771af529396fd957109db24cfd27a5327702e1541480a682a57
                                          • Instruction ID: 8c790324a631984402b82c7452e6804fb6688bb41d7573450c95bb0d05775666
                                          • Opcode Fuzzy Hash: 467c05639bdc4771af529396fd957109db24cfd27a5327702e1541480a682a57
                                          • Instruction Fuzzy Hash: 3591F070D1992D8EEBA4EB68D8567ECB7B1FF58340F1041AAC00DE3292DF742A858F55
                                          Function 00007FF848A92881 Relevance: .2, Instructions: 207COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee9408a720dfc744e3bce347ce219b3739cecdd0e6b881f233ce1322e0c41b8c
                                          • Instruction ID: 39fd6931de4f552df871e313ad0fb97434e1562fc38a93a895dd3b5c62d93470
                                          • Opcode Fuzzy Hash: ee9408a720dfc744e3bce347ce219b3739cecdd0e6b881f233ce1322e0c41b8c
                                          • Instruction Fuzzy Hash: A2711670D0D91D8EEBA4EB68D8557ACB6B1EF58344F1045BAC00DE3292DF746984CF25
                                          Function 00007FF848A81D8D Relevance: .2, Instructions: 190COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0312cc7b4874a377f36f5ceb3a5f5708f2318741da940f9a2fa935a3327c5879
                                          • Instruction ID: e2743fdab9420413578ecc4e8d2f34f594b9c13a472a6f9c6a0695d605eabbfd
                                          • Opcode Fuzzy Hash: 0312cc7b4874a377f36f5ceb3a5f5708f2318741da940f9a2fa935a3327c5879
                                          • Instruction Fuzzy Hash: E751E231A0CA498FDB48DE1898596BA73E2FF98754F14457ED44EC3285DF74AC02CB91
                                          Function 00007FF848A951B0 Relevance: .2, Instructions: 181COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d3e731187aeb5eb7cc4f854cdd0eae56a3787578f9dcde7febaa178a7e436c59
                                          • Instruction ID: b9d9a892fda2fd4003c71f9f510d31dc5b6be297a44f7eca7da7675b179b8033
                                          • Opcode Fuzzy Hash: d3e731187aeb5eb7cc4f854cdd0eae56a3787578f9dcde7febaa178a7e436c59
                                          • Instruction Fuzzy Hash: 8B513770D1991D8FDB94EB68D89ABADBBF1FF68341F10056AD00DE3291CB7468818B51
                                          Function 00007FF848A83251 Relevance: .2, Instructions: 172COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bc987fb136063077775e0902a04f0c03b914faf0ed25782d61a2dac0e34fd97c
                                          • Instruction ID: 6644dcd9f9455d4ae4b622b1e15e599f1ff431992739cdd867b7bde8b4467700
                                          • Opcode Fuzzy Hash: bc987fb136063077775e0902a04f0c03b914faf0ed25782d61a2dac0e34fd97c
                                          • Instruction Fuzzy Hash: D3515570D0D61D8FEB54EBA8E4866EDBBB1FF58341F10503AD009E3291DBB86844CB25
                                          Function 00007FF848A83615 Relevance: .2, Instructions: 156COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ed84663d53fadb8a54dd2e73944cf0ede5e196001c6faea6ade6bbe0550ed86c
                                          • Instruction ID: bc44db1a9dd397949aecf4fc60c8304adb356aebc44c31cef24743700477ee3a
                                          • Opcode Fuzzy Hash: ed84663d53fadb8a54dd2e73944cf0ede5e196001c6faea6ade6bbe0550ed86c
                                          • Instruction Fuzzy Hash: 5B518C31E1D98E9FEB98EB2CD4696BDBBE0FF59350F4011BAD009D7291DF6468018B21
                                          Function 00007FF848A821A5 Relevance: .1, Instructions: 140COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e689fe20879f7d0fb852e4b91b691c95f8fc5ee1bec37e06134708220ae3a983
                                          • Instruction ID: 1cd6955bc3ede820f9d5ff45d522edf5dc954361d74236b652d541638c726de7
                                          • Opcode Fuzzy Hash: e689fe20879f7d0fb852e4b91b691c95f8fc5ee1bec37e06134708220ae3a983
                                          • Instruction Fuzzy Hash: 5F415A31E0EA894FE355E738A8561B9BBE0EF46354F0445FBD44CC7192EF68A8018376
                                          Function 00007FF848A8BCF9 Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f03b31e12ab7b451b07bcfc9f16116d99eb8a031e1ca6ef48935ba08d6d2aa75
                                          • Instruction ID: 9189c04d1d683f4c633d0a2ce6b09f62c676870d5f4aa27999c9f004419d6d33
                                          • Opcode Fuzzy Hash: f03b31e12ab7b451b07bcfc9f16116d99eb8a031e1ca6ef48935ba08d6d2aa75
                                          • Instruction Fuzzy Hash: AC514970D0E2498FDB58EFA4E4956ED7BB1FF08300F00003AD009E7291DBB86845CB6A
                                          Function 00007FF848A8C208 Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1087b76e7ce68391984a7dd6db26abdb10fcab31fb0e5feb8db796eea72728e2
                                          • Instruction ID: 5f412832b32d521e3c3abed54a75bd48f2dd89da0cf424423f2bc676ee74108c
                                          • Opcode Fuzzy Hash: 1087b76e7ce68391984a7dd6db26abdb10fcab31fb0e5feb8db796eea72728e2
                                          • Instruction Fuzzy Hash: 24310930D1D81D8EDB94FB68A892ABCB7F1FF58340F501139D00DE3282DE6468469B66
                                          Function 00007FF848A8C280 Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1be8835e3cdcfcd385c3532d9c5ebee1e939d046361d868202bae9b0da6011cd
                                          • Instruction ID: 74f0eb56585e3fb46401b00365b941d77328e66355a26b43eafce9bd6654ffed
                                          • Opcode Fuzzy Hash: 1be8835e3cdcfcd385c3532d9c5ebee1e939d046361d868202bae9b0da6011cd
                                          • Instruction Fuzzy Hash: 0221FB30E1D91D8FDB94FBA8A4526BCB7B1FF59340F501139D00DE3282DE6468469B66
                                          Function 00007FF848A80805 Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 37050fcf48e9f6de4cccb84497b9fe4da727fbe62502fc228374150523acb04f
                                          • Instruction ID: 6132243bdb02226551bf74e30a1fb50ad89e699dc4f187edfbeb61b9cd4fdcce
                                          • Opcode Fuzzy Hash: 37050fcf48e9f6de4cccb84497b9fe4da727fbe62502fc228374150523acb04f
                                          • Instruction Fuzzy Hash: 4F213B62D0E5829FE704BB7CA85B1F97BE0FF12394F085077D448CA043EE64619682F6
                                          Function 00007FF848A8AEDA Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e05752e1a535a33c3d9ce5c028795cd458e2bf5cd459f7fe4ed13e97a5b3bf5c
                                          • Instruction ID: 5a6026b5a137f56fc9d0eae1163b72605a0ba21a28171dd0f8ad66031baf76f0
                                          • Opcode Fuzzy Hash: e05752e1a535a33c3d9ce5c028795cd458e2bf5cd459f7fe4ed13e97a5b3bf5c
                                          • Instruction Fuzzy Hash: 9C213CB0D1E91A9FEB90FB68944A2BD76E0FF58341F0149B6D40DC2091EFB4B9808666
                                          Function 00007FF848A83595 Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 41a32539eb9fa136ae6950db7f26349f7623605ec2299b6ff2fbeb37e795beb1
                                          • Instruction ID: 352c52bbb0b144259af604961919f551a467bd3005ea59554ca53379e18e59ff
                                          • Opcode Fuzzy Hash: 41a32539eb9fa136ae6950db7f26349f7623605ec2299b6ff2fbeb37e795beb1
                                          • Instruction Fuzzy Hash: D5218C3090A54E8FEB48FF28C45A5BD7BA0FF18344F5018BAD41AC7191DF75A540CB65
                                          Function 00007FF848A83511 Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1b240455ecbb8325f86edcf1e21c4b29a5da4c67a317f76000430183aea514ff
                                          • Instruction ID: 7e901f024ea0eabf08500a9405ef0f6cc90b7ea3aa76e3ac268e93f516bddf32
                                          • Opcode Fuzzy Hash: 1b240455ecbb8325f86edcf1e21c4b29a5da4c67a317f76000430183aea514ff
                                          • Instruction Fuzzy Hash: 0C216A30A0AA0E8FEB59FB28D8595BA77A0FF18351F0019BAE01AC7191DB75E5008B61
                                          Function 00007FF848A83468 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf7aba5f66b8a5a4480d3cc2c51a8d7a54e8d0495706dc7103ca22d2f2948614
                                          • Instruction ID: e427f87a848b5f500aa823378ea71f30da79d20788bb29aef45a7e5a9cb2cb8d
                                          • Opcode Fuzzy Hash: cf7aba5f66b8a5a4480d3cc2c51a8d7a54e8d0495706dc7103ca22d2f2948614
                                          • Instruction Fuzzy Hash: 3421903084E78A8FD743EB7888595A97FF0EF1A311F0504F6D045CB0A2DB799545C722
                                          Function 00007FF848A83814 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 447f6105080c18f69b12aaddcf6f2a9cefa9837a3d5f44dec3ec191fade937a1
                                          • Instruction ID: c4f17d6e4d40198fbc5a178805a57ce3b8ff4b561977c95e9e5ff0fa8f362ec1
                                          • Opcode Fuzzy Hash: 447f6105080c18f69b12aaddcf6f2a9cefa9837a3d5f44dec3ec191fade937a1
                                          • Instruction Fuzzy Hash: B721BBB190E64E8FE748DF68D8293AD7BA0EB85351F5000BEC009C72D6CBF914558B40
                                          Function 00007FF848A92610 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f6027ff69f2554fe469613c0833269fd486df5d729dace3b1aacbdbfb59f7a7c
                                          • Instruction ID: 600f34d1be1f5563ed66db1f6978f9d39418c19e5406ff0f678b80fa3a29088f
                                          • Opcode Fuzzy Hash: f6027ff69f2554fe469613c0833269fd486df5d729dace3b1aacbdbfb59f7a7c
                                          • Instruction Fuzzy Hash: 8B21AF3084E7C94FD746EB2488292F57FB0EF16209F0504EBD459C60E3DB695444C726
                                          Function 00007FF848A80A01 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 410f5bb6cfb1f1d1f56c2197cfe7a688299f2b8b0b22c05023928e1c88750182
                                          • Instruction ID: 6568ced60697a213de1b51d9c71ebe694c0753478ef971593d2e6c1ce7fb1e5b
                                          • Opcode Fuzzy Hash: 410f5bb6cfb1f1d1f56c2197cfe7a688299f2b8b0b22c05023928e1c88750182
                                          • Instruction Fuzzy Hash: FF118B30D0A94E9FE780FB68984A1BABBE0FF58380F4045B6C418C6092DF74A5448771
                                          Function 00007FF848A8122D Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 808bef3502ad1060cdf4924ff21f2d1b43892ec59ccdc88f84f18ea0f8e38ad4
                                          • Instruction ID: 0909736f0fb86cdb1567b5ebacee338da7d6c74227706a19f14afe3f001a58d2
                                          • Opcode Fuzzy Hash: 808bef3502ad1060cdf4924ff21f2d1b43892ec59ccdc88f84f18ea0f8e38ad4
                                          • Instruction Fuzzy Hash: E411BF70D0EA4A8FEB99EB68945E2B97BE0FF69350F4005BAC40AC61D1EFB46440C761
                                          Function 00007FF848A92801 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f2ede3e83a6e9626f57e9bc42f1f910f2b8917c9223df24245683d9552ab18b
                                          • Instruction ID: 8cc93d1012fe87f3be769176dd755e1b7542f20a9e156468f43986b100a8b9e0
                                          • Opcode Fuzzy Hash: 0f2ede3e83a6e9626f57e9bc42f1f910f2b8917c9223df24245683d9552ab18b
                                          • Instruction Fuzzy Hash: 5A11C47080E64E8FEB81FB7884896F97BE0FF59344F0148B6D418C70A2DB74A144C761
                                          Function 00007FF848A8BC75 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b7eb1a5a17bee55c36048fe9f8aa099c0bc389505b57de7dcc3bc24ab07516fa
                                          • Instruction ID: 9f196478b116c37de148635eac0097d9841d302bf23eb5c56d5a6ff043f6d9a6
                                          • Opcode Fuzzy Hash: b7eb1a5a17bee55c36048fe9f8aa099c0bc389505b57de7dcc3bc24ab07516fa
                                          • Instruction Fuzzy Hash: 4A117C7080E64D8FEB88EF2494592BD7BA0FF18341F1108BAD409C2191DFB5A5548B65
                                          Function 00007FF848A8C980 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f8611e8d11d1b93a8606abf05d762836544236d9783be5068d18bb3a6797322b
                                          • Instruction ID: 9870bca0b765aeb21cc137cb79f1627bfc59de858885ca4bfda4ff2a27fe072a
                                          • Opcode Fuzzy Hash: f8611e8d11d1b93a8606abf05d762836544236d9783be5068d18bb3a6797322b
                                          • Instruction Fuzzy Hash: 4D118F3080EA8D8FEB86FB24945A2B97BF0FF19340F0405FBD409C6092DBB45544CB66
                                          Function 00007FF848A8C0D9 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b29cc31820b3459cee32cd7bbca0fbf4b2ae688d0aceb5ddc3dfd3d1118ef5bf
                                          • Instruction ID: 84320cb688f8117d24dabac216a7da5f4e773e4990a0fd87aeda04fb6cd93404
                                          • Opcode Fuzzy Hash: b29cc31820b3459cee32cd7bbca0fbf4b2ae688d0aceb5ddc3dfd3d1118ef5bf
                                          • Instruction Fuzzy Hash: 3C117C3080E68D8FEB85EB64989A2BD7BF0FF19341F0004BBD419C7192DB79A544CB25
                                          Function 00007FF848A805D8 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e2f509a7b5cf94e37b9906c356999bf25737e68932369f152e1f54de32ce9e22
                                          • Instruction ID: fd0b4237d7ac0bf9793010ee2e6ae83fcfcd5eadccdfc15c1039ac3fb35d26ea
                                          • Opcode Fuzzy Hash: e2f509a7b5cf94e37b9906c356999bf25737e68932369f152e1f54de32ce9e22
                                          • Instruction Fuzzy Hash: 08019A3090AA0E8FEB98FF24D04A6BA77A1FF58344F50447ED40ED2180CFB5A550CBA5
                                          Function 00007FF848A82ED1 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2d7fe3219706fe57d69bb7262a9e980db97c1a9aeb43bd38ae8cd74909022999
                                          • Instruction ID: 303cbae37f7463f7144d206b2dfe6a4434bd312bc370bb112bb48d433056fd65
                                          • Opcode Fuzzy Hash: 2d7fe3219706fe57d69bb7262a9e980db97c1a9aeb43bd38ae8cd74909022999
                                          • Instruction Fuzzy Hash: 3801DF3080E6498FE745FB24884E1B97BE0EF19344F0108B6D408C7096EBB4E454C736
                                          Function 00007FF848A81D05 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e4b1afd17446f73598d7f4352ab4eb027f41067869b7ac854c7ef0fabcf91f6
                                          • Instruction ID: 97c5d3c07a5149d17339706e0d97e9a0fafb60ebf1b932903fbcff47cfc6d9ab
                                          • Opcode Fuzzy Hash: 0e4b1afd17446f73598d7f4352ab4eb027f41067869b7ac854c7ef0fabcf91f6
                                          • Instruction Fuzzy Hash: 1C01D63090E68D8FEB99EF24985A3B93BE0FF55340F5000BAD408C6181DBB59450CBA1
                                          Function 00007FF848A90E00 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fc66087c4f2dbeda118a715183852d111808b056ebd3e79c228efe463b11e5f3
                                          • Instruction ID: 9db252d8d8055274997a998a6faffe202c60adedd0cee2f2f6eb6b96634be0c5
                                          • Opcode Fuzzy Hash: fc66087c4f2dbeda118a715183852d111808b056ebd3e79c228efe463b11e5f3
                                          • Instruction Fuzzy Hash: D501783091A90E8EEB88FF68C44A2BE77E1FF18344F00087AE41ED2190EF70A590CB11
                                          Function 00007FF848A828AD Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 205bdb4fb0fbce82debbe9625cb9a60aa31b3706192ca1bbe6cecfec465fd815
                                          • Instruction ID: d6f420649b13287a49398859e2e9291cd6fd2ebbd09b8e9e532382c36ad8691b
                                          • Opcode Fuzzy Hash: 205bdb4fb0fbce82debbe9625cb9a60aa31b3706192ca1bbe6cecfec465fd815
                                          • Instruction Fuzzy Hash: 4001BC31C0E64D8FEB41FB24988A1B97BE0FF19340F0148B6D408C70A2EB78E084C762
                                          Function 00007FF848A90DE1 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3acd4b1f71eb1f1e8d650165953ab03f25321260616e1a5002a9177ea6698c2b
                                          • Instruction ID: 3c1c14be1a34c06373bfdb582ac992565d44a7ac16569a37fb5e585b0fb77a11
                                          • Opcode Fuzzy Hash: 3acd4b1f71eb1f1e8d650165953ab03f25321260616e1a5002a9177ea6698c2b
                                          • Instruction Fuzzy Hash: B2F0AF71C0E68E8FEB94FF28881A2FE3BA0FF15384F40097AE818C2191EB74A5548751
                                          Function 00007FF848A8AA59 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0619bae999448a41a52e55364a428637d60b1fee7352b0a4057e52f131baf827
                                          • Instruction ID: 595bb781d98e506566e658b316018622507a5a7bbcd87bb2315e8761dabd7856
                                          • Opcode Fuzzy Hash: 0619bae999448a41a52e55364a428637d60b1fee7352b0a4057e52f131baf827
                                          • Instruction Fuzzy Hash: 6201A73094E6499FE752FB74984D6B97BE0EF0A344F1509F2D409C7092DB38B484C726
                                          Function 00007FF848A823C1 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f8c8043150d1466f94b2d58cb9c2935130e57d00e1918fa1e06e4dd545d57a2d
                                          • Instruction ID: 0020510f4274e19fdd13265d53ac63b7d81d4ad0cea69c3c869678e1892f0174
                                          • Opcode Fuzzy Hash: f8c8043150d1466f94b2d58cb9c2935130e57d00e1918fa1e06e4dd545d57a2d
                                          • Instruction Fuzzy Hash: E311D630D0E51A8EEBA4EA10D855BF9B3B1EF54344F5040B9C44E92191DFB82A899B76
                                          Function 00007FF848A82F49 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6a8c0d72318695bed9fa71437325ea635a67741a0d1eec2c3f515a65990d6f6c
                                          • Instruction ID: 6efbdcca28e011cb9baa1851db46ca06b72d6696f04ee82b759da1be7adeea43
                                          • Opcode Fuzzy Hash: 6a8c0d72318695bed9fa71437325ea635a67741a0d1eec2c3f515a65990d6f6c
                                          • Instruction Fuzzy Hash: FB01F73080E6894FE752F734944A1B97FE0EF15344F0509F3D409C709ADBA8E864C722
                                          Function 00007FF848A80608 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 151220f7f56d2ba5bee18c58f8b5c82c7e6fed6da6a4a7b27ee89091b9ed0f76
                                          • Instruction ID: f2e216e2d2a9fd6599ac97364d15b73768b01d7ad5ba441ec25037f1cf2b85cb
                                          • Opcode Fuzzy Hash: 151220f7f56d2ba5bee18c58f8b5c82c7e6fed6da6a4a7b27ee89091b9ed0f76
                                          • Instruction Fuzzy Hash: 3301693091A90E9EEB59FB24D44A2B976E0FF18349F10087EE40ED21D1DF75A150C665
                                          Function 00007FF848A80610 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8692ecad8a75af34faae162c44db1c2cf9497eff4235c86a0b1bcbc9fb0f1012
                                          • Instruction ID: c5e40f0b7b4ffaf6a0c3fc59d6cfe7241f1966f60192ad2ac68bfcb6e7378af0
                                          • Opcode Fuzzy Hash: 8692ecad8a75af34faae162c44db1c2cf9497eff4235c86a0b1bcbc9fb0f1012
                                          • Instruction Fuzzy Hash: 8801693081A90E9EEB48FF24904A2B977E0FF18349F10087EE80EC21D1DF75A550CA65
                                          Function 00007FF848A8E81F Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1bcdb9cf3883048362e805d2b74066238532fc5efb033df0284b364cff40c08b
                                          • Instruction ID: 0b2ab23dc1abe0fe8533cf15af1a277070a5c97aa643946bc2c583ecb45e1603
                                          • Opcode Fuzzy Hash: 1bcdb9cf3883048362e805d2b74066238532fc5efb033df0284b364cff40c08b
                                          • Instruction Fuzzy Hash: 2101C5B1D09A59CFDB64EE08D8957A973B2FB54341F0041EAD41DE3291CB746E808F66
                                          Function 00007FF848A8AAC5 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d4f2527f5e297b3247d74de22ab5efa675dba38139f289bad6aad448356947c2
                                          • Instruction ID: 00a3fdd881b46e2b4609b564a60014bdd7336be1bd8c81de555b7b88114d7421
                                          • Opcode Fuzzy Hash: d4f2527f5e297b3247d74de22ab5efa675dba38139f289bad6aad448356947c2
                                          • Instruction Fuzzy Hash: D8F0A42194F3864FD352FB34A9961F97BB0DF42254F0945F7C088C6493EA6C6445C376
                                          Function 00007FF848A81240 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 755c5e4126840f1fe519e6dc612db97d1732234342fa643e6d4dc4486ff932d5
                                          • Instruction ID: 1a85ce0c381afc42743f675bf8c1c6667585a87a506bc9c0829559e109eff255
                                          • Opcode Fuzzy Hash: 755c5e4126840f1fe519e6dc612db97d1732234342fa643e6d4dc4486ff932d5
                                          • Instruction Fuzzy Hash: BAF08C70D0EA5A8EEB98EA68A81E3BA77A0FF56251F00017AD41AC20D1EBA411548661
                                          Function 00007FF848A8AB28 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f72f74d0bbc7f7dfd96b2253a5485ba4a9c8333948090020485b721eb9530dd8
                                          • Instruction ID: 1f685ee9586ecbbb92323345d9406ee4af6755e82b121c6970180d007fc18a44
                                          • Opcode Fuzzy Hash: f72f74d0bbc7f7dfd96b2253a5485ba4a9c8333948090020485b721eb9530dd8
                                          • Instruction Fuzzy Hash: 7EF0813095E50D9FEB58FB24C4492FA76A0FF08348F50087AE42ED2191DF756590C655
                                          Function 00007FF848A805D0 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96449ee46565ddceba794d3f2f221a46adc04da404f396e77970457a7906cbdd
                                          • Instruction ID: 88ca904219330d6f282e459d3380920c85d2b65e6edc7b5a13b5ba35383e1b4b
                                          • Opcode Fuzzy Hash: 96449ee46565ddceba794d3f2f221a46adc04da404f396e77970457a7906cbdd
                                          • Instruction Fuzzy Hash: 1CF0623090E64E8FEB98FE24A45A6FA77A0FF15344F50047AE80DC6181DB79A550CBA5
                                          Function 00007FF848A922B5 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0fc486811d3e10db68ea186160c799cf65a0fe517a76f42f78d0c143b08452c3
                                          • Instruction ID: 4c412f1554a784e951d29f6787e193e9dc0241b81aa81e285584777b96f4e955
                                          • Opcode Fuzzy Hash: 0fc486811d3e10db68ea186160c799cf65a0fe517a76f42f78d0c143b08452c3
                                          • Instruction Fuzzy Hash: 76F0E93084F2894FEB54EF2488562FA3BA0FF45358F4008BAE829861C2DBA45454C752
                                          Function 00007FF848A827C9 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c797ed37c97762efb0527740d06c9011318da3ea901e001a0523173953d146cd
                                          • Instruction ID: e37224b33f482ad6faa6f47638c29e0a38ea13ae93398a88d886083554187e83
                                          • Opcode Fuzzy Hash: c797ed37c97762efb0527740d06c9011318da3ea901e001a0523173953d146cd
                                          • Instruction Fuzzy Hash: E4F0493080E3898FEB5AAB24885A1B93BB0FF16345F4505BAD409C6092DB799454C762
                                          Function 00007FF848A8283D Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: beb234b8ada5ac7bf969ca6000bc30a4507f1cb02e2dcb40aef88f1bee387bd1
                                          • Instruction ID: 01885801ba0644264c2a2763eb9096a3e58ce95ab2f15a5ef5055c7dac63cee6
                                          • Opcode Fuzzy Hash: beb234b8ada5ac7bf969ca6000bc30a4507f1cb02e2dcb40aef88f1bee387bd1
                                          • Instruction Fuzzy Hash: BDF0B43185E6898FEF59AF2494562F93BA0FF15344F4104BED809C51D1DB7894548761
                                          Function 00007FF848A8BE01 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e329a48b8735815ea659d5fb75ba4bfdb7082ecb1bc4fe82a497c881ec2ef114
                                          • Instruction ID: 4a4cceadbc66970613cdd72e63d59d57e4083d8bff604a1449f0827542ff3247
                                          • Opcode Fuzzy Hash: e329a48b8735815ea659d5fb75ba4bfdb7082ecb1bc4fe82a497c881ec2ef114
                                          • Instruction Fuzzy Hash: 23F01470D0910ACFDB04EF98E8919EDB7B2FF58300F24402AE416A3291DBB86884CF65
                                          Function 00007FF848A86BE3 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 623133879d99703d8fb533ac78a47ac8c63bc601e33b4924c7a424018c6de30a
                                          • Instruction ID: 07394ac21b5625727eee37208c42bee6e75ea6a63449d6b537a0b5da58112e43
                                          • Opcode Fuzzy Hash: 623133879d99703d8fb533ac78a47ac8c63bc601e33b4924c7a424018c6de30a
                                          • Instruction Fuzzy Hash: B2E09A7090E91E8FDB98EA148855AF9B765EF05342F1001E9805ED3291DFB46AD08F26
                                          Function 00007FF848A80FCB Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d0da98e4eb868f9ef4ec68dcf31d7be3ab912277da32f53f1093bdcd22783f96
                                          • Instruction ID: d5d53f0ea9e1f5a2ac63b1e6f16f913d4fd6930f65e89f59740a020357072645
                                          • Opcode Fuzzy Hash: d0da98e4eb868f9ef4ec68dcf31d7be3ab912277da32f53f1093bdcd22783f96
                                          • Instruction Fuzzy Hash: 3AE08C30C1A50D4EEBA4FF24CC51BADBAB0EF04300F1051B5C00CA3281CE742E804B68
                                          Function 00007FF848A8B805 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1f96b58f1765afdb649f5b0400bab10f40129d502d75988dbd187a620156661
                                          • Instruction ID: c4623f2e35345990b8abf6aa99f2090e89a13be2cf8b83843623c87ec87ed349
                                          • Opcode Fuzzy Hash: e1f96b58f1765afdb649f5b0400bab10f40129d502d75988dbd187a620156661
                                          • Instruction Fuzzy Hash: 1DD0C93091E85A9EEF90FA14D441EF9B374EF15340F1052B1840ED6146CE74AAC29F95
                                          Function 00007FF848A916D1 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 515621dd3a531a3a494e6b122739c2138b0e479161ec2071330ea99dbb6d90c6
                                          • Instruction ID: 62b95c66871ab2e5266d09d7ed46e7609cda6c273f45272ef840e7485e42f050
                                          • Opcode Fuzzy Hash: 515621dd3a531a3a494e6b122739c2138b0e479161ec2071330ea99dbb6d90c6
                                          • Instruction Fuzzy Hash: 0DD0A93480E2058FE3099F2088ACAA97BA0EF40300F0000BAE08D9B292CEB80048CB14

                                          Non-executed Functions

                                          Function 00007FF848A8F8C5 Relevance: 5.0, Strings: 4, Instructions: 43COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000027.00000002.2240270758.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_39_2_7ff848a80000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 7$J$[$^
                                          • API String ID: 0-1280583431
                                          • Opcode ID: 4ce4d478d1c8811c8d049cb04ea8efb2f2643c05176731cb93968d5038b9c862
                                          • Instruction ID: 8a580f0ae183b055b2d11723186d619b4c29e27d695503f83a2f8bbe103ce690
                                          • Opcode Fuzzy Hash: 4ce4d478d1c8811c8d049cb04ea8efb2f2643c05176731cb93968d5038b9c862
                                          • Instruction Fuzzy Hash: 99112870D09269CFEB68EF00D8957AAB7B1BF05341F0045B9D40E97280CBB86E94CF56

                                          Executed Functions

                                          Function 00007FF848AB1199 Relevance: 8.9, Strings: 7, Instructions: 167COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $"$$$*$.$[$}
                                          • API String ID: 0-2227069639
                                          • Opcode ID: 8f48bf96bc1de4da3c5090dc7830db63ac1f38b6bf142a919f212efcd7a310e6
                                          • Instruction ID: 1b92d37ed3e0ebc5c8ba48fb403829b687ace8351781e5baa1892b55e6f07f5d
                                          • Opcode Fuzzy Hash: 8f48bf96bc1de4da3c5090dc7830db63ac1f38b6bf142a919f212efcd7a310e6
                                          • Instruction Fuzzy Hash: 3071F470D092298FEB68EF54D8997FDB6B1BF58341F1041BAD10EA7281CBB85984CF25
                                          Function 00007FF848AAF7C8 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .$F
                                          • API String ID: 0-2747643899
                                          • Opcode ID: 84d59ec9279f7e14dc2d5517c8d678d38ba0eb34e21e631ec6c5749f29e73b3b
                                          • Instruction ID: fe45a86a4d3d4e55512fbb723b0f8c3875b5eeec3a00ac636e36fcd6211ee548
                                          • Opcode Fuzzy Hash: 84d59ec9279f7e14dc2d5517c8d678d38ba0eb34e21e631ec6c5749f29e73b3b
                                          • Instruction Fuzzy Hash: F7513770E196698FDBA9EF18C8967E9B7B5FB58340F0001EAD10DE3281DB746E818F45
                                          Function 00007FF848AAE88A Relevance: 2.6, Strings: 2, Instructions: 50COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: d$}
                                          • API String ID: 0-1875072713
                                          • Opcode ID: a11421c1ed6d527a7395b78c8c14613d6a998517462d5e0f1d56376b95bee217
                                          • Instruction ID: 0ac69d03c23b1cd5c8ee9c415fe2918facb241938b25ecda52fd3166c5e1fd1b
                                          • Opcode Fuzzy Hash: a11421c1ed6d527a7395b78c8c14613d6a998517462d5e0f1d56376b95bee217
                                          • Instruction Fuzzy Hash: 9211E470D0966ACFDB68EF04C8917E9B7B1FB54381F0045EAD40EA2690CB746E90CF55
                                          Function 00007FF848AA06C0 Relevance: 1.5, Strings: 1, Instructions: 230COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: _
                                          • API String ID: 0-701932520
                                          • Opcode ID: c258408cf491d463dcc412fa8b06bbc3f3c7dbebecc27ed7ee27851cec08cea8
                                          • Instruction ID: c3eb7d29bae5946244b969a46680db0d6660ed89e9d45043dc6e2023bba57ae6
                                          • Opcode Fuzzy Hash: c258408cf491d463dcc412fa8b06bbc3f3c7dbebecc27ed7ee27851cec08cea8
                                          • Instruction Fuzzy Hash: CA610752D0FFC28FE255F67C68071B93B90EF666D0F0941BBC0489709BE9789806869A
                                          Function 00007FF848AAC8F3 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: {K_^
                                          • API String ID: 0-1346742216
                                          • Opcode ID: 139b1c89e41d312a3fb89c4d2813dc41302f4a4d7adf76272286d9b15a6614b7
                                          • Instruction ID: 9385cf1cd178c198358ee34fe2796e7f1f81fc5db07154c758da908654bf3b8e
                                          • Opcode Fuzzy Hash: 139b1c89e41d312a3fb89c4d2813dc41302f4a4d7adf76272286d9b15a6614b7
                                          • Instruction Fuzzy Hash: 2E31B67290EA578EFB02FB6CA4421FC7760EF523E4F041537D41C99083EF68224586AA
                                          Function 00007FF848AA0805 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: _
                                          • API String ID: 0-701932520
                                          • Opcode ID: ce9c2d4432d9e1313ab64a521d9f1a98a26c428b2137090d195733870c4a1b9f
                                          • Instruction ID: 4935d4cf45a6ef6520c4d9bab91515f2f8b84738630c855cf3de97fbd20c6231
                                          • Opcode Fuzzy Hash: ce9c2d4432d9e1313ab64a521d9f1a98a26c428b2137090d195733870c4a1b9f
                                          • Instruction Fuzzy Hash: 7721F962D0E682DFE704B77CA85B1F97BE0EF163D4F085077D448C9443EE54615AC29A
                                          Function 00007FF848AB1953 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: "
                                          • API String ID: 0-123907689
                                          • Opcode ID: 3bcb1336217004201fac0938df2c8b92073c00e52a4132fd13ce3fe8b8686871
                                          • Instruction ID: 9bb59d4acd4b73e065c3ddd6e895b51420841a5edbdfdac1db10936d6cc82b4e
                                          • Opcode Fuzzy Hash: 3bcb1336217004201fac0938df2c8b92073c00e52a4132fd13ce3fe8b8686871
                                          • Instruction Fuzzy Hash: 6C010834D0961A8FEB28DF85C8987EDB7B1FBA1300F148176C408AB288DBB45984CF45
                                          Function 00007FF848AB32C8 Relevance: .5, Instructions: 473COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 77187937e47d6bd3563a47edfeaed39377cb52c7eff53f5d4811418dc964c2d2
                                          • Instruction ID: ed4760897ce5f80c857d85128ee54456b151c151100c05fcc63448f26ed41361
                                          • Opcode Fuzzy Hash: 77187937e47d6bd3563a47edfeaed39377cb52c7eff53f5d4811418dc964c2d2
                                          • Instruction Fuzzy Hash: 42219E3190E6C99FE342E778985A1AA7FF0FF16340F0905FBD048C7193EB68A5548762
                                          Function 00007FF848AAD989 Relevance: .4, Instructions: 394COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 99f5164396b347684e85115476943f1a68e08154de75496d39081bde7443dc0e
                                          • Instruction ID: 85cdea2e789eefdfab625a6e38074d76f62dc530c883eb2a70bf74817629bd40
                                          • Opcode Fuzzy Hash: 99f5164396b347684e85115476943f1a68e08154de75496d39081bde7443dc0e
                                          • Instruction Fuzzy Hash: 40E15A30D19A4A8FEB98EF68C4557B8B7A1FF18380F4401BAD00DE7692CB786880CB55
                                          Function 00007FF848AA1738 Relevance: .3, Instructions: 287COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1450ce6dcf8efdf091aeba60f412e69b7c8d66102eb66de653632240e69e7e4b
                                          • Instruction ID: f4ed0c9bc1e5a4e18c864f080a50e0d816aaa6093eead86bca493ffcec5ec06a
                                          • Opcode Fuzzy Hash: 1450ce6dcf8efdf091aeba60f412e69b7c8d66102eb66de653632240e69e7e4b
                                          • Instruction Fuzzy Hash: 2D819131A0DB898FDB58EE1898566B977E2FF98794F14016ED44EC3286CE74A802C785
                                          Function 00007FF848AB2953 Relevance: .2, Instructions: 220COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 21fbe88dc52e771fa4afe208dd847314730d2ee3abf45e9a83eb888b2ecc2fbe
                                          • Instruction ID: b081245066b1274e0fd2df7e23d71ac2dca225ffd2998188fa3c1ed4ce94902e
                                          • Opcode Fuzzy Hash: 21fbe88dc52e771fa4afe208dd847314730d2ee3abf45e9a83eb888b2ecc2fbe
                                          • Instruction Fuzzy Hash: B891E170D1961D8EEBA4EF68C8567ECB7B1FF98340F1041AAC00DE3292DF746A818B55
                                          Function 00007FF848AB2881 Relevance: .2, Instructions: 207COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53aa870ac6b47553eb66aa963ed16e20c761d4a321f46af6f9599cc4f68b4c95
                                          • Instruction ID: abd9187bebc4427eb5fefdf03a2115aa394eb62ea1f6f1548b5d4278504b488c
                                          • Opcode Fuzzy Hash: 53aa870ac6b47553eb66aa963ed16e20c761d4a321f46af6f9599cc4f68b4c95
                                          • Instruction Fuzzy Hash: DB71E770D0961D8EEBA4EB68C8557ADB6F1FFA8341F1041BAC10DE3292DF746984CB15
                                          Function 00007FF848AA1D8D Relevance: .2, Instructions: 190COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c8b1a29f8340a098666746cbb47a9e7d3675387142e6c58f7dd6ef36884d5a3f
                                          • Instruction ID: 5c6e85dae850bac1df8bfb5e43bda32e6f439663009cb857f51f2642eaca90a6
                                          • Opcode Fuzzy Hash: c8b1a29f8340a098666746cbb47a9e7d3675387142e6c58f7dd6ef36884d5a3f
                                          • Instruction Fuzzy Hash: 9851F131A0CB898FDB48EE1898596BA73E2FF98790F14417ED44EC7285CF75A802C781
                                          Function 00007FF848AB51B0 Relevance: .2, Instructions: 182COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3f34053e4d6f37a567deaf4207dcb76c3726d3b253f6f0792c72d71893cc7c8b
                                          • Instruction ID: 6fd72094429935afb80e552e776488b10c60cf5aaffcec55506bd7a513541655
                                          • Opcode Fuzzy Hash: 3f34053e4d6f37a567deaf4207dcb76c3726d3b253f6f0792c72d71893cc7c8b
                                          • Instruction Fuzzy Hash: B2513B70D19A1D8FEB94EBA8D85ABACB7F1FF68341F10016AD00DE3291CF7468818B55
                                          Function 00007FF848AA3251 Relevance: .2, Instructions: 172COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d21d0e4c87b12c89f0927aa01b60b29e0f9d2be17a393f877f02f15c105e23b2
                                          • Instruction ID: 78532a86b0771549edf3160aee38eeadb213403f4e89225fd58187fa473b0846
                                          • Opcode Fuzzy Hash: d21d0e4c87b12c89f0927aa01b60b29e0f9d2be17a393f877f02f15c105e23b2
                                          • Instruction Fuzzy Hash: 33513470D0D61D8FEB54EBA8C4866EDBBB1FF58381F50403AD009E7696CB786884CB65
                                          Function 00007FF848AA3615 Relevance: .2, Instructions: 154COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a0b9c3fd9ee2c436aeb81efe3ba0a08aec92ec8fd978bd7f39b9941f5285903d
                                          • Instruction ID: 8a35983af7642864b3190b9921b55d014f424c3073a7da34bb0ba37e271f6e8b
                                          • Opcode Fuzzy Hash: a0b9c3fd9ee2c436aeb81efe3ba0a08aec92ec8fd978bd7f39b9941f5285903d
                                          • Instruction Fuzzy Hash: FE518C30E1DA8E9FEB98EB68C4657BDBBE0FF59394F4001BAD009D7291DF6468408B11
                                          Function 00007FF848AA21A5 Relevance: .1, Instructions: 140COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8c6904cdeebe8939a3b8e8c3df5428fa498ad398f2b01cede377c4c68ca68578
                                          • Instruction ID: da2eb2f9653a686cafb981176d920d8bcc1dd636524234d95342d31b2f29b13e
                                          • Opcode Fuzzy Hash: 8c6904cdeebe8939a3b8e8c3df5428fa498ad398f2b01cede377c4c68ca68578
                                          • Instruction Fuzzy Hash: 68415A31F0EA894FE355E73898561B9BBE0EF46384F0445FBD40CC7592DF68A8058366
                                          Function 00007FF848AABCF9 Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 48ea0a50bdcfd414e7b4839a9369cc5fe1b22a87567f235d73467f3f8b24448b
                                          • Instruction ID: 6d40f3a1f865e4f1291786e50ea7f5315d3a7008c249231e1d2476ebda5a7c10
                                          • Opcode Fuzzy Hash: 48ea0a50bdcfd414e7b4839a9369cc5fe1b22a87567f235d73467f3f8b24448b
                                          • Instruction Fuzzy Hash: FE512770D0E25A8FEB58EFA4C8556FDB7F1AF18380F14003AD009A7691DBB86845CB69
                                          Function 00007FF848AAC208 Relevance: .1, Instructions: 107COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dfea7f4e83829758c9bba152c497de0f8a494f76940469c32d7f0bbd9f9eca23
                                          • Instruction ID: 8b89731de1893b5f3d8de5f12402e9bfd003e1ac04c775111a853af67bb5d088
                                          • Opcode Fuzzy Hash: dfea7f4e83829758c9bba152c497de0f8a494f76940469c32d7f0bbd9f9eca23
                                          • Instruction Fuzzy Hash: 1C311C34D1DA1D8EEB94FB6894526BCB7F1FF98380F501039D00DE3682DF6468469B55
                                          Function 00007FF848AAC280 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 11c6c5b7e7f7f3b61535d2782639873be3dd5bdd6655836d0bc348aa8dcc42f2
                                          • Instruction ID: 1bc7fd33464258bb0a50aa829038fe6cf12e02354a58544ee8e6334f74d91032
                                          • Opcode Fuzzy Hash: 11c6c5b7e7f7f3b61535d2782639873be3dd5bdd6655836d0bc348aa8dcc42f2
                                          • Instruction Fuzzy Hash: 7F212B34E1DA1D8EEB94FBA884526BCB7F1FF99380F501139D00DE3682DF6468429755
                                          Function 00007FF848AAAEDA Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea685afb67b4eddc912a3a55dd952717ebe0b93400ac1a3ab0c0667b834b3f2e
                                          • Instruction ID: 0d29db8ec4f703b06392e13afee2878b8be0b09985051f67f3770f6b375016ac
                                          • Opcode Fuzzy Hash: ea685afb67b4eddc912a3a55dd952717ebe0b93400ac1a3ab0c0667b834b3f2e
                                          • Instruction Fuzzy Hash: D0213CB0D1EA0A9FEB95FB68844A2FD77E0FF58381F004876D409C2495EFB4B5808665
                                          Function 00007FF848AA3511 Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d9e94efa99d4131d7ae34302ba0cada3a40372dee2f675ef37af9402bad7c5b
                                          • Instruction ID: c36dc2a250a2b8490d15a805c97315dbaa78c6932f547c63838c84d503b23154
                                          • Opcode Fuzzy Hash: 1d9e94efa99d4131d7ae34302ba0cada3a40372dee2f675ef37af9402bad7c5b
                                          • Instruction Fuzzy Hash: A9215B30A0EA4E8FEB55FF68C84A1BA77A0FF18381F4009BAD41AC7591DB76E540CB51
                                          Function 00007FF848AA3595 Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3286381daeb0d64da9a6a042fe355c378730502ea9c238d10c14a499c4ebdbcb
                                          • Instruction ID: 8221636c3f6e115b226fd6dbb9f9408c58a853ac986a3423b4fcb0cae10913ee
                                          • Opcode Fuzzy Hash: 3286381daeb0d64da9a6a042fe355c378730502ea9c238d10c14a499c4ebdbcb
                                          • Instruction Fuzzy Hash: AA217530A0A64E8FEB88EF28C45A1BD7BA0FF18380F1008BAD41AC7591DF76A5408B55
                                          Function 00007FF848AA3468 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: afc57d33389349cdf6b49721b881b06d42788fe45b36fc989f84f5b89af5bf05
                                          • Instruction ID: 5a0c10a0952ca773db2cd21b45f0ff595c07ca7df833da8d7056e5d643cc1c7f
                                          • Opcode Fuzzy Hash: afc57d33389349cdf6b49721b881b06d42788fe45b36fc989f84f5b89af5bf05
                                          • Instruction Fuzzy Hash: 66218E3084E78A9FE743EB7888595A97FF0EF1A351F0504E7D045CB0A2DB789545C721
                                          Function 00007FF848AA3814 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2ad5d72de6362dfb8069bf477bdd94b9a05169355fe635b2d3b71c4b7ed58b96
                                          • Instruction ID: 5bf9c8c93d34eff0b52d95cc2e2a4239ff82a7792a602b99802b23373fb42eef
                                          • Opcode Fuzzy Hash: 2ad5d72de6362dfb8069bf477bdd94b9a05169355fe635b2d3b71c4b7ed58b96
                                          • Instruction Fuzzy Hash: B021BEB190E64A8FE748EF68C8153AD7BB0EB8A354F6000BEC009C32D6CBB914558B40
                                          Function 00007FF848AB2610 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ab3d7d6fc3ce63424f8cb0be112d3d201ad043166fad6ec3536c0535e6a5036
                                          • Instruction ID: 889d95d9cc76c4ca2a958f57637ce6ae4cb845f962813a6b343d1cf2ff327c69
                                          • Opcode Fuzzy Hash: 7ab3d7d6fc3ce63424f8cb0be112d3d201ad043166fad6ec3536c0535e6a5036
                                          • Instruction Fuzzy Hash: 7E219D3085E6C94FD746EB2088292F57FB0EF26205F0505EBD449C70E3DB695444C726
                                          Function 00007FF848AA0A01 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d61b8fa35697f3b470299cb3b86464bd2a08d3725a34b80b64ad7447a4418d2a
                                          • Instruction ID: e15964836b6dc8d89309bdf7dbede8b2109bf886e2fa05abcc1230b9e1197234
                                          • Opcode Fuzzy Hash: d61b8fa35697f3b470299cb3b86464bd2a08d3725a34b80b64ad7447a4418d2a
                                          • Instruction Fuzzy Hash: 54116A70D0EA4E9EE780FB68884A1BD7BE0FF58380F4045B6D409C7592EF78A544C765
                                          Function 00007FF848AA122D Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ae3d3fbdd03d6f0f686e8a896c9530a613297509f2ec9f86e09c738a8c99e2ca
                                          • Instruction ID: 1223c59b999800527b87eb2256377793d915159a41deda7d51295cfc20f8d4ff
                                          • Opcode Fuzzy Hash: ae3d3fbdd03d6f0f686e8a896c9530a613297509f2ec9f86e09c738a8c99e2ca
                                          • Instruction Fuzzy Hash: A811E270D0EA4A9FEB49EB68945E2B97BE0FF69390F4000BAC00AC64D1EF649044C711
                                          Function 00007FF848AAC980 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5d4db953396dd91940b87654c020413910c146763c4b3fd9edf8831ffd3fce40
                                          • Instruction ID: b5c24d16125f326753f963957ef1dea8a104fb7785e0d5f8ec8c15fb4ad7109f
                                          • Opcode Fuzzy Hash: 5d4db953396dd91940b87654c020413910c146763c4b3fd9edf8831ffd3fce40
                                          • Instruction Fuzzy Hash: 06116D3080EA4E8EEB46FF24845A2F97BB0FF19380F0104BAD419D61A2DB755550C756
                                          Function 00007FF848AB2801 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e8bc91080c7cbd30958d6e109f16b61ed9fd21789fc6253b7bd7b6647a58cb0
                                          • Instruction ID: 5f6baf1d8ea64c1cc77e2f39b439027e58e0623b50b45c81bf6c34a4b17b48be
                                          • Opcode Fuzzy Hash: 6e8bc91080c7cbd30958d6e109f16b61ed9fd21789fc6253b7bd7b6647a58cb0
                                          • Instruction Fuzzy Hash: 2E11A13080E64E8FE782FB7484892F97BE0EF69340F0044B6D418C70A2DB749144C751
                                          Function 00007FF848AABC75 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 912b1999f05c77bbd3ed7c3f618648eca908febdf3e3669a59de0cc32639f2a9
                                          • Instruction ID: bd581419c41a50942fc0ab811370cb6aed18bba542e9b7721400c67b80bf0e0f
                                          • Opcode Fuzzy Hash: 912b1999f05c77bbd3ed7c3f618648eca908febdf3e3669a59de0cc32639f2a9
                                          • Instruction Fuzzy Hash: 0A11797090E64D8FEB88EF28885A6BD7BA0FF18381F0108BAD409D2591DFB5A554CB15
                                          Function 00007FF848AAC0D9 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14f2c45a4235144718a0aba2a3a34b514ace7d70b2b9d17ef0657c717ad2acbc
                                          • Instruction ID: c09ed3434896b7a55f900c4e2a28499a95b0eb6a9ba97b00fb040045d5f0ce65
                                          • Opcode Fuzzy Hash: 14f2c45a4235144718a0aba2a3a34b514ace7d70b2b9d17ef0657c717ad2acbc
                                          • Instruction Fuzzy Hash: 90115A3090E68D8FEB85EB24885A2BD7BF0FF59381F0004BAD419C7592DB79A544C715
                                          Function 00007FF848AA05D8 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6921470748c27c92a078bdf65c15b7c55380792c4f7d544d12f865e9f761f34c
                                          • Instruction ID: 8d0e17546566bb36a6837526e60e0e88da603a7300b24e162d8e47c5a6ec9e18
                                          • Opcode Fuzzy Hash: 6921470748c27c92a078bdf65c15b7c55380792c4f7d544d12f865e9f761f34c
                                          • Instruction Fuzzy Hash: 2201883090AA0EAFEB98EF24D04A6BAB7A1EF58384F50447AD41ED2580CBB5A550CB55
                                          Function 00007FF848AA2ED1 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 224901c23d0add1d5e42447d3508c01b76a4cd7c8dc137afa9b2bf30699be3c5
                                          • Instruction ID: 8ba975c4489b9bee468f7195afd4d9e9df53ef25aa9c82d8f1f7ee3fcfc5b391
                                          • Opcode Fuzzy Hash: 224901c23d0add1d5e42447d3508c01b76a4cd7c8dc137afa9b2bf30699be3c5
                                          • Instruction Fuzzy Hash: 4D01DF30A0E64A8FE751FB24884A1A97BE0EF19384F0148B6D408C7096EBB4E0648722
                                          Function 00007FF848AA1D05 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef5df77ecc6d2c5c7ba1c65c896d86641742556fed182a601aa7f05123c64bdd
                                          • Instruction ID: c5d3b118ac33f009fd52e9406fcc63df0b44808916203d6b245e573929e9a312
                                          • Opcode Fuzzy Hash: ef5df77ecc6d2c5c7ba1c65c896d86641742556fed182a601aa7f05123c64bdd
                                          • Instruction Fuzzy Hash: 0D01D13090E78E8FEB99EF24D85A2B93BA0FF56380F5000BAD40AC6582CBB99450C751
                                          Function 00007FF848AB0E00 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9af7e55bd8eca8e91ba379879372f395b35cd2fd1f94073fcf54381d1ec77898
                                          • Instruction ID: 7d0cc7ba3a0ed2eb1dd0582d060bc614dc806d926821ad1dd25c8cf20724dbf5
                                          • Opcode Fuzzy Hash: 9af7e55bd8eca8e91ba379879372f395b35cd2fd1f94073fcf54381d1ec77898
                                          • Instruction Fuzzy Hash: 75017C3091990E8EEB84FF64C4492BE77E1FF28300F00087AD41ED2190EF70A550C711
                                          Function 00007FF848AA28AD Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2c6c82ff4ace7fffd0087862d76e36b1091eedfd718e26d7ac4b3f16b1371ca3
                                          • Instruction ID: 6b47ffcc99b9f67557d342d1adf472383d7467bd4b1880acd9a2f7432d12a5b7
                                          • Opcode Fuzzy Hash: 2c6c82ff4ace7fffd0087862d76e36b1091eedfd718e26d7ac4b3f16b1371ca3
                                          • Instruction Fuzzy Hash: F001B131A0E64D8FE741FB24884A1B97BE0FF19380F0144B6E408C7492DB74E054C711
                                          Function 00007FF848AB0DE1 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e5f9c7189d8c21a0fbdc462732a9aea8cdb3cb1319693149f7c9c093beadba9a
                                          • Instruction ID: 1f61aeb628af9d0e69762690148abff09dd23370fcc9b590c5f122e63ba3d449
                                          • Opcode Fuzzy Hash: e5f9c7189d8c21a0fbdc462732a9aea8cdb3cb1319693149f7c9c093beadba9a
                                          • Instruction Fuzzy Hash: C3F04F71C0E68E8FEB94FF64885A2FE7BA0FF25341F40057AE918C2191EB74A5548751
                                          Function 00007FF848AAAA59 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd98fd862d2ae9a14b2208143ed515873e8584674c194d480fed9626476d39de
                                          • Instruction ID: 79ebbabb97ed5c007f91cc407b5a66193a78024c8103d97886fe93c376de2531
                                          • Opcode Fuzzy Hash: fd98fd862d2ae9a14b2208143ed515873e8584674c194d480fed9626476d39de
                                          • Instruction Fuzzy Hash: 2001A23094E7499FE752FB74884A6A97BE0EF0A380F1549F2D409C74A2DB38B484C726
                                          Function 00007FF848AA2F49 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e38301c89ad82767e4227bfba56eb32d65ef3e76b066c433900032eb17695c7
                                          • Instruction ID: 3df1ce68714ccb8e65007ee868c38348c593faf99f91eca05f4954b88a7d450f
                                          • Opcode Fuzzy Hash: 7e38301c89ad82767e4227bfba56eb32d65ef3e76b066c433900032eb17695c7
                                          • Instruction Fuzzy Hash: EE01D430A0E7894FE752F734844A1AD7BE0EF15384F0509F6C409C74AADBA8A464C312
                                          Function 00007FF848AA0610 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc26db9b67395e0853dcf564787cca9e02b9345d01f2da68c52aa5d886b1c00d
                                          • Instruction ID: 5dc63222f33476afb8a043db3eb432bb3793fa9ea7c4e9e6cc76647ac51c7722
                                          • Opcode Fuzzy Hash: dc26db9b67395e0853dcf564787cca9e02b9345d01f2da68c52aa5d886b1c00d
                                          • Instruction Fuzzy Hash: 3E016D3091AA0E9EEB48FF2480492B977A0FF1C389F10087EE40EC29D1DF75A560C655
                                          Function 00007FF848AA0608 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 067f98be2a3b933776ff48feefdd1e339d3ac5385843e011441bdec53d657d6e
                                          • Instruction ID: dba35d4ab3e904e7ed3a1071cf2bc80a524dea7030dc041576122b615e594659
                                          • Opcode Fuzzy Hash: 067f98be2a3b933776ff48feefdd1e339d3ac5385843e011441bdec53d657d6e
                                          • Instruction Fuzzy Hash: 91016D30A1AA0D9EEB99FB24C44A2B976E0FF18389F10087EE40ED25D1DF75A160C765
                                          Function 00007FF848AAE81F Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f57f270a8e80d23cf658bf2a735d524b0f336dd3a74ad9293a1017532ea608ba
                                          • Instruction ID: 88f6658d0654d3684de029c1aceba9f7c3441f3a8b7ca02787d14056e2b05d70
                                          • Opcode Fuzzy Hash: f57f270a8e80d23cf658bf2a735d524b0f336dd3a74ad9293a1017532ea608ba
                                          • Instruction Fuzzy Hash: 5D01C9B1909A598FDF64EE08D8957A9B3F2FB54341F0041AAD41EE3291CB746E808F55
                                          Function 00007FF848AAAAC5 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5d6e67da272e8c0b46febf0442e0b446fc00198f2d4cb330ded0c82e5340d8cd
                                          • Instruction ID: 964339535bc524c31f08cd6682bbe2b70fadd612de82e713c508aa74d4c9c1ed
                                          • Opcode Fuzzy Hash: 5d6e67da272e8c0b46febf0442e0b446fc00198f2d4cb330ded0c82e5340d8cd
                                          • Instruction Fuzzy Hash: CBF0A43194F3864FE352FB3499961E97BE0DF42294F0945F7C088C6893DA6CA445C366
                                          Function 00007FF848AA1240 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6d04d9dca43b1c1a2158897c33758be1755f74524ca8c21daca65909ad45e1d7
                                          • Instruction ID: 606d025405c3ae7a880c52ec0da233b6de840587b097d6ae943b5a1bf59c10fc
                                          • Opcode Fuzzy Hash: 6d04d9dca43b1c1a2158897c33758be1755f74524ca8c21daca65909ad45e1d7
                                          • Instruction Fuzzy Hash: ABF0F470D0E74A9EFB98FB68A40E3FA73E4FF56290F00007AD41AC20C0EF6450188252
                                          Function 00007FF848AAAB28 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6428324be960cc8479b8aee55c3aad22f155088e14566b32f47e64ac8fa08239
                                          • Instruction ID: d2674e4b3a584fb58330f2a662da945f04763bd60a4cb8a3bdc14f85c3cda3d9
                                          • Opcode Fuzzy Hash: 6428324be960cc8479b8aee55c3aad22f155088e14566b32f47e64ac8fa08239
                                          • Instruction Fuzzy Hash: 64F0A43091A50D9FEB58FF64C4492FA77A0FF18348F50087EE41ED2191DF756590C655
                                          Function 00007FF848AA05D0 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f0fcbe5b95e43aefd24fb3c6284f0fda6f411185161b023dddc2f601d7c12888
                                          • Instruction ID: 67949b77807b648ed54c4338a8a01005fc43bceee726c4da5fdde3ca63085c54
                                          • Opcode Fuzzy Hash: f0fcbe5b95e43aefd24fb3c6284f0fda6f411185161b023dddc2f601d7c12888
                                          • Instruction Fuzzy Hash: AFF0C23090E74E9FEB98FE24E40A2FA77A0EF05384F40043AE80EC2581DB79A550CB95
                                          Function 00007FF848AB22B5 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1745d453a9662d5928b8d6ab95f5e57f131a364cb5e5331936fd232b44854459
                                          • Instruction ID: d4fd0b41fcfa6a1efe1e0e077ea10f8672cf619da99ff6979d177dfd9d3205dc
                                          • Opcode Fuzzy Hash: 1745d453a9662d5928b8d6ab95f5e57f131a364cb5e5331936fd232b44854459
                                          • Instruction Fuzzy Hash: 7CF0E93184F2894FEB54EF6488561F93B90FF55354F4004BBE919C60C2DBA45450C752
                                          Function 00007FF848AA27C9 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9ca7f5845184e71e2a7e13b4478777db374b4d2d465a503de87819b2ecaee1ce
                                          • Instruction ID: 697a2eef3f3d64cad4cd49e939a719066262e36bd4cd72098b86974d42c468c6
                                          • Opcode Fuzzy Hash: 9ca7f5845184e71e2a7e13b4478777db374b4d2d465a503de87819b2ecaee1ce
                                          • Instruction Fuzzy Hash: 6EF06D3090E3898FEB5AAF24885A1A93FB0FF1A345F4505FAE809C60D2DB789454C762
                                          Function 00007FF848AA283D Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dab3c12bea0bde4c4a0f2fc1dba6bf20ec61f00f2a2fba0cc518263a0651228e
                                          • Instruction ID: 2bf235e1243200fe72fd108982afdb3e31405acbe7c23e38114aeb3c90b5edb3
                                          • Opcode Fuzzy Hash: dab3c12bea0bde4c4a0f2fc1dba6bf20ec61f00f2a2fba0cc518263a0651228e
                                          • Instruction Fuzzy Hash: 80F0243094E3898FEB58AF2084062F93BA0FF19384F0000BEE808C24D1DB789420C741
                                          Function 00007FF848AABE01 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e329a48b8735815ea659d5fb75ba4bfdb7082ecb1bc4fe82a497c881ec2ef114
                                          • Instruction ID: cd413f36d9b5cc4bc58c8fbad4df078c08d10b391c093d714516ac4970be9284
                                          • Opcode Fuzzy Hash: e329a48b8735815ea659d5fb75ba4bfdb7082ecb1bc4fe82a497c881ec2ef114
                                          • Instruction Fuzzy Hash: 3CF0F670D092098FDB14EF94D4919FDB7B2EF58340F14412AE405A3691DBB468848F65
                                          Function 00007FF848AA6BE3 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 623133879d99703d8fb533ac78a47ac8c63bc601e33b4924c7a424018c6de30a
                                          • Instruction ID: 141c59f0c3b678b50c1be44c72d620dfe3e58d0688ea09962466b105ca01687a
                                          • Opcode Fuzzy Hash: 623133879d99703d8fb533ac78a47ac8c63bc601e33b4924c7a424018c6de30a
                                          • Instruction Fuzzy Hash: 61E09A3090EA1E8FDB98EA1488516E9B775EF15381F1001E9805DD3691EEB46AD08F15
                                          Function 00007FF848AA0FCB Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9a3ce04e39e40b8aa94e82d63a91c11b848557c0637f444a69443d586318661
                                          • Instruction ID: af26877f0ef3d3549651f1c3b248b86e603045c4a00c1c284ae0c09cf7f8468d
                                          • Opcode Fuzzy Hash: a9a3ce04e39e40b8aa94e82d63a91c11b848557c0637f444a69443d586318661
                                          • Instruction Fuzzy Hash: C2E08C30C1A50D8EEB90FF14CC41BADA6B0FF04344F1051B1C00DA3281CE742D844B48
                                          Function 00007FF848AAB805 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ec8e05b45fcdb4784c03a96c5fc12913286809736aed24803b7faaca5aaf406e
                                          • Instruction ID: 1a17ed608779f2284d3ede0989a155991f5aeea5e5c208cd41ac0fe8d8a74b6f
                                          • Opcode Fuzzy Hash: ec8e05b45fcdb4784c03a96c5fc12913286809736aed24803b7faaca5aaf406e
                                          • Instruction Fuzzy Hash: F3D0C930A1EA5A9EEF90FE14C441EE9B374EF15380F1052B1840ED2146CE74AAC29F85
                                          Function 00007FF848AB16D1 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e658300af11a8645535d48aa8cca5b2603ce84d878cbf99360bc99e55ebb6014
                                          • Instruction ID: f5116a7c9bcfec65f2c0aecfbee66542f9ce1afcdd34810158f57c13023d6ea5
                                          • Opcode Fuzzy Hash: e658300af11a8645535d48aa8cca5b2603ce84d878cbf99360bc99e55ebb6014
                                          • Instruction Fuzzy Hash: 12D0A93480E2058FE3098F6088ACAA97BA0FF50300F0000BAE08D9B292CAB80048CB14

                                          Non-executed Functions

                                          Function 00007FF848AAF8C5 Relevance: 5.0, Strings: 4, Instructions: 43COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000028.00000002.2241012826.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_40_2_7ff848aa0000_DVoCIYUveQTPKsllMirxd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 7$J$[$^
                                          • API String ID: 0-1280583431
                                          • Opcode ID: 4ce4d478d1c8811c8d049cb04ea8efb2f2643c05176731cb93968d5038b9c862
                                          • Instruction ID: 9e39507d53b5b6f325aa76b98e3056a0e9aa3b8830ce8048a5999470c6f5b0b7
                                          • Opcode Fuzzy Hash: 4ce4d478d1c8811c8d049cb04ea8efb2f2643c05176731cb93968d5038b9c862
                                          • Instruction Fuzzy Hash: C211FB70D0935ACFEF68EF00C8557AAB7B1AB44381F0445B9D00D97680CBB96E90CF56