Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LisectAVT_2403002A_441.exe

Overview

General Information

Sample name:LisectAVT_2403002A_441.exe
Analysis ID:1482253
MD5:192d5d6258df991016c9163d71c9dfa0
SHA1:2fc676f9fff99ce1404b9a73beaf4d5a9e0ed249
SHA256:1828da209199d572416e9123480640280b77b9941eed2e95a8b2aff64cbf61d2
Tags:exe
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Found pyInstaller with non standard icon
Potentially malicious time measurement code found
Uses known network protocols on non-standard ports
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • LisectAVT_2403002A_441.exe (PID: 7356 cmdline: "C:\Users\user\Desktop\LisectAVT_2403002A_441.exe" MD5: 192D5D6258DF991016C9163D71C9DFA0)
    • LisectAVT_2403002A_441.exe (PID: 7452 cmdline: "C:\Users\user\Desktop\LisectAVT_2403002A_441.exe" MD5: 192D5D6258DF991016C9163D71C9DFA0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Suricata Signatures

Timestamp:2024-07-25T20:05:09.638875+0200
SID:2022930
Source Port:443
Destination Port:49716
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:2024-07-25T20:04:31.621308+0200
SID:2022930
Source Port:443
Destination Port:49710
Protocol:TCP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Source: LisectAVT_2403002A_441.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304167265.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300068824.000001C357456000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: LisectAVT_2403002A_441.exe, 00000002.00000002.1860624244.00007FFEDE181000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299740425.000001C35745C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302228447.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303440623.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301169579.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303541782.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300755001.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303332256.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: LisectAVT_2403002A_441.exe, 00000002.00000002.1861004654.00007FFEE6F30000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303440623.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301506461.000001C357457000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299369881.000001C35745C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304462138.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301389269.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302321281.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1855210061.00007FFEDD3DC000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301728521.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299969403.000001C357456000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: LisectAVT_2403002A_441.exe, 00000002.00000002.1856636666.00007FFEDD96D000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303332256.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304462138.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300653447.000001C357456000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-5946imn3\src\rust\target\release\deps\cryptography_rust.pdb source: LisectAVT_2403002A_441.exe, 00000002.00000002.1856636666.00007FFEDD96D000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302228447.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302129400.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301389269.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-5946imn3\src\rust\target\release\deps\cryptography_rust.pdbbP source: LisectAVT_2403002A_441.exe, 00000002.00000002.1856636666.00007FFEDD96D000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1297825586.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1861271565.00007FFEE7101000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301078306.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301936647.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304352061.000001C357457000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: LisectAVT_2403002A_441.exe, 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301608295.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299740425.000001C35745C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300974935.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301078306.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301279765.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1861823424.00007FFEEDC53000.00000002.00000001.01000000.0000000D.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301832577.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299369881.000001C35745C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304067174.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304550105.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302038047.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300863220.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301832577.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303541782.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304352061.000001C357457000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: LisectAVT_2403002A_441.exe, 00000002.00000002.1855784842.00007FFEDD43D000.00000002.00000001.01000000.0000000E.sdmp, _ssl.pyd.0.dr
Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.3built on: Tue Sep 19 14:31:32 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: LisectAVT_2403002A_441.exe, 00000002.00000002.1856636666.00007FFEDD96D000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303872267.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301169579.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: LisectAVT_2403002A_441.exe, 00000002.00000002.1856636666.00007FFEDD96D000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1u 30 May 2023built on: Wed May 31 23:27:41 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: LisectAVT_2403002A_441.exe, 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304258062.000001C357457000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1297825586.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1861271565.00007FFEE7101000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303028500.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300755001.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302038047.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303974324.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300653447.000001C357456000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301506461.000001C357457000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1855631876.00007FFEDD417000.00000002.00000001.01000000.00000011.sdmp, _hashlib.pyd.0.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299873269.000001C357456000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299969403.000001C357456000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302129400.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303236726.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304067174.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303028500.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299479326.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1855468491.00007FFEDD3FD000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299873269.000001C357456000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: LisectAVT_2403002A_441.exe, 00000002.00000002.1860624244.00007FFEDE181000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1860824704.00007FFEE44D8000.00000002.00000001.01000000.0000000C.sdmp, _socket.pyd.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303236726.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304258062.000001C357457000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: LisectAVT_2403002A_441.exe, 00000002.00000002.1854802491.00007FFEDD1B6000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300068824.000001C357456000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301728521.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: LisectAVT_2403002A_441.exe, 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299479326.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303136482.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303974324.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300863220.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: LisectAVT_2403002A_441.exe, 00000002.00000002.1857822069.00007FFEDDE7B000.00000002.00000001.01000000.00000005.sdmp, python311.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303872267.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: LisectAVT_2403002A_441.exe, 00000002.00000002.1854802491.00007FFEDD1B6000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304550105.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302321281.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301936647.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300540729.000001C357456000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1855210061.00007FFEDD3DC000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300974935.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1861615121.00007FFEEDA73000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301279765.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304167265.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301608295.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1846549026.000001C1C3880000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303136482.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638126714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF638126714
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638117820 FindFirstFileExW,FindClose,0_2_00007FF638117820
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381309B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6381309B4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638126714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF638126714
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381309B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF6381309B4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638126714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF638126714
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638117820 FindFirstFileExW,FindClose,2_2_00007FF638117820
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638126714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF638126714
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE322E _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FFEDCDE322E

Networking

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 1007
Source: global trafficTCP traffic: 192.168.2.11:49709 -> 103.215.124.97:1007
Source: unknownTCP traffic detected without corresponding DNS query: 103.215.124.97
Source: unknownTCP traffic detected without corresponding DNS query: 103.215.124.97
Source: unknownTCP traffic detected without corresponding DNS query: 103.215.124.97
Source: unknownTCP traffic detected without corresponding DNS query: 103.215.124.97
Source: unknownTCP traffic detected without corresponding DNS query: 103.215.124.97
Source: global trafficHTTP traffic detected: GET /download/1.txt HTTP/1.1Host: 103.215.124.97:1007User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1851626410.000001C1C64B4000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1331365773.000001C1C61BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1851799733.000001C1C65EC000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833414077.000001C1C614F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841690466.000001C1C5E68000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842257050.000001C1C5E69000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1851799733.000001C1C6628000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1843368063.000001C1C5E86000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842774973.000001C1C6159000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839291832.000001C1C614F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1843755338.000001C1C615A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://103.215.124.97:1007/download/1.txt
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1851799733.000001C1C6628000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://103.215.124.97:1007/download/1.txt0
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298453828.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308614441.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1311294976.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357465000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298453828.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308614441.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1311294976.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357464000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298453828.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308614441.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1311294976.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357464000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298453828.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308614441.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299369881.000001C357462000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1311294976.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299740425.000001C357463000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299479326.000001C357463000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357465000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299873269.000001C357463000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357464000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.cotJ
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299369881.000001C357462000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299740425.000001C357463000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299479326.000001C357463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.tJ
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298453828.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308614441.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299369881.000001C357462000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1311294976.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357465000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298453828.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308614441.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1311294976.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357464000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298453828.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308614441.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1311294976.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357464000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: _hashlib.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298453828.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308614441.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1311294976.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357464000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1849709430.000001C1C5D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1837190650.000001C1C5F5B000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834206010.000001C1C5F58000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1838115449.000001C1C5F5D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1844529769.000001C1C5F61000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1845546109.000001C1C5F61000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841690466.000001C1C5E68000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842257050.000001C1C5E69000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1849972954.000001C1C5E72000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1843345150.000001C1C5F5D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1841748522.000001C1C59EB000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840289318.000001C1C5B40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1837190650.000001C1C5F5B000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834206010.000001C1C5F58000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841344026.000001C1C5EE1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5EDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1836279627.000001C1C5EDA000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834721136.000001C1C5E95000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842355120.000001C1C5EE2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1835261915.000001C1C5ED9000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1835178086.000001C1C5E9C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5E8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1834059037.000001C1C5F65000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834132801.000001C1C5F68000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839232179.000001C1C5773000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330433085.000001C1C5EA4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839172036.000001C1C575E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840791166.000001C1C5776000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298453828.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308614441.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1311294976.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357464000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298453828.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308614441.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299369881.000001C357462000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1311294976.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357465000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357464000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298453828.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308614441.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299369881.000001C357462000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1311294976.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299740425.000001C357463000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299479326.000001C357463000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357465000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299873269.000001C357463000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298453828.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308614441.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1311294976.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357464000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1849709430.000001C1C5D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1328426743.000001C1C5E72000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330433085.000001C1C5EA4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1328426743.000001C1C5EC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298453828.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308614441.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1311294976.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1307691724.000001C357464000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1834429628.000001C1C582D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1838350174.000001C1C5836000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840504515.000001C1C5838000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329989442.000001C1C582D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1328426743.000001C1C5EC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1328426743.000001C1C5E72000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1328426743.000001C1C5EC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1843649853.000001C1C5B20000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833846631.000001C1C5AE8000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842986790.000001C1C5AEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1837190650.000001C1C5F5B000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834206010.000001C1C5F58000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1838115449.000001C1C5F5D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1844529769.000001C1C5F61000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1845546109.000001C1C5F61000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841690466.000001C1C5E68000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842257050.000001C1C5E69000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1849972954.000001C1C5E72000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1843345150.000001C1C5F5D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yahoo.com/
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1325113449.000001C1C5A62000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839232179.000001C1C5773000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1847790504.000001C1C577A000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839172036.000001C1C575E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840791166.000001C1C5776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue42195.
Source: LisectAVT_2403002A_441.exe, LisectAVT_2403002A_441.exe, 00000002.00000002.1856004474.00007FFEDD47C000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1849709430.000001C1C5D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1856636666.00007FFEDD96D000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1848731646.000001C1C596B000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1845452428.000001C1C596A000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1844885568.000001C1C5969000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1325174182.000001C1C59EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1851799733.000001C1C65F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1331541403.000001C1C614F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840844032.000001C1C614F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1837462930.000001C1C614F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833414077.000001C1C614F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842774973.000001C1C6159000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839291832.000001C1C614F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1843755338.000001C1C615A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1847420620.000001C1C399B000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1323066725.000001C1C398F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1324055234.000001C1C57D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839971887.000001C1C3958000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1324930039.000001C1C57D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1848073341.000001C1C57DA000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1845429397.000001C1C3999000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322679154.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1325224793.000001C1C57C3000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1838707202.000001C1C57D4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839790017.000001C1C3946000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839917485.000001C1C57D4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322784967.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1323443608.000001C1C3985000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841119345.000001C1C57D7000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322157951.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840010394.000001C1C3998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1856636666.00007FFEDD96D000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1847446889.000001C1C5298000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1840010394.000001C1C3998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1847420620.000001C1C399B000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1323066725.000001C1C398F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1324055234.000001C1C57D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839971887.000001C1C3958000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1324930039.000001C1C57D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1848073341.000001C1C57DA000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1845429397.000001C1C3999000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322679154.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1325224793.000001C1C57C3000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1838707202.000001C1C57D4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839790017.000001C1C3946000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839917485.000001C1C57D4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322784967.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1323443608.000001C1C3985000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841119345.000001C1C57D7000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322157951.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840010394.000001C1C3998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1847420620.000001C1C399B000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1323066725.000001C1C398F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1324055234.000001C1C57D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839971887.000001C1C3958000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1324930039.000001C1C57D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1848073341.000001C1C57DA000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1845429397.000001C1C3999000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322679154.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1325224793.000001C1C57C3000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1838707202.000001C1C57D4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839790017.000001C1C3946000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839917485.000001C1C57D4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322784967.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1323443608.000001C1C3985000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841119345.000001C1C57D7000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322157951.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840010394.000001C1C3998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1844473499.000001C1C59E5000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840824206.000001C1C59DF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1835138078.000001C1C59D1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330505447.000001C1C59D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1849709430.000001C1C5D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1834059037.000001C1C5F65000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834132801.000001C1C5F68000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839232179.000001C1C5773000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330433085.000001C1C5EA4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839172036.000001C1C575E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840791166.000001C1C5776000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1832546627.000001C1C5FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1328490145.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840689235.000001C1C5A82000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834245321.000001C1C5A7E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1849173199.000001C1C5A89000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330505447.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1326667348.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1851799733.000001C1C6554000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1839790017.000001C1C3946000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841540949.000001C1C398C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842501163.000001C1C59D3000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1835178086.000001C1C5E9C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5E8E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840010394.000001C1C3998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1835996771.000001C1C5FAE000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1836716521.000001C1C5FB7000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1331908630.000001C1C5FAB000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1832546627.000001C1C5FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1849518642.000001C1C5B50000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1327087791.000001C1C59A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1857822069.00007FFEDDE7B000.00000002.00000001.01000000.00000005.sdmp, python311.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1328490145.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840689235.000001C1C5A82000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834245321.000001C1C5A7E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1849173199.000001C1C5A89000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1836113237.000001C1C5A9C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1849276293.000001C1C5AA0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330505447.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834490044.000001C1C5A9C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1326667348.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834245321.000001C1C5A9C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1851799733.000001C1C659C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1851799733.000001C1C659C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.ioP
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1839859425.000001C1C59AA000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841492578.000001C1C59B0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839831498.000001C1C59A4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842631146.000001C1C59CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1834059037.000001C1C5F65000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834132801.000001C1C5F68000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839232179.000001C1C5773000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330433085.000001C1C5EA4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839172036.000001C1C575E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840791166.000001C1C5776000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1849611137.000001C1C5C50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1849611137.000001C1C5C50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyf
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1849709430.000001C1C5D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1849709430.000001C1C5D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings0c
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1845497584.000001C1C3976000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839971887.000001C1C3958000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841562277.000001C1C3959000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1847292121.000001C1C3977000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839790017.000001C1C3946000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1844730858.000001C1C396C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1317624645.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1317624645.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1317825756.000001C357467000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1317577934.000001C357467000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1854894741.00007FFEDD1EB000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: https://www.openssl.org/H
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1328490145.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840689235.000001C1C5A82000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834245321.000001C1C5A7E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1849173199.000001C1C5A89000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330505447.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1326667348.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1835996771.000001C1C5FAE000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1836716521.000001C1C5FB7000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1331908630.000001C1C5FAB000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1832546627.000001C1C5FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1320395903.000001C1C5796000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1320395903.000001C1C57A9000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1847446889.000001C1C5210000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1321625540.000001C1C57B3000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1320655713.000001C1C57B3000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1858313533.00007FFEDDF18000.00000004.00000001.01000000.00000005.sdmp, python311.dll.0.drString found in binary or memory: https://www.python.org/psf/license/
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638135D6C0_2_00007FF638135D6C
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638134E200_2_00007FF638134E20
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381267140_2_00007FF638126714
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381167800_2_00007FF638116780
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381209A00_2_00007FF6381209A0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381309B40_2_00007FF6381309B4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381211C00_2_00007FF6381211C0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381331CC0_2_00007FF6381331CC
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF63812FA080_2_00007FF63812FA08
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638138B680_2_00007FF638138B68
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638128BA00_2_00007FF638128BA0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638120BA40_2_00007FF638120BA4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638111B900_2_00007FF638111B90
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381213C40_2_00007FF6381213C4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF63812CC040_2_00007FF63812CC04
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638122C040_2_00007FF638122C04
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638132D300_2_00007FF638132D30
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF63812FA080_2_00007FF63812FA08
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381265600_2_00007FF638126560
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638120DB00_2_00007FF638120DB0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638121E700_2_00007FF638121E70
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF63812D7180_2_00007FF63812D718
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638124F500_2_00007FF638124F50
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638126F980_2_00007FF638126F98
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638120FB40_2_00007FF638120FB4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381358200_2_00007FF638135820
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381228000_2_00007FF638122800
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381267140_2_00007FF638126714
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF63812D0980_2_00007FF63812D098
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF63813509C0_2_00007FF63813509C
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381180A00_2_00007FF6381180A0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638135D6C2_2_00007FF638135D6C
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638134E202_2_00007FF638134E20
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381209A02_2_00007FF6381209A0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381309B42_2_00007FF6381309B4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381211C02_2_00007FF6381211C0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381331CC2_2_00007FF6381331CC
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF63812FA082_2_00007FF63812FA08
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638138B682_2_00007FF638138B68
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638128BA02_2_00007FF638128BA0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638120BA42_2_00007FF638120BA4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638111B902_2_00007FF638111B90
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381213C42_2_00007FF6381213C4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF63812CC042_2_00007FF63812CC04
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638122C042_2_00007FF638122C04
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638132D302_2_00007FF638132D30
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF63812FA082_2_00007FF63812FA08
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381265602_2_00007FF638126560
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638120DB02_2_00007FF638120DB0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638121E702_2_00007FF638121E70
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF63812D7182_2_00007FF63812D718
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381267142_2_00007FF638126714
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638124F502_2_00007FF638124F50
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638126F982_2_00007FF638126F98
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638120FB42_2_00007FF638120FB4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381167802_2_00007FF638116780
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381358202_2_00007FF638135820
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381228002_2_00007FF638122800
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381267142_2_00007FF638126714
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF63812D0982_2_00007FF63812D098
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF63813509C2_2_00007FF63813509C
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381180A02_2_00007FF6381180A0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCCC18A02_2_00007FFEDCCC18A0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE72AC2_2_00007FFEDCDE72AC
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE638E2_2_00007FFEDCDE638E
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF99CD02_2_00007FFEDCF99CD0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE1D832_2_00007FFEDCDE1D83
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE50B02_2_00007FFEDCDE50B0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE736A2_2_00007FFEDCDE736A
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE16222_2_00007FFEDCDE1622
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE26712_2_00007FFEDCDE2671
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE29872_2_00007FFEDCDE2987
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE38372_2_00007FFEDCDE3837
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE72572_2_00007FFEDCDE7257
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE3BA72_2_00007FFEDCDE3BA7
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE12992_2_00007FFEDCDE1299
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE3A8A2_2_00007FFEDCDE3A8A
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE54CF2_2_00007FFEDCDE54CF
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE15C82_2_00007FFEDCDE15C8
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE65642_2_00007FFEDCDE6564
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE54342_2_00007FFEDCDE5434
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE59FC2_2_00007FFEDCDE59FC
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE4F432_2_00007FFEDCDE4F43
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF81BF02_2_00007FFEDCF81BF0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE53C62_2_00007FFEDCDE53C6
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE21352_2_00007FFEDCDE2135
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE36022_2_00007FFEDCDE3602
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE1CFD2_2_00007FFEDCDE1CFD
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE216C2_2_00007FFEDCDE216C
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE428C2_2_00007FFEDCDE428C
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE44CB2_2_00007FFEDCDE44CB
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE56142_2_00007FFEDCDE5614
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE4ACA2_2_00007FFEDCDE4ACA
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE53AD2_2_00007FFEDCDE53AD
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF994F02_2_00007FFEDCF994F0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF217E02_2_00007FFEDCF217E0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE504C2_2_00007FFEDCDE504C
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE5F102_2_00007FFEDCDE5F10
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE54D42_2_00007FFEDCDE54D4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE3A942_2_00007FFEDCDE3A94
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE44082_2_00007FFEDCDE4408
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE710D2_2_00007FFEDCDE710D
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF211B02_2_00007FFEDCF211B0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF0D1D02_2_00007FFEDCF0D1D0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE144C2_2_00007FFEDCDE144C
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCE052002_2_00007FFEDCE05200
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE12172_2_00007FFEDCDE1217
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE5BF52_2_00007FFEDCDE5BF5
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE318E2_2_00007FFEDCDE318E
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE10AA2_2_00007FFEDCDE10AA
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE65A02_2_00007FFEDCDE65A0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE68CA2_2_00007FFEDCDE68CA
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDFD2602_2_00007FFEDCDFD260
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE55152_2_00007FFEDCDE5515
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE11402_2_00007FFEDCDE1140
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE2FD12_2_00007FFEDCDE2FD1
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE11CC2_2_00007FFEDCDE11CC
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF94CF02_2_00007FFEDCF94CF0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE26EE2_2_00007FFEDCDE26EE
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE6D5C2_2_00007FFEDCDE6D5C
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE1F962_2_00007FFEDCDE1F96
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE22FC2_2_00007FFEDCDE22FC
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE6EBF2_2_00007FFEDCDE6EBF
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE36342_2_00007FFEDCDE3634
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE2D792_2_00007FFEDCDE2D79
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE27612_2_00007FFEDCDE2761
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE4A592_2_00007FFEDCDE4A59
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE4C192_2_00007FFEDCDE4C19
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE59342_2_00007FFEDCDE5934
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE22AC2_2_00007FFEDCDE22AC
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE69E72_2_00007FFEDCDE69E7
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF985C02_2_00007FFEDCF985C0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDFC4802_2_00007FFEDCDFC480
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCE904402_2_00007FFEDCE90440
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE14242_2_00007FFEDCDE1424
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDFC6202_2_00007FFEDCDFC620
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE25F42_2_00007FFEDCDE25F4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF0C8302_2_00007FFEDCF0C830
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE177B2_2_00007FFEDCDE177B
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE4B5B2_2_00007FFEDCDE4B5B
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE6C212_2_00007FFEDCDE6C21
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE5B782_2_00007FFEDCDE5B78
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE276B2_2_00007FFEDCDE276B
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE41062_2_00007FFEDCDE4106
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF100702_2_00007FFEDCF10070
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE32EC2_2_00007FFEDCDE32EC
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF203402_2_00007FFEDCF20340
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE2E912_2_00007FFEDCDE2E91
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE2C7A2_2_00007FFEDCDE2C7A
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE4C3C2_2_00007FFEDCDE4C3C
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF83C902_2_00007FFEDCF83C90
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF97CF02_2_00007FFEDCF97CF0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDFBD602_2_00007FFEDCDFBD60
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF17D102_2_00007FFEDCF17D10
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDFBF202_2_00007FFEDCDFBF20
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE30C62_2_00007FFEDCDE30C6
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE22892_2_00007FFEDCDE2289
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE6F282_2_00007FFEDCDE6F28
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE22E82_2_00007FFEDCDE22E8
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE416A2_2_00007FFEDCDE416A
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE60A02_2_00007FFEDCDE60A0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE21B72_2_00007FFEDCDE21B7
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE704A2_2_00007FFEDCDE704A
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE3FDF2_2_00007FFEDCDE3FDF
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE655F2_2_00007FFEDCDE655F
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE6A872_2_00007FFEDCDE6A87
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDD01FA702_2_00007FFEDD01FA70
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF175402_2_00007FFEDCF17540
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE5D8A2_2_00007FFEDCDE5D8A
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE3B982_2_00007FFEDCDE3B98
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE6CBC2_2_00007FFEDCDE6CBC
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE516E2_2_00007FFEDCDE516E
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCE0B5502_2_00007FFEDCE0B550
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCE4F7002_2_00007FFEDCE4F700
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE1EA12_2_00007FFEDCDE1EA1
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE213F2_2_00007FFEDCDE213F
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE46382_2_00007FFEDCDE4638
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDFF0602_2_00007FFEDCDFF060
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE72C52_2_00007FFEDCDE72C5
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDFF2002_2_00007FFEDCDFF200
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCE0B1C02_2_00007FFEDCE0B1C0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE6EF12_2_00007FFEDCDE6EF1
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE114F2_2_00007FFEDCDE114F
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE29D22_2_00007FFEDCDE29D2
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF1B2402_2_00007FFEDCF1B240
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF82D502_2_00007FFEDCF82D50
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCEC2C902_2_00007FFEDCEC2C90
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDFEF002_2_00007FFEDCDFEF00
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE5B142_2_00007FFEDCDE5B14
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE4E532_2_00007FFEDCDE4E53
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE5E252_2_00007FFEDCDE5E25
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF128A02_2_00007FFEDCF128A0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE5A652_2_00007FFEDCDE5A65
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE1CC12_2_00007FFEDCDE1CC1
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE5DA32_2_00007FFEDCDE5DA3
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCF6E9202_2_00007FFEDCF6E920
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE23F12_2_00007FFEDCDE23F1
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE4D092_2_00007FFEDCDE4D09
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE1B222_2_00007FFEDCDE1B22
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE60DC2_2_00007FFEDCDE60DC
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE36982_2_00007FFEDCDE3698
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: String function: 00007FFEDCDE2A09 appears 172 times
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: String function: 00007FFEDCDE2739 appears 468 times
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: String function: 00007FFEDCDE4D6D appears 32 times
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: String function: 00007FFEDCDE405C appears 704 times
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: String function: 00007FFEDCDE3012 appears 55 times
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: String function: 00007FFEDCDE1EF1 appears 1458 times
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: String function: 00007FFEDCDE698D appears 43 times
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: String function: 00007FFEDCDE4840 appears 118 times
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: String function: 00007FFEDCDE24B9 appears 80 times
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: String function: 00007FF638112770 appears 82 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303028500.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301506461.000001C357457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1297825586.000001C357453000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299479326.000001C35745C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1298453828.000001C357453000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300974935.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303974324.000001C357457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303332256.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299369881.000001C35745C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303136482.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304550105.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301728521.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299740425.000001C35745C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300755001.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300068824.000001C357456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301936647.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301389269.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304352061.000001C357457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301279765.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301078306.000001C357457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304167265.000001C357457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302038047.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302321281.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300863220.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302228447.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304462138.000001C357457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300653447.000001C357456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300540729.000001C357456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299873269.000001C357456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303872267.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301832577.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303440623.000001C357457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303541782.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304258062.000001C357457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299969403.000001C357456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301169579.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303236726.000001C357457000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301608295.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304067174.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302129400.000001C35745E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1315615399.000001C357459000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exeBinary or memory string: OriginalFilename vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1855354860.00007FFEDD3E5000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1861158131.00007FFEE6F3B000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1861343996.00007FFEE7107000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1860900392.00007FFEE44E2000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1860411034.00007FFEDE0B7000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython311.dll. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1855907677.00007FFEDD455000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1860713005.00007FFEDE1BC000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1846549026.000001C1C3880000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1861716126.00007FFEEDA76000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1861911872.00007FFEEDC56000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1855520577.00007FFEDD402000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1855690998.00007FFEDD41E000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs LisectAVT_2403002A_441.exe
Source: LisectAVT_2403002A_441.exe, 00000002.00000002.1854894741.00007FFEDD1EB000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamelibsslH vs LisectAVT_2403002A_441.exe
Source: classification engineClassification label: mal56.troj.evad.winEXE@3/70@0/1
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381174B0 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF6381174B0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562Jump to behavior
Source: LisectAVT_2403002A_441.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile read: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe "C:\Users\user\Desktop\LisectAVT_2403002A_441.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeProcess created: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe "C:\Users\user\Desktop\LisectAVT_2403002A_441.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeProcess created: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe "C:\Users\user\Desktop\LisectAVT_2403002A_441.exe"Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeSection loaded: kernel.appcore.dllJump to behavior
Source: LisectAVT_2403002A_441.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: LisectAVT_2403002A_441.exeStatic file information: File size 11819953 > 1048576
Source: LisectAVT_2403002A_441.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: LisectAVT_2403002A_441.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: LisectAVT_2403002A_441.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: LisectAVT_2403002A_441.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: LisectAVT_2403002A_441.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: LisectAVT_2403002A_441.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: LisectAVT_2403002A_441.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: LisectAVT_2403002A_441.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304167265.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300068824.000001C357456000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: LisectAVT_2403002A_441.exe, 00000002.00000002.1860624244.00007FFEDE181000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299740425.000001C35745C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302228447.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303440623.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301169579.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303541782.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300755001.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303332256.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: LisectAVT_2403002A_441.exe, 00000002.00000002.1861004654.00007FFEE6F30000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303440623.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301506461.000001C357457000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299369881.000001C35745C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304462138.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301389269.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302321281.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1855210061.00007FFEDD3DC000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301728521.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299969403.000001C357456000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: LisectAVT_2403002A_441.exe, 00000002.00000002.1856636666.00007FFEDD96D000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303332256.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304462138.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300653447.000001C357456000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-5946imn3\src\rust\target\release\deps\cryptography_rust.pdb source: LisectAVT_2403002A_441.exe, 00000002.00000002.1856636666.00007FFEDD96D000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302228447.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302129400.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301389269.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-5946imn3\src\rust\target\release\deps\cryptography_rust.pdbbP source: LisectAVT_2403002A_441.exe, 00000002.00000002.1856636666.00007FFEDD96D000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1297825586.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1861271565.00007FFEE7101000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301078306.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301936647.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304352061.000001C357457000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: LisectAVT_2403002A_441.exe, 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301608295.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299740425.000001C35745C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300974935.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301078306.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301279765.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1315225987.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1861823424.00007FFEEDC53000.00000002.00000001.01000000.0000000D.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301832577.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299369881.000001C35745C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304067174.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304550105.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302038047.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300863220.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301832577.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303541782.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304352061.000001C357457000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: LisectAVT_2403002A_441.exe, 00000002.00000002.1855784842.00007FFEDD43D000.00000002.00000001.01000000.0000000E.sdmp, _ssl.pyd.0.dr
Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.3built on: Tue Sep 19 14:31:32 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: LisectAVT_2403002A_441.exe, 00000002.00000002.1856636666.00007FFEDD96D000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303872267.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301169579.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: LisectAVT_2403002A_441.exe, 00000002.00000002.1856636666.00007FFEDD96D000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1u 30 May 2023built on: Wed May 31 23:27:41 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: LisectAVT_2403002A_441.exe, 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304258062.000001C357457000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1297825586.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1861271565.00007FFEE7101000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303028500.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300755001.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302038047.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303974324.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300653447.000001C357456000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301506461.000001C357457000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1298800863.000001C357454000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1855631876.00007FFEDD417000.00000002.00000001.01000000.00000011.sdmp, _hashlib.pyd.0.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299873269.000001C357456000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299969403.000001C357456000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302129400.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303236726.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304067174.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303028500.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299479326.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1297984651.000001C357453000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1855468491.00007FFEDD3FD000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299873269.000001C357456000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: LisectAVT_2403002A_441.exe, 00000002.00000002.1860624244.00007FFEDE181000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299131630.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1860824704.00007FFEE44D8000.00000002.00000001.01000000.0000000C.sdmp, _socket.pyd.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303236726.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304258062.000001C357457000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1316051665.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: LisectAVT_2403002A_441.exe, 00000002.00000002.1854802491.00007FFEDD1B6000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300068824.000001C357456000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301728521.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: LisectAVT_2403002A_441.exe, 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299479326.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303136482.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303974324.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300863220.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: LisectAVT_2403002A_441.exe, 00000002.00000002.1857822069.00007FFEDDE7B000.00000002.00000001.01000000.00000005.sdmp, python311.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303872267.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: LisectAVT_2403002A_441.exe, 00000002.00000002.1854802491.00007FFEDD1B6000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304550105.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1302321281.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301936647.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300540729.000001C357456000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: LisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1855210061.00007FFEDD3DC000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1300974935.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1299045534.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1861615121.00007FFEEDA73000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301279765.000001C35745E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1304167265.000001C357457000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1301608295.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: LisectAVT_2403002A_441.exe, 00000000.00000003.1309037026.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1846549026.000001C1C3880000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: LisectAVT_2403002A_441.exe, 00000000.00000003.1303136482.000001C35745E000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: LisectAVT_2403002A_441.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: LisectAVT_2403002A_441.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: LisectAVT_2403002A_441.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: LisectAVT_2403002A_441.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: LisectAVT_2403002A_441.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: 0x68BF20FC [Mon Sep 8 18:31:24 2025 UTC]
Source: LisectAVT_2403002A_441.exeStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: python311.dll.0.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381610E4 push rcx; retn 0000h0_2_00007FF6381610ED
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381610CC push rbp; retn 0000h0_2_00007FF6381610CD
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381610E4 push rcx; retn 0000h2_2_00007FF6381610ED
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381610CC push rbp; retn 0000h2_2_00007FF6381610CD

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeProcess created: "C:\Users\user\Desktop\LisectAVT_2403002A_441.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_cffi_backend.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\bcrypt\_bcrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\python311.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\select.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 1007
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638113DF0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF638113DF0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE4246 rdtsc 2_2_00007FFEDCDE4246
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_cffi_backend.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\bcrypt\_bcrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\python311.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\select.pydJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-16162
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeAPI coverage: 3.8 %
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638126714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF638126714
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638117820 FindFirstFileExW,FindClose,0_2_00007FF638117820
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381309B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6381309B4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638126714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF638126714
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF6381309B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF6381309B4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638126714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF638126714
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638117820 FindFirstFileExW,FindClose,2_2_00007FF638117820
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638126714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF638126714
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE322E _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FFEDCDE322E
Source: LisectAVT_2403002A_441.exe, 00000002.00000003.1842566595.000001C1C5E58000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842748170.000001C1C5E5D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1328490145.000001C1C5B1B000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1849972954.000001C1C5E5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

Anti Debugging

barindex
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE42462_2_00007FFEDCDE4246
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE57312_2_00007FFEDCDE5731
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCDE4246 rdtsc 2_2_00007FFEDCDE4246
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638129AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF638129AE4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381325A0 GetProcessHeap,0_2_00007FF6381325A0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638129AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF638129AE4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF63811AE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF63811AE00
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF63811B69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF63811B69C
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF63811B880 SetUnhandledExceptionFilter,0_2_00007FF63811B880
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF638129AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF638129AE4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF63811AE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF63811AE00
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF63811B69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF63811B69C
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FF63811B880 SetUnhandledExceptionFilter,2_2_00007FF63811B880
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCCC3058 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFEDCCC3058
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 2_2_00007FFEDCCC2A90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFEDCCC2A90
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeProcess created: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe "C:\Users\user\Desktop\LisectAVT_2403002A_441.exe"Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF6381389B0 cpuid 0_2_00007FF6381389B0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-41.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-41.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-41.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_cffi_backend.cp311-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md.cp311-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md__mypyc.cp311-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeQueries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF63811B580 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF63811B580
Source: C:\Users\user\Desktop\LisectAVT_2403002A_441.exeCode function: 0_2_00007FF638134E20 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF638134E20

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory31
Security Software Discovery		Remote Desktop ProtocolData from Removable Media11
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Timestomp		NTDS22
System Information Discovery		Distributed Component Object ModelInput Capture1
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeylogging1
Application Layer Protocol		Scheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.python.org/download/releases/2.3/mro/.0%URL Reputationsafe
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-60%URL Reputationsafe
http://curl.haxx.se/rfc/cookie_spec.html0%URL Reputationsafe
https://github.com/pyca/cryptography/issues/89960%Avira URL Cloudsafe
http://google.com/0%Avira URL Cloudsafe
https://www.apache.org/licenses/0%URL Reputationsafe
https://mahler:8092/site-updates.py0%Avira URL Cloudsafe
http://.../back.jpeg0%Avira URL Cloudsafe
https://httpbin.org/post0%Avira URL Cloudsafe
https://cryptography.io/0%Avira URL Cloudsafe
https://twitter.com/0%URL Reputationsafe
https://cloud.google.com/appengine/docs/standard/runtimes0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy0%Avira URL Cloudsafe
https://www.openssl.org/H0%URL Reputationsafe
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyf0%Avira URL Cloudsafe
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#0%Avira URL Cloudsafe
https://github.com/urllib3/urllib3/issues/4970%Avira URL Cloudsafe
https://github.com/Ousret/charset_normalizer0%Avira URL Cloudsafe
https://github.com/pyca/cryptography/actions?query=workflow%3ACI0%Avira URL Cloudsafe
https://www.apache.org/licenses/LICENSE-2.00%Avira URL Cloudsafe
https://tools.ietf.org/html/rfc2388#section-4.40%Avira URL Cloudsafe
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base640%Avira URL Cloudsafe
http://cacerts.digicert.co0%Avira URL Cloudsafe
http://yahoo.com/0%Avira URL Cloudsafe
https://cryptography.io/en/latest/changelog/0%Avira URL Cloudsafe
https://w3c.github.io/html/sec-forms.html#multipart-form-data0%Avira URL Cloudsafe
https://requests.readthedocs.ioP0%Avira URL Cloudsafe
http://www.iana.org/time-zones/repository/tz-link.html0%Avira URL Cloudsafe
http://cacerts.digicert.cotJ0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L6880%Avira URL Cloudsafe
https://mail.python.org/mailman/listinfo/cryptography-dev0%Avira URL Cloudsafe
https://requests.readthedocs.io0%Avira URL Cloudsafe
https://peps.python.org/pep-0205/0%Avira URL Cloudsafe
https://httpbin.org/get0%Avira URL Cloudsafe
http://httpbin.org/0%Avira URL Cloudsafe
https://www.python.org/0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings0c0%Avira URL Cloudsafe
https://www.python.org0%Avira URL Cloudsafe
https://json.org0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings0%Avira URL Cloudsafe
https://httpbin.org/0%Avira URL Cloudsafe
https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main0%Avira URL Cloudsafe
https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file0%Avira URL Cloudsafe
http://www.cl.cam.ac.uk/~mgk25/iso-time.html0%Avira URL Cloudsafe
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l5350%Avira URL Cloudsafe
http://103.215.124.97:1007/download/1.txt00%Avira URL Cloudsafe
https://www.python.org/psf/license/0%Avira URL Cloudsafe
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy0%Avira URL Cloudsafe
https://img.shields.io/pypi/v/cryptography.svg0%Avira URL Cloudsafe
https://cryptography.io/en/latest/installation/0%Avira URL Cloudsafe
http://google.com/mail/0%Avira URL Cloudsafe
https://bugs.python.org/issue42195.0%Avira URL Cloudsafe
http://tools.ietf.org/html/rfc6125#section-6.4.30%Avira URL Cloudsafe
https://cryptography.io/en/latest/security/0%Avira URL Cloudsafe
https://cffi.readthedocs.io/en/latest/using.html#callbacks0%Avira URL Cloudsafe
http://cacerts.tJ0%Avira URL Cloudsafe
http://103.215.124.97:1007/download/1.txt0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py0%Avira URL Cloudsafe
https://docs.python.org/3/library/socket.html#socket.socket.connect_ex0%Avira URL Cloudsafe
https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy0%Avira URL Cloudsafe
https://cryptography.io0%Avira URL Cloudsafe
https://readthedocs.org/projects/cryptography/badge/?version=latest0%Avira URL Cloudsafe
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm0%Avira URL Cloudsafe
https://github.com/pyca/cryptography/issues0%Avira URL Cloudsafe
https://peps.python.org/pep-0263/0%Avira URL Cloudsafe
http://google.com/mail0%Avira URL Cloudsafe
https://pypi.org/project/cryptography/0%Avira URL Cloudsafe
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://103.215.124.97:1007/download/1.txtfalse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://google.com/LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://mahler:8092/site-updates.pyLisectAVT_2403002A_441.exe, 00000002.00000003.1835996771.000001C1C5FAE000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1836716521.000001C1C5FB7000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1331908630.000001C1C5FAB000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1832546627.000001C1C5FAE000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/pyca/cryptography/issues/8996LisectAVT_2403002A_441.exe, 00000002.00000002.1856636666.00007FFEDD96D000.00000002.00000001.01000000.0000000A.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://.../back.jpegLisectAVT_2403002A_441.exe, 00000002.00000002.1851626410.000001C1C64B4000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1331365773.000001C1C61BB000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://cloud.google.com/appengine/docs/standard/runtimesLisectAVT_2403002A_441.exe, 00000002.00000002.1849709430.000001C1C5D50000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/pyca/cryptographyLisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
    		unknown
    https://www.python.org/download/releases/2.3/mro/.LisectAVT_2403002A_441.exe, 00000002.00000003.1320395903.000001C1C5796000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1320395903.000001C1C57A9000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1847446889.000001C1C5210000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1321625540.000001C1C57B3000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1320655713.000001C1C57B3000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cryptography.io/METADATA.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyLisectAVT_2403002A_441.exe, 00000002.00000002.1849611137.000001C1C5C50000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://httpbin.org/postLisectAVT_2403002A_441.exe, 00000002.00000003.1328490145.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840689235.000001C1C5A82000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834245321.000001C1C5A7E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1849173199.000001C1C5A89000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330505447.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1326667348.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/pyca/cryptography/LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
      		unknown
      https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyfLisectAVT_2403002A_441.exe, 00000002.00000002.1849611137.000001C1C5C50000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/Ousret/charset_normalizerLisectAVT_2403002A_441.exe, 00000002.00000003.1331541403.000001C1C614F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840844032.000001C1C614F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1837462930.000001C1C614F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833414077.000001C1C614F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842774973.000001C1C6159000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839291832.000001C1C614F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1843755338.000001C1C615A000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/urllib3/urllib3/issues/497LisectAVT_2403002A_441.exe, 00000002.00000002.1849709430.000001C1C5D50000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#LisectAVT_2403002A_441.exe, 00000002.00000002.1847420620.000001C1C399B000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1323066725.000001C1C398F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1324055234.000001C1C57D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839971887.000001C1C3958000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1324930039.000001C1C57D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1848073341.000001C1C57DA000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1845429397.000001C1C3999000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322679154.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1325224793.000001C1C57C3000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1838707202.000001C1C57D4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839790017.000001C1C3946000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839917485.000001C1C57D4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322784967.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1323443608.000001C1C3985000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841119345.000001C1C57D7000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322157951.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840010394.000001C1C3998000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/pyca/cryptography/actions?query=workflow%3ACILisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://tools.ietf.org/html/rfc2388#section-4.4LisectAVT_2403002A_441.exe, 00000002.00000003.1839859425.000001C1C59AA000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841492578.000001C1C59B0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839831498.000001C1C59A4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842631146.000001C1C59CA000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://www.apache.org/licenses/LICENSE-2.0LisectAVT_2403002A_441.exe, 00000000.00000003.1317624645.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1317825756.000001C357467000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1317577934.000001C357467000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64LisectAVT_2403002A_441.exe, 00000002.00000002.1848731646.000001C1C596B000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1845452428.000001C1C596A000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1844885568.000001C1C5969000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1325174182.000001C1C59EA000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://yahoo.com/LisectAVT_2403002A_441.exe, 00000002.00000003.1837190650.000001C1C5F5B000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834206010.000001C1C5F58000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1838115449.000001C1C5F5D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1844529769.000001C1C5F61000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1845546109.000001C1C5F61000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841690466.000001C1C5E68000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842257050.000001C1C5E69000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1849972954.000001C1C5E72000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1843345150.000001C1C5F5D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6LisectAVT_2403002A_441.exe, 00000002.00000003.1834429628.000001C1C582D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1838350174.000001C1C5836000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840504515.000001C1C5838000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329989442.000001C1C582D000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://cacerts.digicert.coLisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1298625750.000001C357454000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://w3c.github.io/html/sec-forms.html#multipart-form-dataLisectAVT_2403002A_441.exe, 00000002.00000003.1845497584.000001C1C3976000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839971887.000001C1C3958000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841562277.000001C1C3959000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1847292121.000001C1C3977000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839790017.000001C1C3946000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1844730858.000001C1C396C000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://requests.readthedocs.ioPLisectAVT_2403002A_441.exe, 00000002.00000002.1851799733.000001C1C659C000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://cryptography.io/en/latest/changelog/LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.iana.org/time-zones/repository/tz-link.htmlLisectAVT_2403002A_441.exe, 00000002.00000003.1328426743.000001C1C5EC9000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://mail.python.org/mailman/listinfo/cryptography-devLisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://cacerts.digicert.cotJLisectAVT_2403002A_441.exe, 00000000.00000003.1298924990.000001C357455000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://requests.readthedocs.ioLisectAVT_2403002A_441.exe, 00000002.00000003.1328490145.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840689235.000001C1C5A82000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834245321.000001C1C5A7E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1849173199.000001C1C5A89000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1836113237.000001C1C5A9C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1849276293.000001C1C5AA0000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330505447.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834490044.000001C1C5A9C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1326667348.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834245321.000001C1C5A9C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1851799733.000001C1C659C000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://peps.python.org/pep-0205/LisectAVT_2403002A_441.exe, 00000002.00000002.1849518642.000001C1C5B50000.00000004.00001000.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1327087791.000001C1C59A3000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://curl.haxx.se/rfc/cookie_spec.htmlLisectAVT_2403002A_441.exe, 00000002.00000002.1849709430.000001C1C5D50000.00000004.00001000.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688LisectAVT_2403002A_441.exe, 00000002.00000002.1847446889.000001C1C5298000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://httpbin.org/getLisectAVT_2403002A_441.exe, 00000002.00000003.1832546627.000001C1C5FAE000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://httpbin.org/LisectAVT_2403002A_441.exe, 00000002.00000003.1834059037.000001C1C5F65000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834132801.000001C1C5F68000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839232179.000001C1C5773000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330433085.000001C1C5EA4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839172036.000001C1C575E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840791166.000001C1C5776000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://www.python.orgLisectAVT_2403002A_441.exe, 00000002.00000003.1328490145.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840689235.000001C1C5A82000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834245321.000001C1C5A7E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1849173199.000001C1C5A89000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330505447.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1326667348.000001C1C5A52000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings0cLisectAVT_2403002A_441.exe, 00000002.00000002.1849709430.000001C1C5D50000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://www.python.org/LisectAVT_2403002A_441.exe, 00000002.00000003.1835996771.000001C1C5FAE000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1836716521.000001C1C5FB7000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1331908630.000001C1C5FAB000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1832546627.000001C1C5FAE000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerLisectAVT_2403002A_441.exe, 00000002.00000002.1847420620.000001C1C399B000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1323066725.000001C1C398F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1324055234.000001C1C57D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839971887.000001C1C3958000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1324930039.000001C1C57D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1848073341.000001C1C57DA000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1845429397.000001C1C3999000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322679154.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1325224793.000001C1C57C3000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1838707202.000001C1C57D4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839790017.000001C1C3946000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839917485.000001C1C57D4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322784967.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1323443608.000001C1C3985000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841119345.000001C1C57D7000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322157951.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840010394.000001C1C3998000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://json.orgLisectAVT_2403002A_441.exe, 00000002.00000003.1839790017.000001C1C3946000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841540949.000001C1C398C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842501163.000001C1C59D3000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1835178086.000001C1C5E9C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5E8E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840010394.000001C1C3998000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsLisectAVT_2403002A_441.exe, 00000002.00000002.1849709430.000001C1C5D50000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://httpbin.org/LisectAVT_2403002A_441.exe, 00000002.00000003.1834059037.000001C1C5F65000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834132801.000001C1C5F68000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839232179.000001C1C5773000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330433085.000001C1C5EA4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839172036.000001C1C575E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840791166.000001C1C5776000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://www.apache.org/licenses/LisectAVT_2403002A_441.exe, 00000000.00000003.1317624645.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
      • URL Reputation: safe
      		unknown
      https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainLisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-fileLisectAVT_2403002A_441.exe, 00000002.00000002.1856636666.00007FFEDD96D000.00000002.00000001.01000000.0000000A.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlLisectAVT_2403002A_441.exe, 00000002.00000003.1328426743.000001C1C5E72000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330433085.000001C1C5EA4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1328426743.000001C1C5EC9000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://twitter.com/LisectAVT_2403002A_441.exe, 00000002.00000003.1834059037.000001C1C5F65000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834132801.000001C1C5F68000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839232179.000001C1C5773000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330433085.000001C1C5EA4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839172036.000001C1C575E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840791166.000001C1C5776000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://103.215.124.97:1007/download/1.txt0LisectAVT_2403002A_441.exe, 00000002.00000002.1851799733.000001C1C6628000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535LisectAVT_2403002A_441.exe, 00000002.00000003.1837190650.000001C1C5F5B000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834206010.000001C1C5F58000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841344026.000001C1C5EE1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5EDF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1836279627.000001C1C5EDA000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834721136.000001C1C5E95000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842355120.000001C1C5EE2000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1835261915.000001C1C5ED9000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1835178086.000001C1C5E9C000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5E8E000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://cryptography.io/en/latest/installation/LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syLisectAVT_2403002A_441.exe, 00000002.00000002.1847420620.000001C1C399B000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1323066725.000001C1C398F000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1324055234.000001C1C57D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839971887.000001C1C3958000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1324930039.000001C1C57D6000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1848073341.000001C1C57DA000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1845429397.000001C1C3999000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322679154.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1325224793.000001C1C57C3000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1838707202.000001C1C57D4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839790017.000001C1C3946000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839917485.000001C1C57D4000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322784967.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1323443608.000001C1C3985000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841119345.000001C1C57D7000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1322157951.000001C1C3991000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840010394.000001C1C3998000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://www.python.org/psf/license/LisectAVT_2403002A_441.exe, 00000002.00000002.1858313533.00007FFEDDF18000.00000004.00000001.01000000.00000005.sdmp, python311.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://bugs.python.org/issue42195.LisectAVT_2403002A_441.exe, 00000002.00000003.1325113449.000001C1C5A62000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839232179.000001C1C5773000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1847790504.000001C1C577A000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1839172036.000001C1C575E000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840791166.000001C1C5776000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://img.shields.io/pypi/v/cryptography.svgLisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://google.com/mail/LisectAVT_2403002A_441.exe, 00000002.00000003.1841748522.000001C1C59EB000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840289318.000001C1C5B40000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://wwwsearch.sf.net/):LisectAVT_2403002A_441.exe, 00000002.00000003.1843649853.000001C1C5B20000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833846631.000001C1C5AE8000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842986790.000001C1C5AEA000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        http://tools.ietf.org/html/rfc6125#section-6.4.3LisectAVT_2403002A_441.exe, 00000002.00000002.1849709430.000001C1C5D50000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://cryptography.io/en/latest/security/LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://cffi.readthedocs.io/en/latest/using.html#callbacksLisectAVT_2403002A_441.exe, LisectAVT_2403002A_441.exe, 00000002.00000002.1856004474.00007FFEDD47C000.00000002.00000001.01000000.0000000B.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.openssl.org/HLisectAVT_2403002A_441.exe, 00000000.00000003.1308764311.000001C357459000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1854894741.00007FFEDD1EB000.00000002.00000001.01000000.0000000F.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://cacerts.tJLisectAVT_2403002A_441.exe, 00000000.00000003.1299250294.000001C357455000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299369881.000001C357462000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299740425.000001C357463000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000000.00000003.1299479326.000001C357463000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://docs.python.org/3/library/socket.html#socket.socket.connect_exLisectAVT_2403002A_441.exe, 00000002.00000002.1851799733.000001C1C65F8000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyLisectAVT_2403002A_441.exe, 00000002.00000003.1840010394.000001C1C3998000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmLisectAVT_2403002A_441.exe, 00000002.00000003.1328426743.000001C1C5E72000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1328426743.000001C1C5EC9000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacyLisectAVT_2403002A_441.exe, 00000002.00000002.1851799733.000001C1C6554000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://cryptography.ioLisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://readthedocs.org/projects/cryptography/badge/?version=latestLisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        http://google.com/mailLisectAVT_2403002A_441.exe, 00000002.00000003.1837190650.000001C1C5F5B000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1834206010.000001C1C5F58000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1838115449.000001C1C5F5D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1844529769.000001C1C5F61000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1845546109.000001C1C5F61000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1833884609.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1841690466.000001C1C5E68000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1842257050.000001C1C5E69000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000002.1849972954.000001C1C5E72000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1843345150.000001C1C5F5D000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1329904767.000001C1C5F4D000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://peps.python.org/pep-0263/LisectAVT_2403002A_441.exe, 00000002.00000002.1857822069.00007FFEDDE7B000.00000002.00000001.01000000.00000005.sdmp, python311.dll.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://pypi.org/project/cryptography/LisectAVT_2403002A_441.exe, 00000000.00000003.1317948816.000001C35745C000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.LisectAVT_2403002A_441.exe, 00000002.00000003.1844473499.000001C1C59E5000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1840824206.000001C1C59DF000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1835138078.000001C1C59D1000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_441.exe, 00000002.00000003.1330505447.000001C1C59D8000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        103.215.124.97
        		unknownHong Kong
        		135369EBDC-AS-APENTERPRISEBUSINESSDATECENTREHKLIMITEDHfalse

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1482253
        Start date and time:2024-07-25 20:03:17 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 8m 9s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:8
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:LisectAVT_2403002A_441.exe
        Detection:MAL
        Classification:mal56.troj.evad.winEXE@3/70@0/1
        EGA Information:
        • Successful, ratio: 100%
        HCA Information:
        • Successful, ratio: 96%
        • Number of executed functions: 67
        • Number of non-executed functions: 188
        Cookbook Comments:
        • Found application associated with file extension: .exe

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • VT rate limit hit for: LisectAVT_2403002A_441.exe

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        EBDC-AS-APENTERPRISEBUSINESSDATECENTREHKLIMITEDHb3lcTjArym.elfGet hashmaliciousMiraiBrowse
        • 103.215.127.182
        Saudi_Aramco__TenderRFQ.exeGet hashmaliciousFormBookBrowse
        • 103.215.127.231
        z67dhlreceipt.scr.exeGet hashmaliciousFormBookBrowse
        • 103.215.127.231
        REVISED_SOA_USD44,000.exeGet hashmaliciousFormBookBrowse
        • 103.215.127.231
        SecuriteInfo.com.Win32.PWSX-gen.8428.27403.exeGet hashmaliciousFormBookBrowse
        • 103.215.127.231
        OD.exeGet hashmaliciousFormBookBrowse
        • 103.215.127.231
        PO_08048XT.exeGet hashmaliciousFormBookBrowse
        • 103.215.127.231
        ukkjkGGidR.elfGet hashmaliciousUnknownBrowse
        • 103.215.127.170
        dd.exeGet hashmaliciousUnknownBrowse
        • 157.119.20.7
        miori.x86Get hashmaliciousMiraiBrowse
        • 103.215.127.197

        JA3 Fingerprints

        No context

        Dropped Files

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        C:\Users\user\AppData\Local\Temp\_MEI73562\_bz2.pydSecuriteInfo.com.Win64.Evo-gen.23205.20359.exeGet hashmaliciousUnknownBrowse
          mav17final.exeGet hashmaliciousXmrigBrowse
            file.exeGet hashmaliciousUnknownBrowse
              access_version_x32-64_pack.exeGet hashmaliciousUnknownBrowse
                https://c51k11nyj56k.pettisville.sbs/lander/FileRotator_ID428/download.phpGet hashmaliciousUnknownBrowse
                  Wave32bit.exeGet hashmaliciousUnknownBrowse
                    Wave32bit.exeGet hashmaliciousUnknownBrowse
                      DeltaX.exeGet hashmaliciousXmrigBrowse
                        Arceus.exeGet hashmaliciousXmrigBrowse
                          DeltaX.exeGet hashmaliciousXmrigBrowse
                            C:\Users\user\AppData\Local\Temp\_MEI73562\VCRUNTIME140.dllLisect_AVT_24003_G1B_83.exeGet hashmaliciousUnknownBrowse
                              QiYc6RUCv8.exeGet hashmaliciousUnknownBrowse
                                explorer.exeGet hashmaliciousNemtyBrowse
                                  SecuriteInfo.com.Win64.Evo-gen.23205.20359.exeGet hashmaliciousUnknownBrowse
                                    1dAlsYrmjy.exeGet hashmaliciousMint StealerBrowse
                                      1dAlsYrmjy.exeGet hashmaliciousMint StealerBrowse
                                        SecuriteInfo.com.Python.Muldrop.18.23042.15901.exeGet hashmaliciousBlank GrabberBrowse
                                          mav17final.exeGet hashmaliciousXmrigBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              SecuriteInfo.com.Win64.SpywareX-gen.27721.19030.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\VCRUNTIME140.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):109392
                                                Entropy (8bit):6.641929675972235
                                                Encrypted:false
                                                SSDEEP:1536:GcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/woecbq8qZHg2zuCS+zuecL:GV3iC0h9q4v6XjKwoecbq8qBTq+1cL
                                                MD5:4585A96CC4EEF6AAFD5E27EA09147DC6
                                                SHA1:489CFFF1B19ABBEC98FDA26AC8958005E88DD0CB
                                                SHA-256:A8F950B4357EC12CFCCDDC9094CCA56A3D5244B95E09EA6E9A746489F2D58736
                                                SHA-512:D78260C66331FE3029D2CC1B41A5D002EC651F2E3BBF55076D65839B5E3C6297955AFD4D9AB8951FBDC9F929DBC65EB18B14B59BCE1F2994318564EB4920F286
                                                Malicious:false
                                                Joe Sandbox View:
                                                • Filename: Lisect_AVT_24003_G1B_83.exe, Detection: malicious, Browse
                                                • Filename: QiYc6RUCv8.exe, Detection: malicious, Browse
                                                • Filename: explorer.exe, Detection: malicious, Browse
                                                • Filename: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, Detection: malicious, Browse
                                                • Filename: 1dAlsYrmjy.exe, Detection: malicious, Browse
                                                • Filename: 1dAlsYrmjy.exe, Detection: malicious, Browse
                                                • Filename: SecuriteInfo.com.Python.Muldrop.18.23042.15901.exe, Detection: malicious, Browse
                                                • Filename: mav17final.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: SecuriteInfo.com.Win64.SpywareX-gen.27721.19030.exe, Detection: malicious, Browse
                                                Reputation:moderate, very likely benign file
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d..._#;..........." ...".....`......................................................=.....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\_bz2.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):84760
                                                Entropy (8bit):6.570831353064175
                                                Encrypted:false
                                                SSDEEP:1536:PdQz7pZ3catNZTRGE51LOBK5bib8tsfYqpIPCV17SyQPx:VQz9Z5VOwiItsAqpIPCV1Gx
                                                MD5:3859239CED9A45399B967EBCE5A6BA23
                                                SHA1:6F8FF3DF90AC833C1EB69208DB462CDA8CA3F8D6
                                                SHA-256:A4DD883257A7ACE84F96BCC6CD59E22D843D0DB080606DEFAE32923FC712C75A
                                                SHA-512:030E5CE81E36BD55F69D55CBB8385820EB7C1F95342C1A32058F49ABEABB485B1C4A30877C07A56C9D909228E45A4196872E14DED4F87ADAA8B6AD97463E5C69
                                                Malicious:false
                                                Joe Sandbox View:
                                                • Filename: SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe, Detection: malicious, Browse
                                                • Filename: mav17final.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: access_version_x32-64_pack.exe, Detection: malicious, Browse
                                                • Filename: , Detection: malicious, Browse
                                                • Filename: Wave32bit.exe, Detection: malicious, Browse
                                                • Filename: Wave32bit.exe, Detection: malicious, Browse
                                                • Filename: DeltaX.exe, Detection: malicious, Browse
                                                • Filename: Arceus.exe, Detection: malicious, Browse
                                                • Filename: DeltaX.exe, Detection: malicious, Browse
                                                Reputation:moderate, very likely benign file
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A}...............d`.....J`......J`......J`......J`......J`.......`......Nd..........Z....`.......`.......`.......`......Rich............PE..d......d.........." ...".....^......L........................................P.......`....`.........................................p...H............0....... .. ......../...@..........T...........................p...@............................................text............................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\_cffi_backend.cp311-win_amd64.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):181760
                                                Entropy (8bit):6.176962076839488
                                                Encrypted:false
                                                SSDEEP:3072:jm3K87nKna75PQrBjfFKYG50nzkL+CrXfU+PS7KiSTLkKKYYg4UO:jmb7Ma7KdFKEnOrXf7biSTLLIXUO
                                                MD5:FDE9A1D6590026A13E81712CD2F23522
                                                SHA1:CA99A48CAEA0DBACCF4485AFD959581F014277ED
                                                SHA-256:16ECCC4BAF6CF4AB72ACD53C72A1F2B04D952E07E385E9050A933E78074A7D5B
                                                SHA-512:A522661F5C3EEEA89A39DF8BBB4D23E6428C337AAC1D231D32B39005EA8810FCE26AF18454586E0E94E51EA4AC0E034C88652C1C09B1ED588AEAC461766981F4
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......._......C...C...C..NC...CI..B...C}. C...CI..B...CI..B...CI..B...C..B...Cz..B...C...C...C..B...C..HC...C..B...C."C...C..B...CRich...C........................PE..d...m.b.........." .........B..............................................0............`..........................................g..l....g..................<............ .......M...............................M..8............................................text...x........................... ..`.rdata..............................@..@.data....\.......0...x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\_ctypes.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):123664
                                                Entropy (8bit):6.058417150946148
                                                Encrypted:false
                                                SSDEEP:3072:c7u5LnIx1If3yJdqfLI2AYX5BO89IPLPPUxdF:cwxfijqfLI29BO8VF
                                                MD5:BD36F7D64660D120C6FB98C8F536D369
                                                SHA1:6829C9CE6091CB2B085EB3D5469337AC4782F927
                                                SHA-256:EE543453AC1A2B9B52E80DC66207D3767012CA24CE2B44206804767F37443902
                                                SHA-512:BD15F6D4492DDBC89FCBADBA07FC10AA6698B13030DD301340B5F1B02B74191FAF9B3DCF66B72ECF96084656084B531034EA5CADC1DD333EF64AFB69A1D1FD56
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........G...&...&...&...^...&...Z...&...Z...&...Z...&...Z...&..$Z...&...^...&...^...&..-Z...&...&...&..$Z...&..$Z...&..$Zv..&..$Z...&..Rich.&..........................PE..d...!..d.........." ..."............p\..............................................|o....`.........................................pP.......P.........................../..............T...........................`...@............................................text............................... ..`.rdata...l.......n..................@..@.data...$=...p...8...^..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\_decimal.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):253200
                                                Entropy (8bit):6.559097478184273
                                                Encrypted:false
                                                SSDEEP:6144:7t9gXW32tb0yf6CgLp+E4YECs5wxvj9qWM53pLW1Apw9tBg2YAp:7ngXW3wgyCiE4texvGI4Ap
                                                MD5:65B4AB77D6C6231C145D3E20E7073F51
                                                SHA1:23D5CE68ED6AA8EAABE3366D2DD04E89D248328E
                                                SHA-256:93EB9D1859EDCA1C29594491863BF3D72AF70B9A4240E0D9DD171F668F4F8614
                                                SHA-512:28023446E5AC90E9E618673C879CA46F598A62FBB9E69EF925DB334AD9CB1544916CAF81E2ECDC26B75964DCEDBA4AD4DE1BA2C42FB838D0DF504D963FCF17EE
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nyR.............w.......s.......s.......s.......s.......s.......w.........._....s.......s.......s.......s.......s......Rich............PE..d......d.........." ...".v...<......L...............................................Rn....`..........................................T..P...`T...................&......./......P.......T...........................P...@............................................text....u.......v.................. ..`.rdata..<............z..............@..@.data....*...p...$...R..............@....pdata...&.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\_hashlib.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):65304
                                                Entropy (8bit):6.222786912280051
                                                Encrypted:false
                                                SSDEEP:1536:6TO+CPN/pV8ETeERZX/fchw/IpBIPOIVQ7SygPx:mClZZow/IpBIPOIVQyx
                                                MD5:4255C44DC64F11F32C961BF275AAB3A2
                                                SHA1:C1631B2821A7E8A1783ECFE9A14DB453BE54C30A
                                                SHA-256:E557873D5AD59FD6BD29D0F801AD0651DBB8D9AC21545DEFE508089E92A15E29
                                                SHA-512:7D3A306755A123B246F31994CD812E7922943CDBBC9DB5A6E4D3372EA434A635FFD3945B5D2046DE669E7983EF2845BD007A441D09CFE05CF346523C12BDAD52
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F.u.'.&.'.&.'.&._,&.'.&.[.'.'.&.[.'.'.&.[.'.'.&.[.'.'.&._.'.'.&*[.'.'.&.'.&e'.&*[.'.'.&*[.'.'.&*[@&.'.&*[.'.'.&Rich.'.&........PE..d......d.........." ...".T...~......`?...............................................%....`.............................................P.......................,......../......\...0}..T............................{..@............p..(............................text...uR.......T.................. ..`.rdata...N...p...P...X..............@..@.data...8...........................@....pdata..,...........................@..@.rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\_lzma.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):158992
                                                Entropy (8bit):6.8491146526380025
                                                Encrypted:false
                                                SSDEEP:3072:A4lirS97HrdVmEkGCm5hAznf49mNo2NOvJ02pIPZ1wBExN:VlirG0EkTVAYO2NQ3w
                                                MD5:E5ABC3A72996F8FDE0BCF709E6577D9D
                                                SHA1:15770BDCD06E171F0B868C803B8CF33A8581EDD3
                                                SHA-256:1796038480754A680F33A4E37C8B5673CC86C49281A287DC0C5CAE984D0CB4BB
                                                SHA-512:B347474DC071F2857E1E16965B43DB6518E35915B8168BDEFF1EAD4DFF710A1CC9F04CA0CED23A6DE40D717EEA375EEDB0BF3714DAF35DE6A77F071DB33DFAE6
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...D,..D,..D,...,..D,..E-..D,..A-..D,..@-..D,..G-..D,M.E-..D,..E-..D,..E,.D,M.I-..D,M.D-..D,M.,..D,M.F-..D,Rich..D,........PE..d...$..d.........." ...".b...........5....................................................`..........................................%..L...\%..x....p.......P.......>.../......8.......T...........................p...@............................................text....a.......b.................. ..`.rdata..............f..............@..@.data........@......................@....pdata.......P......................@..@.rsrc........p.......2..............@..@.reloc..8............<..............@..B................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\_queue.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):32528
                                                Entropy (8bit):6.448063770045404
                                                Encrypted:false
                                                SSDEEP:384:AuCvO+MZFryl9SDCP6rXv+mkWsniRq9IPQUkHQIYiSy1pCQqIPxh8E9VF0NykOBw:1+yF+6rX2mk599IPQUO5YiSyv3PxWEun
                                                MD5:F00133F7758627A15F2D98C034CF1657
                                                SHA1:2F5F54EDA4634052F5BE24C560154AF6647EEE05
                                                SHA-256:35609869EDC57D806925EC52CCA9BC5A035E30D5F40549647D4DA6D7983F8659
                                                SHA-512:1C77DD811D2184BEEDF3C553C3F4DA2144B75C6518543F98C630C59CD597FCBF6FD22CFBB0A7B9EA2FDB7983FF69D0D99E8201F4E84A0629BC5733AA09FFC201
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_X..1...1...1.......1...0...1...4...1...5...1...2...1.~.0...1...0...1...0...1.~.<...1.~.1...1.~.....1.~.3...1.Rich..1.........PE..d......d.........." ...".....8......................................................./....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data...x....P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\_socket.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):79640
                                                Entropy (8bit):6.290841920161528
                                                Encrypted:false
                                                SSDEEP:1536:0JltpedXL+3ujz9/s+S+pzpMoiyivViaE9IPLwj7SyZPx:07tp4i3ujz9/sT+pzqoavVpE9IPLwjHx
                                                MD5:1EEA9568D6FDEF29B9963783827F5867
                                                SHA1:A17760365094966220661AD87E57EFE09CD85B84
                                                SHA-256:74181072392A3727049EA3681FE9E59516373809CED53E08F6DA7C496B76E117
                                                SHA-512:D9443B70FCDC4D0EA1CB93A88325012D3F99DB88C36393A7DED6D04F590E582F7F1640D8B153FE3C5342FA93802A8374F03F6CD37DD40CDBB5ADE2E07FAD1E09
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RXY..97..97..97..A...97.YE6..97.YE2..97.YE3..97.YE4..97..E6..97..96..97.]A6..97..E:..97..E7..97..E...97..E5..97.Rich.97.................PE..d... ..d.........." ...".l...........%.......................................P......V.....`.............................................P............0....... ..x......../...@..........T...............................@............................................text...:k.......l.................. ..`.rdata...t.......v...p..............@..@.data...............................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\_ssl.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):161040
                                                Entropy (8bit):6.029728458381984
                                                Encrypted:false
                                                SSDEEP:3072:LMaGbIQQbN9W3PiNGeA66l8rBk3xA87xfCA+nbUtFMsVjTNbEzc+pIPC7ODxd:LMaG0bN96oG1l8YA8ZMSR+E
                                                MD5:208B0108172E59542260934A2E7CFA85
                                                SHA1:1D7FFB1B1754B97448EB41E686C0C79194D2AB3A
                                                SHA-256:5160500474EC95D4F3AF7E467CC70CB37BEC1D12545F0299AAB6D69CEA106C69
                                                SHA-512:41ABF6DEAB0F6C048967CA6060C337067F9F8125529925971BE86681EC0D3592C72B9CC85DD8BDEE5DD3E4E69E3BB629710D2D641078D5618B4F55B8A60CC69D
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........p...p...p....8..p.......p.......p.......p.......p..N....p...p...q.......p..N....p..N....p..N.T..p..N....p..Rich.p..........................PE..d...'..d.........." ..."............l+..............................................NS....`.............................................d...t........`.......P.......F.../...p..8...0...T...............................@............................................text............................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P......."..............@..@.rsrc........`......................@..@.reloc..8....p.......8..............@..B................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-console-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):21984
                                                Entropy (8bit):4.716288112308081
                                                Encrypted:false
                                                SSDEEP:192:CFOhoWyhWoWGxVA6VWQ4OW4EpDYwuvyGI+X01k9z3ARfQvoSOJ:CFJWyhWwxdwmwaNrR9z2fAoS
                                                MD5:A148DC22EA14CD5578DE22B2DFB0917F
                                                SHA1:EACCB66F62E5B6D7154798E596EABD3CEF00B982
                                                SHA-256:7603E172853A9711FBDC53B080432AD12984B463768DBC3AA842A26F5B26AE23
                                                SHA-512:4E3C927692FC41889B596273AEA8BBD776CF7644DAE26C411C12BDA23CD3299A5C9ADC06A930294310F002DE74592A244767378FC9E37EC76E86BFA23F4C0478
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....dZ..........." .........0...............................................@......).....`A........................................p...,............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-datetime-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22024
                                                Entropy (8bit):4.5802030482412155
                                                Encrypted:false
                                                SSDEEP:192:2WyhWmWGxVA6VWQ42W91CH+BEg7X01k9z3A7V3FumS:2WyhWSxdulR9zQNFVS
                                                MD5:3095C9577395249E105410BDCC585F77
                                                SHA1:7DFC0C81F8F28CBF36C5ACDB83523569B430B944
                                                SHA-256:C08BE448195F46C4B423D0CE0C2CDC343E842FF1F91B16A8D3C09D5152150917
                                                SHA-512:555568FC23ADE238BCC13A447520D395546DEF4409A002D795DD3ABEA03B15321491BC63C97F4ED8EB78AA411A0B1267DCE5C528E51DCAC8CA9E93B8F5265786
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....N7.........." .........0...............................................@.......^....`A........................................p................0...............0...&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-debug-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22016
                                                Entropy (8bit):4.57907592265513
                                                Encrypted:false
                                                SSDEEP:192:lWyhW/WvkJ0f5AbVWQ4+WeGTCYKKWDKHjj3SX01k9z3A8G3Uqc1Dy:lWyhWLaab4Tk+Hj+R9zQ/cI
                                                MD5:A00EBD3CF88D668BE6D62A25FA4FB525
                                                SHA1:EDB07EAFD08991611389293E2BE80F8EE98F1E62
                                                SHA-256:B44646453584305D4EDF8AB5F5D1ADEA6B9650BD2B75F8486FC275BE52B86433
                                                SHA-512:D63F0E9F2E079EE06AA3AB96A0BD2D169564896027B731EE2597327BDC55456C5FD0C2D8C7E68165FC80BBC3FE0C24A3388D4C3615F33FC9F9FC0B205AE9BA7A
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....IL..........." .........0...............................................@.......\....`A........................................p................0...............0...&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-errorhandling-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):21968
                                                Entropy (8bit):4.611970126249341
                                                Encrypted:false
                                                SSDEEP:192:mDzmxD3T4qPWyhWtWvkJ0f5AbVWQ4OWpjL+CjH64NPsWFX01k9z3A/jMzy6oQfKg:uzQ5WyhW9aabOH+qaq1FR9zFzy6o+
                                                MD5:98340FFD2B1D8AFFEF27D4B1260AEAC5
                                                SHA1:B428B39AA814A7038A1DDFF9B64B935F51833A26
                                                SHA-256:7388A019922E9A0A3D05A8605A5307E3141B39F7D57B7FACA5D34E72ADFD5FA5
                                                SHA-512:6165C5BE0360D55403E9DFD4E9DF4FF9A12E5FB6057ED9278DA09E688751487E46D9DD64949375C00764CBB4355CC13A1EA714055050F2AB7D432977B8443F81
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................." .........0...............................................@............`A........................................p................0...............0...%..............p............................................................................rdata..H...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-file-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):26064
                                                Entropy (8bit):4.83267900300456
                                                Encrypted:false
                                                SSDEEP:192:IaNYPvVX8rFTseWyhWGWvkJ0f5AbVWQ4OWKuWrg4NPsWFX01k9z3A/jMzyVy4Jt/:+PvVXIWyhWmaabiq1FR9zFzyVy0t/
                                                MD5:ABF9850EB219BE4976A94144A9EBA057
                                                SHA1:3D8C37588B36296240934B2F63A1B135A52FCEE2
                                                SHA-256:41C5C577FEA3CE13D5BEB64CE0920F1061F65BCF39EAFA8CD3DFC09FF48BCF76
                                                SHA-512:DFAAFB43CE7F05B2DB35EAC10B314FB506C6AADA80F6C4327B09EC33C170478EBD0EEA19F1C6CA2E4832BFA41F769046DECA8F15D54B7966134D166EE6036BDA
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....(............" .........@...............................................P......j.....`A........................................p................@...............@...%..............p............................................................................rdata..|........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-file-l1-2-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22024
                                                Entropy (8bit):4.60028938499445
                                                Encrypted:false
                                                SSDEEP:192:WzGWWyhWLWGxVA6VWQ4+W8ksj6IVnKaQwP7yX01k9z3ATESQ:WKWWyhWrxdME6zaHeR9zKe
                                                MD5:2B36752A5157359DA1C0E646EE9BEC45
                                                SHA1:708AEB7E945C9C709109CEA359CB31BD7AC64889
                                                SHA-256:3E3EB284937B572D1D70CE27BE77B5E02EB73704C8B50FEB5EB933DB1FACD2FC
                                                SHA-512:FC56080362506E3F38F1B3EB9D3193CDB9E576613C2E672F0FE9DF203862F8A0F31938FA48B4FF7115DFE6016FA1FD5C5422FDC1913DF63B3FDE5F478A8417A1
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....RS.........." .........0...............................................@.......T....`A........................................p...L............0...............0...&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-file-l2-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):18696
                                                Entropy (8bit):7.054510010549814
                                                Encrypted:false
                                                SSDEEP:384:eVrW1hWbvm0GftpBjzH4m3S9gTlUK3dsl:eVuAViaB/6sl
                                                MD5:BFFFA7117FD9B1622C66D949BAC3F1D7
                                                SHA1:402B7B8F8DCFD321B1D12FC85A1EE5137A5569B2
                                                SHA-256:1EA267A2E6284F17DD548C6F2285E19F7EDB15D6E737A55391140CE5CB95225E
                                                SHA-512:B319CC7B436B1BE165CDF6FFCAB8A87FE29DE78F7E0B14C8F562BE160481FB5483289BD5956FDC1D8660DA7A3F86D8EEDE35C6CC2B7C3D4C852DECF4B2DCDB7F
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...4.F>.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-handle-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):21984
                                                Entropy (8bit):4.593887597854681
                                                Encrypted:false
                                                SSDEEP:192:J3WyhWMRWGxVA6VWQ4OWdRzPyGI+X01k9z3ARfQvaB:J3WyhW4xdOLNrR9z2fAa
                                                MD5:567FF20A8D330CBB3278D3360C8D56F5
                                                SHA1:CDF0CFC650DA3A1B57DC3EF982A317D37FFB974D
                                                SHA-256:47DFBE1ECC8ABC002BD52DCD5281ED7378D457789BE4CB1E9BEE369150D7F5C8
                                                SHA-512:1643E900F13509F0EF9C7B7F8F2401FB3B6F2C0C39B512C623615DF92B1E69DF042EF1A0C6AACE82173CE5D4D3C672C1636D6EE05545CE5C3B7374AB745E0E87
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....Hb..........." .........0...............................................@............`A........................................p...`............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-heap-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22016
                                                Entropy (8bit):4.7031581009601195
                                                Encrypted:false
                                                SSDEEP:192:mdxltWyhWPoLWvkJ0f5AbVWQ4+WbfiYKKWDKHjj3SX01k9z3A8G3UqcHmczE:mdxltWyhWgfaabn+Hj+R9zQ/cH9
                                                MD5:A8B967B65232ECCE7261EAECF39E7D6D
                                                SHA1:DF0792B29C19D46A93291C88A497151A0BA4366D
                                                SHA-256:8FCC9A97A8AD3BE9A8D0CE6BB502284DD145EBBE587B42CDEAA4262279517C1D
                                                SHA-512:B8116208EB646EC1C103F78C768C848EB9D8D7202EBDAB4ACB58686E6F0706F0D6AAA884E11065D7ECE63EBBD452F35B1422BD79E6EB2405FB1892758195CCBB
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....B.l.........." .........0...............................................@.......\....`A........................................p................0...............0...&..............p............................................................................rdata..|...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-interlocked-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22024
                                                Entropy (8bit):4.6351829753984415
                                                Encrypted:false
                                                SSDEEP:192:bsWyhWJKWGxVA6VWQ4mWGAJSh+kSobX01k9z3AITaNRkXE:IWyhWJ+xdwSK+R9zrTyWXE
                                                MD5:5872CB5CA3980697283AAB9007196AE6
                                                SHA1:26E8DE47D9BEE371F6C7A47F206A131965B6B481
                                                SHA-256:0DFF50774693FCB71782B5E214419032A8C00B3031151D93BE5C971B6F62CD45
                                                SHA-512:9B3E2FA9F66D29BFC7A4CA5D673B395BCDA223A85FD06C94A11217047C1A312148C9C6270D7F69DFEF06B25F8B5AD46717A829BDE55F540C804A4BA4C4AF070C
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...}.o..........." .........0...............................................@......s.....`A........................................p................0...............0...&..............p............................................................................rdata..L...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-libraryloader-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):21984
                                                Entropy (8bit):4.850862020859445
                                                Encrypted:false
                                                SSDEEP:192:nTvuBL3BBL8WyhWEWGxVA6VWQ4aWkFAmm2oRanX01k9z3AXmTNS:nTvuBL3BWWyhW0xdpzoRoR9zmMNS
                                                MD5:D042AA497CE2A9F03296F8DE68ED0680
                                                SHA1:F483A343A18B960630CCF0E6DE2F82883550F3BF
                                                SHA-256:DE3D2C5519F74A982F06F3F3FDA085571C0CDCF5AD8D2D331C79D9C92062BDC3
                                                SHA-512:4E157C8701860982CE0DEC956FE4BFB684D2DB3EAA9E784F179D385BE905FD0551BA90CC27C54179FC39A693D9C742364F2BF1A5444424BA5EAE38103B5F0E02
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....g..........." .........0...............................................@......F.....`A........................................p................0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-localization-l1-2-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):21984
                                                Entropy (8bit):5.3342526172523606
                                                Encrypted:false
                                                SSDEEP:384:dnaOMw3zdp3bwjGzue9/0jCRrndb7WyhWmxdjOOP5AR9zhCa:sOMwBprwjGzue9/0jCRrndbh9BOOPO9b
                                                MD5:3589557535BBA7641DA3D76EEFB0C73D
                                                SHA1:6F63107C2212300C7CD1573059C08B43E5BD9B95
                                                SHA-256:642B01BB93D2CB529ACF56070D65AAE3202FD0B48D19FD40EC6763B627BCBEE6
                                                SHA-512:7AEDF3CF686B416F8B419F8AF1D57675096AB2C2378C5A006F6ECBF2FE1AD701F28B7BE8F08C9083230CF4D15D463371E92A6032178CD6C139D60B26FBD49B06
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...0.&3.........." .........0...............................................@......y.....`A........................................p................0...............0...%..............p............................................................................rdata..D...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-memory-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22024
                                                Entropy (8bit):4.740278210147909
                                                Encrypted:false
                                                SSDEEP:192:yAWyhWKWGxVA6VWQ4aW1n4h+kSobX01k9z3AITQTGUBAPy:yAWyhW+xd7K+R9zrTQGUBAPy
                                                MD5:064FB2E1B5E90796A68D1EDF91269AD3
                                                SHA1:6E3A8C568F038879B7B102975A4471B2489F5493
                                                SHA-256:3500935E638F7D0AE2BF564BF77F9329811329261185FCDB9CD702B999889FFD
                                                SHA-512:821F091529D45531811A73664473CEBB372A310D855E1A4C1A028AD4DC7D36146D3030DCF10DE8A4A4BF16FB535FE3D0D2E1FCD22959690842388ABB177B0036
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...`.@f.........." .........0...............................................@............`A........................................p...l............0...............0...&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-namedpipe-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):21968
                                                Entropy (8bit):4.672247086235467
                                                Encrypted:false
                                                SSDEEP:192:uWyhWrLWvkJ0f5AbVWQ4OW1aX5F5CrIYYDX01k9z3AFZaLSq:uWyhWzaab35G7YDR9zua3
                                                MD5:D1BC9B3A7AA94D10C41FA16210AA9DBA
                                                SHA1:A358B824B1F26EAD420D2100E5F1A3FB74AF2B7A
                                                SHA-256:75652CAF05E86ADC88ED214FD208B4A289489CAC2B28FD358E302E2E7C3C338F
                                                SHA-512:149478DFCA0165D5A68E89070017CDA3400926284EAA2143A810138FF710079CDE413C031721DE5B58CB834F03D4C5DF5B4BD6C2BDB65687755AD77CAE778B30
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...j............" .........0...............................................@......Vl....`A........................................p................0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-processenvironment-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22008
                                                Entropy (8bit):4.8634948137535385
                                                Encrypted:false
                                                SSDEEP:192:KEFPiWyhWohWvkJ0f5AbVWQ46WKxzw7aaXYKKWDKHjj3SX01k9z3A8G3UqcQxeZ:VFqWyhWo5aabxdgT+Hj+R9zQ/ct
                                                MD5:4F1303827A67760D02FEB54E9258EDB1
                                                SHA1:340D7029C39708D14DA79B12A0E2ED0A8BC7C020
                                                SHA-256:77FC9ADF1A734D9717700B038B98B4337A494FC4F7E1E706C82E97DBCA896FD8
                                                SHA-512:20F067D1C2749C709E4FC45DA8D9EB5B813F54D0E09FA482D00BC4A7E5744C587D0AFC00CDD5263B4223FE94BAA3F8CA110D010339F9E3F1C6B2700888DBE3D0
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...L.Y..........." .........0...............................................@.......?....`A........................................p...H............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-processthreads-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):21976
                                                Entropy (8bit):5.208739061315261
                                                Encrypted:false
                                                SSDEEP:384:nck1JzNcKSIAWyhWq+xdGA7OOP5AR9zhCaopy:XcKSBiTOOPO9zXQy
                                                MD5:73586DECAD3B3D90653750504B356A5C
                                                SHA1:39A7EE1660CA1291314EF78150E397B1D8683E03
                                                SHA-256:34F560C3E56F40DB5DF695C967B6E302E961085BC037BB9A1C2D2C866A9DF48F
                                                SHA-512:9EC299E930D2B89AD379613F8FA63669EC7C858DA8A24608B92175F42B0BE75F8AA2E1727DABF7638AE9D2942D03840F288EAB53F2C9F38DBEA1325F1EA8B22B
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....O.j.........." .........0...............................................@...........`A........................................p................0...............0...%..............p............................................................................rdata..d...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-processthreads-l1-1-1.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):21984
                                                Entropy (8bit):4.77059866817924
                                                Encrypted:false
                                                SSDEEP:192:l/DfIegWyhWCWGxVA6VWQ4OW5FJxcVO2dPaIAX01k9z3A0Dean:l/DfIegWyhWmxdsaOOP5AR9zhCan
                                                MD5:774AA9F9318880CB4AD3BF6F464DA556
                                                SHA1:3A5C07CF35009C98EB033E1CBDE1900135D1ABF8
                                                SHA-256:BA9FBD3A21879614C050C86A74AD2FFFC0362266D6FA7BE0EF359DE393136346
                                                SHA-512:F7B57AFB9810E3390D27A5469572FB29F0F1726F599403A180E685466237DFF5DEC4FDCE40105EF1BB057E012D546308213E7CEC73E0D7D3C5815EEC8189A75D
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....#..........." .........0...............................................@......*.....`A........................................p................0...............0...%..............p............................................................................rdata..\...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-profile-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22024
                                                Entropy (8bit):4.564681131172823
                                                Encrypted:false
                                                SSDEEP:192:PWyhWInWGxVA6VWQ42Wdl7jjH+BEg7X01k9z3A7V3JwSL:PWyhWIfxdajsR9zQNJwC
                                                MD5:1BE729C6D9BF1B58F435B23E7F87BA49
                                                SHA1:4B2DF3FAB46A362EE46057C344995FA622E0672A
                                                SHA-256:4C425FBB8D2319D838733AB9CEC63A576639192D993909E70CF84F49C107F785
                                                SHA-512:CECCC5FF2BD90A91CFBB948F979576795FF0A9503DDAAFD268C14306F93D887975BD376B62ED688BE51BB88B3A0C54EF332BE93B4B0D8737B5AB70A661B11416
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d......e.........." .........0...............................................@............`A........................................p................0...............0...&..............p............................................................................rdata..P...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):21976
                                                Entropy (8bit):4.726837357543496
                                                Encrypted:false
                                                SSDEEP:192:cGeVjWyhWqsWGxVA6VWQ4eWkR7O2dPaIAX01k9z3A0Dea79VPtcnShB:cGeVjWyhWqMxdF7OOP5AR9zhCa79VSSH
                                                MD5:0B30C6862B5224CC429FE2EB2B7BF14B
                                                SHA1:5C3AFFA14E3BFDAFE09E9841A2920B57C7FCBC56
                                                SHA-256:D9C6F93C4972DB08C7888D55E8E59E8ABA022D416817D65BC96E5A258C859B5F
                                                SHA-512:B378F2A2812245EA948D81A925D041DBD7E7A8FB2770CF7DD47643DA20F5C685C6121479F95B293177A9480290B17C49E7B4FC10D33734CF883D2C614DAAE1BF
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d......Z.........." .........0...............................................@...........`A........................................p...<............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-string-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22024
                                                Entropy (8bit):4.640021993384476
                                                Encrypted:false
                                                SSDEEP:192:kZyMvrNWyhWlWGxVA6VWQ42WEyzQTb8o+X01k9z3AC7HAXx:kZyMvJWyhWxxdmI+R9zFsB
                                                MD5:B65933F7BCADC7072D5A2D70ECBA9F81
                                                SHA1:C53561755B9F33D0AE7874B3A7D67BEDCB0129D8
                                                SHA-256:EADF535795DF58D4F52FC6237FE46FEB0F8166DACA5EAAA59CEC3CEE50A9181D
                                                SHA-512:4CBB8BDA8609404FE84CA36A8CBFE1D69C55DEE2B969231B2FA00CA9139D956196A2BABBB80A1A2BB430A34E6BD335294F452BCBE9E44411561EBDF21E4ABA91
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....I..........." .........0...............................................@......C.....`A........................................p................0...............0...&..............p............................................................................rdata..l...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-synch-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22024
                                                Entropy (8bit):5.119346292617446
                                                Encrypted:false
                                                SSDEEP:384:Okwidv3V0dfpkXc0vVaC4WyhWXxdAQ4HR9zmLbe:ZHdv3VqpkXc0vVajg54x9zA6
                                                MD5:BCCC676F2FB18C1A1864363E5A649A88
                                                SHA1:A095A83A32A4A65FE16AA0BE9A517239FAC5DB0D
                                                SHA-256:9D3F803DC791D2FF2E05059F9BB9207CC8F4134E1AC05F20EDD20CFADD6E72C0
                                                SHA-512:55AAB9FA6F7C4904E4BEEA4CE250F45FB71C2DD6A6F099F4017101EBC45C0A6E303B6A222F49C971992CAFE8988A042B7EF8E94671BE858C926105021514737A
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....x.........." .........0...............................................@......<*....`A........................................p...X............0...............0...&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-synch-l1-2-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22008
                                                Entropy (8bit):4.80444685776187
                                                Encrypted:false
                                                SSDEEP:192:utZ3FWyhW3tWvkJ0f5AbVWQ42Wa+YcTH+BEg7X01k9z3A7V3lmG8D/:utZ3FWyhW39aabYYZR9zQNlmG8z
                                                MD5:B962237DF7EA045C325E7F97938097CB
                                                SHA1:1115E0E13ECC177D057E3D1C9644AC4D108F780A
                                                SHA-256:A24DD6AFDB4C4AA450AE4BC6A2861A49032170661B9C1F30CD0460C5DC57E0F7
                                                SHA-512:19AC4CCCAAA59FBAE042D03BA52D89F309BD2591B035F3EC3DF430FF399D650FCF9C4D897834A520DEA60DC0562A8A6F7D25A1FFFCD32F765A4EAFFE4C7D5EA2
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................." .........0...............................................@............`A........................................p...x............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-sysinfo-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22024
                                                Entropy (8bit):4.862220735835615
                                                Encrypted:false
                                                SSDEEP:192:dgdKIMFqumaRWyhWZWGxVA6VWQ42W1Q3AQTb8o+X01k9z3ACQK6+HJJB3:yW7RWyhWNxdS3I+R9zFdr3
                                                MD5:E4893842D031B98CAC1C6F754A2A3F8D
                                                SHA1:2B0187134E40D27553A85DD4EC89DD6C40E58A24
                                                SHA-256:ABE4C1464B325365D38E0BC4AE729A17A7F6F7BA482935C66E6840E1B0D126C5
                                                SHA-512:FC61A66FDC7213857F204BD0B20671DB7092E0010E07B5E0E8E8408ACE8AC5B6E696A7D9FC969233B2B3AD5DAE4D3B291B007FF27A316E7FB750BFC93257C532
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....f..........." .........0...............................................@......S.....`A........................................p...H............0...............0...&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-timezone-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22024
                                                Entropy (8bit):4.803252496733139
                                                Encrypted:false
                                                SSDEEP:192:+N9WyhW1WGxVA6VWQ42WgD6NoyUs+OX01k9z3AvqJgUm:+rWyhWhxd/2oiR9z9aUm
                                                MD5:B9A20C9223D3E3D3A0C359F001CE1046
                                                SHA1:9710B9A8C393BA00C254CF693C7C37990C447CC8
                                                SHA-256:00D9A7353BE0A54C17E4862B86196A8B2BC6A007899FA2FBE61AFD9765548068
                                                SHA-512:A7D5611C0B3B53DA6CAC61E0374D54D27E6E8A1AF90EF66CD7E1B052F906C8B3F6087F4C6DE0DB3AE0B099DF7689ECDE6C815A954B728D36D9D3B5D002CCF18E
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...>.os.........." .........0...............................................@......x.....`A........................................p...H............0...............0...&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-core-util-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22024
                                                Entropy (8bit):4.588298513365634
                                                Encrypted:false
                                                SSDEEP:192:WWyhWcWGxVA6VWQ4+WsEYKKWDKHjj3SX01k9z3A8G3Uqcu1cYv:WWyhWcxd6+Hj+R9zQ/cOv
                                                MD5:F7FDC91AC711A9BB3391901957A25CEA
                                                SHA1:1CEBC5497E15051249C951677B5B550A1770C24F
                                                SHA-256:DE47C1F924DC12E41D3A123B7DCCE0260E7758B90FB95EC95C270FC116FC7599
                                                SHA-512:0E03C998622D6BF113E8D3B4DAB728974391EFECF59DF89F938BD22240488E71885C05FB0FA805948B3D9645758409A0966299B26625AA36E3FD6E519EE22769
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....+..........." .........0...............................................@............`A........................................p...<............0...............0...&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-conio-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22008
                                                Entropy (8bit):4.888493923788704
                                                Encrypted:false
                                                SSDEEP:192:qvYWyhW36WvkJ0f5AbVWQ42WpDZ9H+BEg7X01k9z3A7V3yXmnJ:xWyhW3CaabWZyR9zQNnJ
                                                MD5:9EB2C06DECAAE1A109A94886A26EEC25
                                                SHA1:307CE096BEE44F54A6D37AAB1EF123FB423ED028
                                                SHA-256:DA8FD2FE08A531D2331C1FBEE9F4AE9015B64F24A2654A7F82418C86B4AB6909
                                                SHA-512:7E701CB00A4CAB8D5B3ECF55A16FEF0103F9BE1AA3FD7B53C7BAB968708C21E8D1C763AD80A7A8D6C76DD45DDD244C9C9E8944455C2025B4195660B61AC1E8B7
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...Aj............" .........0...............................................@............`A.........................................................0...............0...%..............p............................................................................rdata..p...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-convert-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):26120
                                                Entropy (8bit):4.866106712837678
                                                Encrypted:false
                                                SSDEEP:192:U9cyNWyhWQWGxVA6VWQ42WSFvQTb8o+X01k9z3ACVhjT4:9yNWyhWoxdDvI+R9zFn/4
                                                MD5:87E2934E49D7D111F383673F97D5029E
                                                SHA1:267603D5510B775DE3667F7D92BFAA3BD60E6533
                                                SHA-256:FB9DD774B25AB8E661C922CAFFB976C37A4D10A631AB65665DA60016EF0C4D7C
                                                SHA-512:E6025AD419359AD3E06CC7A3B3B7436464DBBC71B91653833575264A5F8B0D781844A411BCD915D404B9A8C0A056EAF6D4D412723936845B53BFB5368BF5F7A7
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...U.gJ.........." .........@...............................................P......y.....`A.........................................................@...............@...&..............p............................................................................rdata..n........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-environment-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22024
                                                Entropy (8bit):4.717570769278309
                                                Encrypted:false
                                                SSDEEP:192:/WyhWnWGxVA6VWQ42WwLGH+BEg7X01k9z3A7V3VoB8:/WyhWfxdJR9zQNVF
                                                MD5:E41612752A7DFBBE756322CF48E106B9
                                                SHA1:0EC106E926C9837A43E1D7EC8D1A5F03EDD5EC3D
                                                SHA-256:4BB9D36E0E034652F2331DDB43EE061608F436CBC9E5771B4D27B28FA10F5248
                                                SHA-512:9BED9399E896D1CC58CC06E8D7EC6CC3345BE6D15CA307C670E0F282C9EBE48A6CC1B145C2ECF94D84214CDDFF8F0D0D720EA984478C74C98E2499C2184638C9
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...9.4o.........." .........0...............................................@.......*....`A............................................"............0...............0...&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-filesystem-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):21984
                                                Entropy (8bit):5.176321081264249
                                                Encrypted:false
                                                SSDEEP:192:MpUEpnWlC0i5CVWyhWYWGxVA6VWQ4aWJpaAmm2oRanX01k9z3AXm47Kr:MptnWm5CVWyhWAxdPzoRoR9zmnKr
                                                MD5:102A8C01049EF18CC6E8798A9E5D57F4
                                                SHA1:9ADEF547E03032D8C5525CC9C7D4512FBEB53948
                                                SHA-256:E13EDAB280E7B3410D7F4CE30A8E8CAE64F38652D770FC3BF223206F0C57AAA5
                                                SHA-512:A9FBC726F33399F55F70967F3F1BF374589EAAD9581D9E94228D39AFA06CDCE31ED25BDC04805AAD361C7CAFBEB56CA39F6693259D67457199D4423A61B32263
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...2............." .........0...............................................@......D.....`A.........................................................0...............0...%..............p............................................................................rdata..0...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-heap-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22016
                                                Entropy (8bit):4.835050556259989
                                                Encrypted:false
                                                SSDEEP:192:evh8Y17aFBR4WyhWn8WvkJ0f5AbVWQ4+WkY4YKKWDKHjj3SX01k9z3A8G3Uqc++V:oLNWyhW4aaboK+Hj+R9zQ/coP
                                                MD5:4B038CDC70357D2DEC440717AC344A52
                                                SHA1:F67BA87F6830858845A5763381A47893AF061BF8
                                                SHA-256:6A24E9CFB0EFD9E1B90053D4EBD87FC35144E61AE3F6555C7D400542D648E2B5
                                                SHA-512:9557F15FA3C06DE89EA8BE0C959B94575A1C4587151687730F9E66FED095FEB882D43EA32262000F871E6D860CE0C6C341CF5509A6CE81866F6D0EFACB8526FE
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...."]..........." .........0...............................................@......d.....`A.........................................................0...............0...&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-locale-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22024
                                                Entropy (8bit):4.804974835587524
                                                Encrypted:false
                                                SSDEEP:192:LU7WyhWwWGxVA6VWQ4mWFWRPedZmp8TKjX01k9z3AZjTK3:yWyhWIxdcdsWAR9zWjTe
                                                MD5:75F1A5F65790560D9544F3FB70EFBA51
                                                SHA1:F30A5751901CFFFC250BE76E13A8B711EBC06BCC
                                                SHA-256:E0E02EA6C17DA186E25E352B78C80B1B3511B5C1590E5BA647B14A7B384AF0F8
                                                SHA-512:B7E285CA35F6A8AE2CCBE21594D72152175301A02AD6B92FE130E1E226A0FAAD1BFAD1BD49857401549C09B50FEEE2C42C23CA4C19B2845CAD090F5B9E8E8F63
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...6..q.........." .........0...............................................@.......9....`A............................................e............0...............0...&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-math-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):30160
                                                Entropy (8bit):5.1168565520255935
                                                Encrypted:false
                                                SSDEEP:384:87yaFM4Oe59Ckb1hgmL5WyhWwaabGtdVUB3R9z3gD:qFMq59Bb1jrRziVUP9zW
                                                MD5:A592D1B2ECC42D1A083F0D34FEAE2444
                                                SHA1:29718AF390F832626FCDCC57C107333CDB5743E1
                                                SHA-256:18A827B01DE7B1A3D5C8D17B79AD2462A90308124448A9B8C47ECCDA39C3A095
                                                SHA-512:44BED6D24F1FA35B10D2B2B1574E7BAF10182E60FDCB6CBA5DD9DE5CD7A5183198925E4FA5A7E2896564A30F7B70DE69691713118D59BF5162CE35AFF5BCF7A6
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................" .........P...............................................`......V.....`A.............................................%...........P...............P...%..............p............................................................................rdata...'.......0..................@..@.data........@......................@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-process-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):21968
                                                Entropy (8bit):4.851229770862897
                                                Encrypted:false
                                                SSDEEP:192:XeXrqjd7tWyhW5tWvkJ0f5AbVWQ4eWoNpSjCxUaNlA4ZQWHX01k9z3AwTj+W:X4rcWyhWXaabLSjCxDNaiHR9zb+
                                                MD5:E3914D51AFD864A6C6587AA9192C491B
                                                SHA1:BAE85701809BC259A8744AAFA45CD7159E6C13F8
                                                SHA-256:28257CC063431F78284335CE3002FFB71B75C1E7CCABF5417BB42392C35564B4
                                                SHA-512:43B1445A80D309EC73D52D6CF68F4533A132FB55AB672E5E2A878BB42C1CB36D6E4C504D43FA4923E692C8BE600F3F9D5A5EDDE80602636CB726EEDFCA23DFB8
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...<SdT.........." .........0...............................................@............`A............................................x............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-runtime-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):26120
                                                Entropy (8bit):5.000201721861742
                                                Encrypted:false
                                                SSDEEP:192:4mGqX8mPrpJhhf4AN5/KipWyhWoWGxVA6VWQ42WYTYKdKRSp0X01k9z3APe5:4ysyr7/WyhWwxdFNsR00R9zOe5
                                                MD5:364BC49CC7034F8A9981ADE1CE565229
                                                SHA1:FBD76C1842D1CCF563ECE2DB32FFF4C71E7CA689
                                                SHA-256:6254FD07ACE88685112E3A7B73676AABF13A1B1BC30C55DD976B34FEA12B7F1D
                                                SHA-512:65E59E3358EB1BF26823C9538C74D343E7383591C021D2B340EF68AA9A274D65B15B30BBBE55F4B32E3A08FC79D4E179A6CE92EADB8C4BE09A2C35C348CE10AF
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....TR.........." .........@...............................................P.......3....`A............................................4............@...............@...&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-stdio-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):26112
                                                Entropy (8bit):5.270220884139207
                                                Encrypted:false
                                                SSDEEP:384:2V2oFVhzWyhWsaabVMO+Hj+R9zQ/ctPh:2Z/Vz5M5Hji9zmctPh
                                                MD5:8341F0371E25B8077FE61C89A9EF8144
                                                SHA1:FC185203E33ABED12E1398440CB2EE283CA9541A
                                                SHA-256:BD9A5D4554EF1A374257E8DD9436D89F686006ED1FD1CC44364B237BF5B795FF
                                                SHA-512:9C7E4E8D8E9E620F441AB5106820EC021D2B2323F44ED8CC8EC9673745DBC531347356F1FF195D63B62B09CC5C27E8F8641CE25BE12EE9B700B5FC766337228B
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...k. U.........." .........@...............................................P......e.....`A............................................a............@...............@...&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-string-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):26104
                                                Entropy (8bit):5.26112044532341
                                                Encrypted:false
                                                SSDEEP:768:ACV5yguNvZ5VQgx3SbwA71IkFynzix9z40:r5yguNvZ5VQgx3SbwA71Ixnzijz40
                                                MD5:F9297B9FF06295BC07B7E5281B1FACE0
                                                SHA1:D0EB0FDDBB3EB187DF0F0E5F9DDFFCFC2E05F9B7
                                                SHA-256:C56A2EE0CC6DC1E7283B9BDA8B7B2DBA957329CB4BC9ACA4CD99F88E108F9C04
                                                SHA-512:BEC6222776015996EBA744698D3254945DFE4BB4DC0D85528EE59A0F3B5FC5BB054BBF496D562CFC7B4CC81B4D3DF5C53761931162A0091A49386233AFBA4F9C
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.... .h.........." .........@...............................................P............`A.........................................................@...............@...%..............p............................................................................rdata.._........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-time-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22016
                                                Entropy (8bit):5.221325175271056
                                                Encrypted:false
                                                SSDEEP:192:m+3hwDyWyhWRWvkJ0f5AbVWQ4+W6j8YKKWDKHjj3SX01k9z3A8G3Uqc8l8c:zWyhWpaabM+Hj+R9zQ/cS8c
                                                MD5:816A8932759BDB478D4263CACBF972E3
                                                SHA1:AC9F2BED41E340313501AA7D33DCD369748F0496
                                                SHA-256:CE9A8E18923D12E2F62CE2A20693113000FC361CC816773037C155C273B99E7C
                                                SHA-512:5144F01BEE04455D5B9A7B07E62F4AFB928605331213EB483265016640198C175DC08673903ED5BC16B385EE76657AA4303776233D04347D9D1DAADCE39525C4
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...G............" .........0...............................................@......&.....`A.........................................................0...............0...&..............p............................................................................rdata..=...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\api-ms-win-crt-utility-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22024
                                                Entropy (8bit):4.786629061204274
                                                Encrypted:false
                                                SSDEEP:192:M/fHQduHWyhWYWGxVA6VWQ42WTch+kSobX01k9z3AITduTA0K:M/fRWyhWAxdNK+R9zrTd1/
                                                MD5:57D3EE548DB3A503AC391AF798E0E2A2
                                                SHA1:D686A96C5046D6D7A022C4266A5D0014745360A4
                                                SHA-256:2C80280E51C242466E10A36A0BF2A341607983B6F6648F93B0718B34AB5285C5
                                                SHA-512:F3EA9C8F2F230D23BC878E37044599B2C77F0BF6DD84B07C2F87A84263FB9AC7F44732F05E14781B6046AFB2A39F27135C96D2DA2AB9605BD00E55D9B0FFFB0B
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...2............." .........0...............................................@......!.....`A............................................^............0...............0...&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                Category:dropped
                                                Size (bytes):1847603
                                                Entropy (8bit):5.576587358103163
                                                Encrypted:false
                                                SSDEEP:24576:mQR5pATu7xm4lUKdcubgAnyfbazZ0iwh9EpdYf9P3sLoThUdWQhuHHa:mQR5plxm+zJ5uUwQ5
                                                MD5:E17CE7183E682DE459EEC1A5AC9CBBFF
                                                SHA1:722968CA6EB123730EBC30FF2D498F9A5DAD4CC1
                                                SHA-256:FF6A37C49EE4BB07A763866D4163126165038296C1FB7B730928297C25CFBE6D
                                                SHA-512:FAB76B59DCD3570695FA260F56E277F8D714048F3D89F6E9F69EA700FCA7C097D0DB5F5294BEAB4E6409570408F1D680E8220851FEDEDB981ACB129A415358D1
                                                Malicious:false
                                                Preview:PK..........!.h%..b...b......._collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\bcrypt\_bcrypt.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):301568
                                                Entropy (8bit):6.375720417060108
                                                Encrypted:false
                                                SSDEEP:6144:GSL1oP995ooVABNirLq0l/IzkQ37P6BdeAb6:Gh19NO7irLq0l/IzB37Pe6
                                                MD5:03EF5E8DA65667751E1FD3FA0C182D3E
                                                SHA1:4608D1EFCA23143006C1338DEDA144A2F3BB8A16
                                                SHA-256:3D1C66BDCB4FA0B8E917895E1B4D62EE14260EAA1BD6FE908877C47585EC6127
                                                SHA-512:C094A3DFBD863726524C56DAB2592B3513A3A8C445BCAAC6CFB41A5DDEC3079D9B1F849C6826C1CC4241CA8B0AA44E33D2502BB20856313966AF31F480BA8811
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........M.R.#GR.#GR.#G[..GT.#G."FP.#G.&FB.#G.'FU.#G. FQ.#G.."FP.#G."FQ.#GR."G=.#GR.#G..#G.#FS.#G.!FS.#GRichR.#G........................PE..d.....Bc.........." ...!.J...N.......*....................................................`..........................................o..T...Dp..................."......................T.......................(...p...@............`..p............................text...GI.......J.................. ..`.rdata.......`.......N..............@..@.data...x............l..............@....pdata...".......$...n..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\certifi\cacert.pem

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):275233
                                                Entropy (8bit):6.04917730761317
                                                Encrypted:false
                                                SSDEEP:6144:QW1H/M8fRR0mNplkXCRrVADwYCuCigT/Q5MSRqNb7d8N:QWN/TRLNLWCRrI55MWavdA
                                                MD5:59A15F9A93DCDAA5BFCA246B84FA936A
                                                SHA1:7F295EA74FC7ED0AF0E92BE08071FB0B76C8509E
                                                SHA-256:2C11C3CE08FFC40D390319C72BC10D4F908E9C634494D65ED2CBC550731FD524
                                                SHA-512:746157A0FCEDC67120C2A194A759FA8D8E1F84837E740F379566F260E41AA96B8D4EA18E967E3D1AA1D65D5DE30453446D8A8C37C636C08C6A3741387483A7D7
                                                Malicious:false
                                                Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md.cp311-win_amd64.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):10752
                                                Entropy (8bit):4.663205590455457
                                                Encrypted:false
                                                SSDEEP:96:qlTp72HzA5iJewkY0hQMsQJCUCLsZEA4elh3XQMtCFNGioUjQcX6g8cim1qeSju1:ql12HzzjBbRYoesfoRcqgvimoe
                                                MD5:FA50D9F8BCE6BD13652F5090E7B82C4D
                                                SHA1:EE137DA302A43C2F46D4323E98FFD46D92CF4BEF
                                                SHA-256:FFF69928DEA1432E0C7CB1225AB96F94FD38D5D852DE9A6BB8BF30B7D2BEDCEB
                                                SHA-512:341CEC015E74348EAB30D86EBB35C028519703006814A2ECD19B9FE5E6FCB05EDA6DDE0AAF4FE624D254B0D0180EC32ADF3B93EE96295F8F0F4C9D4ED27A7C0C
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.V\..V\..V\.._$..T\... ..T\...$..T\... ..]\... ..^\... ..U\... ..U\..V\..p\.. ..W\.. ..W\.. z.W\.. ..W\..RichV\..........................PE..d......d.........." ...".....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):115712
                                                Entropy (8bit):5.890497931382238
                                                Encrypted:false
                                                SSDEEP:1536:rKLwVA2epJbdfD3NTSGkzsvDNIWN4ZgibPq0kgIWgymA5TGK2MLVur:rKL/dhTMzsbNd9ibPavPA5TGK7Qr
                                                MD5:2D1F2FFD0FECF96A053043DAAD99A5DF
                                                SHA1:B03D5F889E55E802D3802D0F0CAA4D29C538406B
                                                SHA-256:207BBAE9DDF8BDD64E65A8D600FE1DD0465F2AFCD6DC6E28D4D55887CD6CBD13
                                                SHA-512:4F7D68F241A7F581E143A010C78113154072C63ADFF5F200EF67EB34D766D14CE872D53183EB2B96B1895AA9C8D4CA82EE5E61E1C5E655FF5BE56970BE9EBE3E
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................o.........................................5...........m...L.....L.......L.......L.......Rich............................PE..d......d.........." ...".(...........,....................................................`.........................................P...d.......................................$...pu..............................0t..@............@...............................text....'.......(.................. ..`.rdata...S...@...T...,..............@..@.data...x8.......,..................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-41.0.4.dist-info\INSTALLER

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):4
                                                Entropy (8bit):1.5
                                                Encrypted:false
                                                SSDEEP:3:Mn:M
                                                MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                Malicious:false
                                                Preview:pip.

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-41.0.4.dist-info\LICENSE

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):197
                                                Entropy (8bit):4.61968998873571
                                                Encrypted:false
                                                SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                Malicious:false
                                                Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-41.0.4.dist-info\LICENSE.APACHE

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):11360
                                                Entropy (8bit):4.426756947907149
                                                Encrypted:false
                                                SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                Malicious:false
                                                Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-41.0.4.dist-info\LICENSE.BSD

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):1532
                                                Entropy (8bit):5.058591167088024
                                                Encrypted:false
                                                SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                Malicious:false
                                                Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-41.0.4.dist-info\METADATA

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):5292
                                                Entropy (8bit):5.115601723451997
                                                Encrypted:false
                                                SSDEEP:96:DxJJpqZink/QIHQIyzQIZQILuQIR8vtklGovxNx6sWwCvCCcTKvIrrg9BMM6VwD/:vJnkoBs/sqLz8cTKvIrrUiM6VwDjyeWs
                                                MD5:2C87710E3BC115CA8A5E0502DC736D50
                                                SHA1:FDB0CAE5C1C02D431EE086FCF244BBF259D844A6
                                                SHA-256:93D7894BED7E8613D74E27587C01831E848B402803EF778EAFA8A5017A34F02E
                                                SHA-512:E642EC9ADB6C5A2330677713E1F58B9D280FF02D43303B8EE7BA2113351FCA653341691CF55485D07ADAA57800329C169C1B59117893420D011C0035673B39E7
                                                Malicious:false
                                                Preview:Metadata-Version: 2.1..Name: cryptography..Version: 41.0.4..Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers...Author-email: The Python Cryptographic Authority and individual contributors <cryptography-dev@python.org>..License: Apache-2.0 OR BSD-3-Clause..Project-URL: homepage, https://github.com/pyca/cryptography..Project-URL: documentation, https://cryptography.io/..Project-URL: source, https://github.com/pyca/cryptography/..Project-URL: issues, https://github.com/pyca/cryptography/issues..Project-URL: changelog, https://cryptography.io/en/latest/changelog/..Classifier: Development Status :: 5 - Production/Stable..Classifier: Intended Audience :: Developers..Classifier: License :: OSI Approved :: Apache Software License..Classifier: License :: OSI Approved :: BSD License..Classifier: Natural Language :: English..Classifier: Operating System :: MacOS :: MacOS X..Classifier: Operating System :: POSIX..Classifier: Operating Syst

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-41.0.4.dist-info\RECORD

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:CSV text
                                                Category:dropped
                                                Size (bytes):15334
                                                Entropy (8bit):5.552208695627315
                                                Encrypted:false
                                                SSDEEP:384:IXYU/ZfaigkeVJN5Z6FGotqw+x6uvnPLEC:IoUxfzpctZEC
                                                MD5:9070E7C53E544DB0D7D3C4DC69B71904
                                                SHA1:8E19945D6FC68C388F6E7AC348239524EB9E85CC
                                                SHA-256:194667D355272CD86AB7C9AD92B99450C13237AD187911F8E19663D49478CED4
                                                SHA-512:453E4939DAB7F64A9BC47C557EE0634429C9897C52B1C01558BAB554C42E5FB3D0CF237EF1BD655CF7CF705904F021601F053A25B8E24AB0153B3C0283042007
                                                Malicious:false
                                                Preview:cryptography-41.0.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-41.0.4.dist-info/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-41.0.4.dist-info/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-41.0.4.dist-info/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography-41.0.4.dist-info/METADATA,sha256=k9eJS-1-hhPXTidYfAGDHoSLQCgD73eOr6ilAXo08C4,5292..cryptography-41.0.4.dist-info/RECORD,,..cryptography-41.0.4.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-41.0.4.dist-info/WHEEL,sha256=49eUReSKRf2dQNtI9qGzVetjmVVeuTcyo4y-daK7Wcg,100..cryptography-41.0.4.dist-info/top_level.txt,sha256=KNaT-Sn2K4uxNaEbe6mYdDn3qWDMlp4y-MtWfB73nJc,13..cryptography/__about__.py,sha256=QoWTuIXfz5CTOnAMXDj5J9gWmaBajYMZHmfFyqeYRHE,445..cryptography/__init__.py,sha256=iVPlBlXWTJyiFeRedxcbMPhyHB34viOM10d72vGnWuE,364..cryptography/__pycache__/_

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-41.0.4.dist-info\WHEEL

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):100
                                                Entropy (8bit):5.027885415836537
                                                Encrypted:false
                                                SSDEEP:3:RtEeX7MWcSlVlF5jP+tkKc/SKQLn:RtBMwlVNWKxDQLn
                                                MD5:6D58A9154ADC6298D1D966316ABF1578
                                                SHA1:99FB4F5E458E79E756650C31A3D086D34C766493
                                                SHA-256:E3D79445E48A45FD9D40DB48F6A1B355EB6399555EB93732A38CBE75A2BB59C8
                                                SHA-512:F8941397E1FB58786BA8C2AF1E86AD0ECD83BF57C72E4B0127D7C5C46DA52EEF5CACCCD84E055D4F35072841AC7A2940EFD394E6227D3BCBC2E0656B3947C050
                                                Malicious:false
                                                Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.41.2).Root-Is-Purelib: false.Tag: cp37-abi3-win_amd64..

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-41.0.4.dist-info\top_level.txt

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):13
                                                Entropy (8bit):3.2389012566026314
                                                Encrypted:false
                                                SSDEEP:3:cOv:Nv
                                                MD5:E7274BD06FF93210298E7117D11EA631
                                                SHA1:7132C9EC1FD99924D658CC672F3AFE98AFEFAB8A
                                                SHA-256:28D693F929F62B8BB135A11B7BA9987439F7A960CC969E32F8CB567C1EF79C97
                                                SHA-512:AA6021C4E60A6382630BEBC1E16944F9B312359D645FC61219E9A3F19D876FD600E07DCA6932DCD7A1E15BFDEAC7DBDCEB9FFFCD5CA0E5377B82268ED19DE225
                                                Malicious:false
                                                Preview:cryptography.

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography\hazmat\bindings\_rust.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):6642688
                                                Entropy (8bit):6.577039518750405
                                                Encrypted:false
                                                SSDEEP:196608:WW58e0d+4d/PELa7tuWcjF8Qocmwis1J:WW58e0dbd/P6EtKjF8
                                                MD5:0617BE8F80712BFECC5B6551B0611C54
                                                SHA1:8211673695BE21AFB30ABDE8F63E6321B4E2A492
                                                SHA-256:DCB9980557FD18E59A075758236DA0D3FCD445FAE2EF990E670CC5DA1A67FC73
                                                SHA-512:2343786E5D40771D688FE5582DCA2240B8821C957F51EB7CFB63A679BD5D71A126FEE2BCD5E91FEB205117A49220610DAF302C95E245C34A0A8C6E061262C31A
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........{W........................................................./.......................2........s..........n....s.......s......Rich............PE..d...{..e.........." ...%..L.........X7L.......................................e...........`.........................................@.`.p.....`.|.............a.D.............d.,...@Z[.T....................[[.(....Y[.@.............L..............................text.....L.......L................. ..`.rdata........L.......L.............@..@.data...`.....`.......`.............@....pdata..D.....a.......a.............@..@.reloc..,.....d.......d.............@..B........................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\libcrypto-1_1.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):3445016
                                                Entropy (8bit):6.099467326309974
                                                Encrypted:false
                                                SSDEEP:98304:+/+YgEQaGDoWS04ki7x+QRsZ51CPwDv3uFfJx:MLgEXGUZ37x+VZ51CPwDv3uFfJx
                                                MD5:E94733523BCD9A1FB6AC47E10A267287
                                                SHA1:94033B405386D04C75FFE6A424B9814B75C608AC
                                                SHA-256:F20EB4EFD8647B5273FDAAFCEB8CCB2B8BA5329665878E01986CBFC1E6832C44
                                                SHA-512:07DD0EB86498497E693DA0F9DD08DE5B7B09052A2D6754CFBC2AA260E7F56790E6C0A968875F7803CB735609B1E9B9C91A91B84913059C561BFFED5AB2CBB29F
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........).h.z.h.z.h.z..Oz.h.z...{.h.z...{.h.z...{.h.z...{.h.z.h.zjh.z...{.h.z=..{.h.z=..{.j.z=..{.h.z=.#z.h.z=..{.h.zRich.h.z........................PE..d.....wd.........." ..."..$...................................................5......o5...`..........................................y/..h...J4.@.....4.|....p2......b4../....4..O..P.,.8.............................,.@............@4..............................text...$.$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata..h....p2.......1.............@..@.idata..^#...@4..$....3.............@..@.00cfg..u....p4.......3.............@..@.rsrc...|.....4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\libffi-8.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):39696
                                                Entropy (8bit):6.641880464695502
                                                Encrypted:false
                                                SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\libssl-1_1.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):704792
                                                Entropy (8bit):5.55753143710539
                                                Encrypted:false
                                                SSDEEP:12288:ihO7/rNKmrouK/POt6h+7ToRLgo479dQwwLOpWW/dQ0T9qwfU2lvzA:iis/POtrzbLp5dQ0T9qcU2lvzA
                                                MD5:25BDE25D332383D1228B2E66A4CB9F3E
                                                SHA1:CD5B9C3DD6AAB470D445E3956708A324E93A9160
                                                SHA-256:C8F7237E7040A73C2BEA567ACC9CEC373AADD48654AAAC6122416E160F08CA13
                                                SHA-512:CA2F2139BB456799C9F98EF8D89FD7C09D1972FA5DD8FC01B14B7AF00BF8D2C2175FB2C0C41E49A6DAF540E67943AAD338E33C1556FD6040EF06E0F25BFA88FA
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........q...q...q.....q..p...q..p...q..t...q..u...q..r...q.[.p...q...p.u.q.[.u...q.[.q...q.[.....q.[.s...q.Rich..q.........................PE..d.....wd.........." ...".D...T......<.....................................................`..........................................A...N..@U..........s........N......./......h.......8...............................@............@..@............................text....B.......D.................. ..`.rdata.../...`...0...H..............@..@.data...AM.......D...x..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............l..............@..@.rsrc...s............n..............@..@.reloc..q............v..............@..B................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\python3.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):67352
                                                Entropy (8bit):6.146621901948148
                                                Encrypted:false
                                                SSDEEP:768:rw/EsYpkVgBaz57kcDA7QKFmpz7cnzH/ks/KF61xubwmB1Cf//yhC74JFmpktJSy:8/5k8cnzeJf9IPL037SyG3Px
                                                MD5:B711598FC3ED0FE4CF2C7F3E0877979E
                                                SHA1:299C799E5D697834AA2447D8A313588AB5C5E433
                                                SHA-256:520169AA6CF49D7EE724D1178DE1BE0E809E4BDCF671E06F3D422A0DD5FD294A
                                                SHA-512:B3D59EFF5E38CEF651C9603971BDE77BE7231EA8B7BDB444259390A8A9E452E107A0B6CB9CC93E37FD3B40AFB2BA9E67217D648BFCA52F7CDC4B60C7493B6B84
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%{..a.e.a.e.a.e..fm.`.e..fe.`.e..f..`.e..fg.`.e.Richa.e.........................PE..d......d.........." ...".................................................................`.........................................`...P................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\python311.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):5762840
                                                Entropy (8bit):6.089392282930885
                                                Encrypted:false
                                                SSDEEP:49152:73djosVvASxQKADxYBVD0NErnKqroleDkcWE/Q3pPITbwVFZL7VgVr42I1vJHH++:73ZOKRtlrJ7wfGrs1BHeM+2PocL2
                                                MD5:5A5DD7CAD8028097842B0AFEF45BFBCF
                                                SHA1:E247A2E460687C607253949C52AE2801FF35DC4A
                                                SHA-256:A811C7516F531F1515D10743AE78004DD627EBA0DC2D3BC0D2E033B2722043CE
                                                SHA-512:E6268E4FAD2CE3EF16B68298A57498E16F0262BF3531539AD013A66F72DF471569F94C6FCC48154B7C3049A3AD15CBFCBB6345DACB4F4ED7D528C74D589C9858
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.D.5.*.5.*.5.*.z.+.7.*.z...;.*.z./.9.*.z...=.*.z.).1.*.<../.*.~.+.>.*.5.+.P.*...'..*...*.4.*.....4.*...(.4.*.Rich5.*.........................PE..d......d.........." ...".X%..47.....\H........................................\.......X...`...........................................@......WA......p[.......V.d0....W../....[..C....).T.............................).@............p%..............................text...rV%......X%................. ..`.rdata.......p%......\%.............@..@.data.........A..L...hA.............@....pdata..d0....V..2....Q.............@..@PyRuntim......X.......S.............@....rsrc........p[......rV.............@..@.reloc...C....[..D...|V.............@..B........................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\select.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):30480
                                                Entropy (8bit):6.578957517354568
                                                Encrypted:false
                                                SSDEEP:384:N1ecReJKrHqDUI7A700EZ9IPQGNHQIYiSy1pCQn1tPxh8E9VF0NykfF:3eUeJGHqNbD9IPQGR5YiSyvnnPxWEuN
                                                MD5:C97A587E19227D03A85E90A04D7937F6
                                                SHA1:463703CF1CAC4E2297B442654FC6169B70CFB9BF
                                                SHA-256:C4AA9A106381835CFB5F9BADFB9D77DF74338BC66E69183757A5A3774CCDACCF
                                                SHA-512:97784363F3B0B794D2F9FD6A2C862D64910C71591006A34EEDFF989ECCA669AC245B3DFE68EAA6DA621209A3AB61D36E9118EBB4BE4C0E72CE80FAB7B43BDE12
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........tB.t'B.t'B.t'K..'@.t'..u&@.t'..q&N.t'..p&J.t'..w&F.t'..u&@.t'B.u'..t'..u&G.t'..y&C.t'..t&C.t'...'C.t'..v&C.t'RichB.t'................PE..d......d.........." ...".....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B........................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\ucrtbase.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):1016584
                                                Entropy (8bit):6.669319438805479
                                                Encrypted:false
                                                SSDEEP:24576:VkmZDEMHhp9v1Ikbn3ND0TNVOsIut8P4zmxvSZX0yplkA:mmZFHhp9v1Io3h0TN3pvkA
                                                MD5:0E0BAC3D1DCC1833EAE4E3E4CF83C4EF
                                                SHA1:4189F4459C54E69C6D3155A82524BDA7549A75A6
                                                SHA-256:8A91052EF261B5FBF3223AE9CE789AF73DFE1E9B0BA5BDBC4D564870A24F2BAE
                                                SHA-512:A45946E3971816F66DD7EA3788AACC384A9E95011500B458212DC104741315B85659E0D56A41570731D338BDF182141C093D3CED222C007038583CEB808E26FD
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W..l9F.l9F.l9F...F.l9F.l8F.l9F...F.l9F..9G.l9F..:G.l9F..<G.l9F..7G.n9F..=G.l9F...F.l9F..;G.l9FRich.l9F........PE..d.....}X.........." .........`............................................................`A................................................p......................F...=......p...PX..T............................'...............O...............................text............................... ..`.rdata..<u.......v..................@..@.data....$...........r..............@....pdata.............................@..@.rsrc................4..............@..@.reloc..p............:..............@..B................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI73562\unicodedata.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):1141016
                                                Entropy (8bit):5.435086202175289
                                                Encrypted:false
                                                SSDEEP:12288:83kYbfjwR6nblonRiPDjRrO5184EPYPx++ZiLKGZ5KXyVH4eD1ol:8UYbMA0IDJcjEwPgPOG6Xyd461ol
                                                MD5:AA13EE6770452AF73828B55AF5CD1A32
                                                SHA1:C01ECE61C7623E36A834D8B3C660E7F28C91177E
                                                SHA-256:8FBED20E9225FF82132E97B4FEFBB5DDBC10C062D9E3F920A6616AB27BB5B0FB
                                                SHA-512:B2EEB9A7D4A32E91084FDAE302953AAC57388A5390F9404D8DFE5C4A8F66CA2AB73253CF5BA4CC55350D8306230DD1114A61E22C23F42FBCC5C0098046E97E0F
                                                Malicious:false
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................,...............,.....,.....,.y...,.....Rich..........PE..d......d.........." ...".@..........P*...............................................!....`.............................................X............`.......P..0....:.../...p.......]..T............................[..@............P..x............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data...H....0......................@....pdata..0....P.......&..............@..@.rsrc........`......................@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................

                                                Static File Info

                                                General

                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                Entropy (8bit):7.9846007116091435
                                                TrID:
                                                • Win64 Executable GUI (202006/5) 77.37%
                                                • InstallShield setup (43055/19) 16.49%
                                                • Win64 Executable (generic) (12005/4) 4.60%
                                                • Generic Win/DOS Executable (2004/3) 0.77%
                                                • DOS Executable Generic (2002/1) 0.77%
                                                File name:LisectAVT_2403002A_441.exe
                                                File size:11'819'953 bytes
                                                MD5:192d5d6258df991016c9163d71c9dfa0
                                                SHA1:2fc676f9fff99ce1404b9a73beaf4d5a9e0ed249
                                                SHA256:1828da209199d572416e9123480640280b77b9941eed2e95a8b2aff64cbf61d2
                                                SHA512:61ed79c4026aa69532800c664f85563e06b17c9d40ab3d5ac0214f8a0fc243e19243f3c87632be3725b094cc4f9ef54efe9791757f67d7ebc88c64e82b6c5d0d
                                                SSDEEP:196608:LaDuK50mr2puHUHNTk4FMIZETSejPePdrQJFSErBNOqipwRnYPv1i:aKmr2pu0tTkQETSevJc6OqGini1
                                                TLSH:4DC6335470F43D98D9598039C9928850D56EFCBF07A1B1C633F8366B27B3A6F582E932
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W...W...W.../...W.../...W.../...W...+l..W...+...W...+...W...+...W.../...W...W..)W..e+...W..e+...W..Rich.W.................

                                                File Icon

                                                Icon Hash:32507ee6c6f2324f

                                                Static PE Info

                                                General

                                                Entrypoint:0x14000b310
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x140000000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x65FA883D [Wed Mar 20 06:54:53 2024 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:5
                                                OS Version Minor:2
                                                File Version Major:5
                                                File Version Minor:2
                                                Subsystem Version Major:5
                                                Subsystem Version Minor:2
                                                Import Hash:0b5552dccd9d0a834cea55c0c8fc05be

                                                Entrypoint Preview

                                                Instruction
                                                dec eax
                                                sub esp, 28h
                                                call 00007F6B25093FDCh
                                                dec eax
                                                add esp, 28h
                                                jmp 00007F6B25093BEFh
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                dec eax
                                                sub esp, 28h
                                                call 00007F6B25094554h
                                                test eax, eax
                                                je 00007F6B25093D93h
                                                dec eax
                                                mov eax, dword ptr [00000030h]
                                                dec eax
                                                mov ecx, dword ptr [eax+08h]
                                                jmp 00007F6B25093D77h
                                                dec eax
                                                cmp ecx, eax
                                                je 00007F6B25093D86h
                                                xor eax, eax
                                                dec eax
                                                cmpxchg dword ptr [0004121Ch], ecx
                                                jne 00007F6B25093D60h
                                                xor al, al
                                                dec eax
                                                add esp, 28h
                                                ret
                                                mov al, 01h
                                                jmp 00007F6B25093D69h
                                                int3
                                                int3
                                                int3
                                                inc eax
                                                push ebx
                                                dec eax
                                                sub esp, 20h
                                                movzx eax, byte ptr [00041207h]
                                                test ecx, ecx
                                                mov ebx, 00000001h
                                                cmove eax, ebx
                                                mov byte ptr [000411F7h], al
                                                call 00007F6B25094353h
                                                call 00007F6B25095482h
                                                test al, al
                                                jne 00007F6B25093D76h
                                                xor al, al
                                                jmp 00007F6B25093D86h
                                                call 00007F6B250A1A61h
                                                test al, al
                                                jne 00007F6B25093D7Bh
                                                xor ecx, ecx
                                                call 00007F6B25095492h
                                                jmp 00007F6B25093D5Ch
                                                mov al, bl
                                                dec eax
                                                add esp, 20h
                                                pop ebx
                                                ret
                                                int3
                                                int3
                                                int3
                                                inc eax
                                                push ebx
                                                dec eax
                                                sub esp, 20h
                                                cmp byte ptr [000411BCh], 00000000h
                                                mov ebx, ecx
                                                jne 00007F6B25093DD9h
                                                cmp ecx, 01h
                                                jnbe 00007F6B25093DDCh
                                                call 00007F6B250944BAh
                                                test eax, eax
                                                je 00007F6B25093D9Ah

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3bd0c0x78.rdata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x275cc.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4e0000x20c4.pdata
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x7a0000x758.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x394800x1c.rdata
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x393400x140.rdata
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x418.rdata
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x10000x288000x28800443d51fb84559b563832949912f06b00False0.5583465952932098data6.488023200564254IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rdata0x2a0000x12b160x12c00d7626949e38ebe83e66fc34540060189False0.51546875data5.824648236150145IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .data0x3d0000x103f80xe00afabb66fdcd2825de5909f10c900fca7False0.13309151785714285DOS executable (block device driver \377\3)1.8096886543499544IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .pdata0x4e0000x20c40x22007b210ceebebc00c96d1c55c2b456bbb4False0.47794117647058826data5.274096406482418IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                _RDATA0x510000x15c0x200c059b775abce97446903f3597b027faeFalse0.384765625data2.808567494642619IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .rsrc0x520000x275cc0x27600c8641b21008856e511395a59404e232cFalse0.12509300595238096data3.602724069482839IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x7a0000x7580x80011aaafc72361ec8886a740c3e209ceb3False0.544921875data5.2576643703968475IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_ICON0x522980x2fabPNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced0.7577644841432435
                                                RT_ICON0x552440x136fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.8854271356783919
                                                RT_ICON0x565b40x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.02651425529397847
                                                RT_ICON0x66ddc0x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.033582089552238806
                                                RT_ICON0x702840x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.043811998110533774
                                                RT_ICON0x744ac0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.05995850622406639
                                                RT_ICON0x76a540x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.09662288930581614
                                                RT_ICON0x77afc0x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.1389344262295082
                                                RT_ICON0x784840x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 16800.14593023255813953
                                                RT_ICON0x78b3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.18439716312056736
                                                RT_GROUP_ICON0x78fa40x92data0.6986301369863014
                                                RT_MANIFEST0x790380x591XML 1.0 document, ASCII text, with CRLF line terminators0.44701754385964915

                                                Imports

                                                DLLImport
                                                USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                COMCTL32.dll
                                                KERNEL32.dllGetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, IsValidCodePage, GetACP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetOEMCP, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetEndOfFile, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                Network Behavior

                                                Suricata IDS Alerts

                                                TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                                2024-07-25T20:05:09.638875+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434971620.12.23.50192.168.2.11
                                                2024-07-25T20:04:31.621308+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434971020.12.23.50192.168.2.11

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jul 25, 2024 20:04:17.119529963 CEST497091007192.168.2.11103.215.124.97
                                                Jul 25, 2024 20:04:17.128334999 CEST100749709103.215.124.97192.168.2.11
                                                Jul 25, 2024 20:04:17.129113913 CEST497091007192.168.2.11103.215.124.97
                                                Jul 25, 2024 20:04:17.129245043 CEST497091007192.168.2.11103.215.124.97
                                                Jul 25, 2024 20:04:17.136832952 CEST100749709103.215.124.97192.168.2.11
                                                Jul 25, 2024 20:05:07.128854036 CEST100749709103.215.124.97192.168.2.11
                                                Jul 25, 2024 20:05:07.129184008 CEST497091007192.168.2.11103.215.124.97
                                                Jul 25, 2024 20:05:07.129724979 CEST497091007192.168.2.11103.215.124.97
                                                Jul 25, 2024 20:05:07.135345936 CEST100749709103.215.124.97192.168.2.11

                                                HTTP Request Dependency Graph

                                                • 103.215.124.97:1007

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.1149709103.215.124.9710077452C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                TimestampBytes transferredDirectionData
                                                Jul 25, 2024 20:04:17.129245043 CEST164OUTGET /download/1.txt HTTP/1.1
                                                Host: 103.215.124.97:1007
                                                User-Agent: python-requests/2.31.0
                                                Accept-Encoding: gzip, deflate
                                                Accept: */*
                                                Connection: keep-alive


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:14:04:13
                                                Start date:25/07/2024
                                                Path:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\user\Desktop\LisectAVT_2403002A_441.exe"
                                                Imagebase:0x7ff638110000
                                                File size:11'819'953 bytes
                                                MD5 hash:192D5D6258DF991016C9163D71C9DFA0
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:2
                                                Start time:14:04:15
                                                Start date:25/07/2024
                                                Path:C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\user\Desktop\LisectAVT_2403002A_441.exe"
                                                Imagebase:0x7ff638110000
                                                File size:11'819'953 bytes
                                                MD5 hash:192D5D6258DF991016C9163D71C9DFA0
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:true

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:11.6%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:16.3%
                                                  Total number of Nodes:2000
                                                  Total number of Limit Nodes:59
                                                  execution_graph 14908 7ff63812e8dc 14909 7ff63812eace 14908->14909 14912 7ff63812e91e _isindst 14908->14912 14910 7ff638124444 _get_daylight 11 API calls 14909->14910 14928 7ff63812eabe 14910->14928 14911 7ff63811ad80 _wfindfirst32i64 8 API calls 14913 7ff63812eae9 14911->14913 14912->14909 14914 7ff63812e99e _isindst 14912->14914 14929 7ff6381353b4 14914->14929 14919 7ff63812eafa 14921 7ff638129dd0 _wfindfirst32i64 17 API calls 14919->14921 14923 7ff63812eb0e 14921->14923 14926 7ff63812e9fb 14926->14928 14954 7ff6381353f8 14926->14954 14928->14911 14930 7ff63812e9bc 14929->14930 14931 7ff6381353c3 14929->14931 14936 7ff6381347b8 14930->14936 14961 7ff63812f788 EnterCriticalSection 14931->14961 14937 7ff63812e9d1 14936->14937 14938 7ff6381347c1 14936->14938 14937->14919 14942 7ff6381347e8 14937->14942 14939 7ff638124444 _get_daylight 11 API calls 14938->14939 14940 7ff6381347c6 14939->14940 14941 7ff638129db0 _invalid_parameter_noinfo 37 API calls 14940->14941 14941->14937 14943 7ff63812e9e2 14942->14943 14944 7ff6381347f1 14942->14944 14943->14919 14948 7ff638134818 14943->14948 14945 7ff638124444 _get_daylight 11 API calls 14944->14945 14946 7ff6381347f6 14945->14946 14947 7ff638129db0 _invalid_parameter_noinfo 37 API calls 14946->14947 14947->14943 14949 7ff63812e9f3 14948->14949 14950 7ff638134821 14948->14950 14949->14919 14949->14926 14951 7ff638124444 _get_daylight 11 API calls 14950->14951 14952 7ff638134826 14951->14952 14953 7ff638129db0 _invalid_parameter_noinfo 37 API calls 14952->14953 14953->14949 14962 7ff63812f788 EnterCriticalSection 14954->14962 18779 7ff6381394de 18780 7ff6381394ee 18779->18780 18783 7ff6381242f8 LeaveCriticalSection 18780->18783 17870 7ff638139664 17873 7ff6381242f8 LeaveCriticalSection 17870->17873 18784 7ff63812b9f0 18795 7ff63812f788 EnterCriticalSection 18784->18795 18800 7ff6381307f0 18811 7ff638136764 18800->18811 18812 7ff638136771 18811->18812 18813 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18812->18813 18814 7ff63813678d 18812->18814 18813->18812 18815 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18814->18815 18816 7ff6381307f9 18814->18816 18815->18814 18817 7ff63812f788 EnterCriticalSection 18816->18817 17753 7ff63811a370 17754 7ff63811a39e 17753->17754 17755 7ff63811a385 17753->17755 17755->17754 17757 7ff63812cacc 12 API calls 17755->17757 17756 7ff63811a3fc 17757->17756 14698 7ff6381287b9 14710 7ff6381290d8 14698->14710 14715 7ff63812a620 GetLastError 14710->14715 14716 7ff63812a661 FlsSetValue 14715->14716 14717 7ff63812a644 FlsGetValue 14715->14717 14719 7ff63812a673 14716->14719 14735 7ff63812a651 SetLastError 14716->14735 14718 7ff63812a65b 14717->14718 14717->14735 14718->14716 14746 7ff63812dd40 14719->14746 14722 7ff63812a6ed 14725 7ff63812920c __FrameHandler3::FrameUnwindToEmptyState 38 API calls 14722->14725 14723 7ff6381290e1 14737 7ff63812920c 14723->14737 14728 7ff63812a6f2 14725->14728 14726 7ff63812a6a0 FlsSetValue 14730 7ff63812a6ac FlsSetValue 14726->14730 14731 7ff63812a6be 14726->14731 14727 7ff63812a690 FlsSetValue 14729 7ff63812a699 14727->14729 14753 7ff638129e18 14729->14753 14730->14729 14759 7ff63812a3c4 14731->14759 14735->14722 14735->14723 14807 7ff638132770 14737->14807 14747 7ff63812dd51 _get_daylight 14746->14747 14748 7ff63812dda2 14747->14748 14749 7ff63812dd86 RtlAllocateHeap 14747->14749 14764 7ff6381326b0 14747->14764 14767 7ff638124444 14748->14767 14749->14747 14750 7ff63812a682 14749->14750 14750->14726 14750->14727 14754 7ff638129e1d RtlRestoreThreadPreferredUILanguages 14753->14754 14758 7ff638129e4c 14753->14758 14755 7ff638129e38 GetLastError 14754->14755 14754->14758 14756 7ff638129e45 Concurrency::details::SchedulerProxy::DeleteThis 14755->14756 14757 7ff638124444 _get_daylight 9 API calls 14756->14757 14757->14758 14758->14735 14793 7ff63812a29c 14759->14793 14770 7ff6381326f0 14764->14770 14776 7ff63812a798 GetLastError 14767->14776 14769 7ff63812444d 14769->14750 14775 7ff63812f788 EnterCriticalSection 14770->14775 14777 7ff63812a7d9 FlsSetValue 14776->14777 14782 7ff63812a7bc 14776->14782 14778 7ff63812a7eb 14777->14778 14781 7ff63812a7c9 14777->14781 14780 7ff63812dd40 _get_daylight 5 API calls 14778->14780 14779 7ff63812a845 SetLastError 14779->14769 14783 7ff63812a7fa 14780->14783 14781->14779 14782->14777 14782->14781 14784 7ff63812a818 FlsSetValue 14783->14784 14785 7ff63812a808 FlsSetValue 14783->14785 14786 7ff63812a836 14784->14786 14787 7ff63812a824 FlsSetValue 14784->14787 14788 7ff63812a811 14785->14788 14790 7ff63812a3c4 _get_daylight 5 API calls 14786->14790 14787->14788 14789 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 14788->14789 14789->14781 14791 7ff63812a83e 14790->14791 14792 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 14791->14792 14792->14779 14805 7ff63812f788 EnterCriticalSection 14793->14805 14841 7ff638132728 14807->14841 14846 7ff63812f788 EnterCriticalSection 14841->14846 18190 7ff638128a50 18193 7ff6381289d0 18190->18193 18200 7ff63812f788 EnterCriticalSection 18193->18200 14963 7ff63811b19c 14984 7ff63811b36c 14963->14984 14966 7ff63811b2e8 15086 7ff63811b69c IsProcessorFeaturePresent 14966->15086 14967 7ff63811b1b8 __scrt_acquire_startup_lock 14969 7ff63811b2f2 14967->14969 14972 7ff63811b1d6 __scrt_release_startup_lock 14967->14972 14970 7ff63811b69c 7 API calls 14969->14970 14973 7ff63811b2fd __FrameHandler3::FrameUnwindToEmptyState 14970->14973 14971 7ff63811b1fb 14972->14971 14974 7ff63811b281 14972->14974 15075 7ff638128984 14972->15075 14990 7ff63811b7e8 14974->14990 14976 7ff63811b286 14993 7ff638111000 14976->14993 14981 7ff63811b2a9 14981->14973 15082 7ff63811b500 14981->15082 15093 7ff63811b96c 14984->15093 14987 7ff63811b1b0 14987->14966 14987->14967 14988 7ff63811b39b __scrt_initialize_crt 14988->14987 15095 7ff63811cac8 14988->15095 15122 7ff63811c210 14990->15122 14992 7ff63811b7ff GetStartupInfoW 14992->14976 14994 7ff63811100b 14993->14994 15124 7ff638117600 14994->15124 14996 7ff63811101d 15131 7ff638124f14 14996->15131 14998 7ff63811367b 15138 7ff638111af0 14998->15138 15002 7ff63811ad80 _wfindfirst32i64 8 API calls 15003 7ff6381137ae 15002->15003 15080 7ff63811b82c GetModuleHandleW 15003->15080 15004 7ff638113699 15067 7ff63811379a 15004->15067 15154 7ff638113b20 15004->15154 15006 7ff6381136cb 15006->15067 15157 7ff638116990 15006->15157 15008 7ff6381136e7 15009 7ff638113733 15008->15009 15010 7ff638116990 61 API calls 15008->15010 15172 7ff638116f90 15009->15172 15016 7ff638113708 __std_exception_copy 15010->15016 15012 7ff638113748 15176 7ff6381119d0 15012->15176 15015 7ff63811383d 15018 7ff638113868 15015->15018 15305 7ff638113280 15015->15305 15016->15009 15021 7ff638116f90 58 API calls 15016->15021 15017 7ff6381119d0 121 API calls 15020 7ff63811377e 15017->15020 15029 7ff6381138ab 15018->15029 15187 7ff638117a30 15018->15187 15024 7ff6381137c0 15020->15024 15025 7ff638113782 15020->15025 15021->15009 15023 7ff638113888 15026 7ff63811388d 15023->15026 15027 7ff63811389e SetDllDirectoryW 15023->15027 15024->15015 15282 7ff638113cb0 15024->15282 15269 7ff638112770 15025->15269 15030 7ff638112770 59 API calls 15026->15030 15027->15029 15201 7ff638115e40 15029->15201 15030->15067 15035 7ff6381137e2 15040 7ff638112770 59 API calls 15035->15040 15036 7ff638113906 15043 7ff6381139c6 15036->15043 15051 7ff638113919 15036->15051 15039 7ff638113810 15039->15015 15042 7ff638113815 15039->15042 15040->15067 15041 7ff6381138c8 15041->15036 15319 7ff638115640 15041->15319 15301 7ff63811f2ac 15042->15301 15205 7ff638113110 15043->15205 15049 7ff6381138fc 15055 7ff638115890 FreeLibrary 15049->15055 15050 7ff6381138dd 15339 7ff6381155d0 15050->15339 15056 7ff638113965 15051->15056 15413 7ff638111b30 15051->15413 15055->15036 15056->15067 15417 7ff6381130b0 15056->15417 15057 7ff6381138e7 15057->15049 15059 7ff6381138eb 15057->15059 15058 7ff6381139fb 15060 7ff638116990 61 API calls 15058->15060 15407 7ff638115c90 15059->15407 15065 7ff638113a07 15060->15065 15063 7ff6381139a1 15066 7ff638115890 FreeLibrary 15063->15066 15065->15067 15222 7ff638116fd0 15065->15222 15066->15067 15067->15002 15076 7ff6381289bc 15075->15076 15077 7ff63812899b 15075->15077 15078 7ff6381290d8 45 API calls 15076->15078 15077->14974 15079 7ff6381289c1 15078->15079 15081 7ff63811b83d 15080->15081 15081->14981 15084 7ff63811b511 15082->15084 15083 7ff63811b2c0 15083->14971 15084->15083 15085 7ff63811cac8 __scrt_initialize_crt 7 API calls 15084->15085 15085->15083 15087 7ff63811b6c2 _wfindfirst32i64 __scrt_get_show_window_mode 15086->15087 15088 7ff63811b6e1 RtlCaptureContext RtlLookupFunctionEntry 15087->15088 15089 7ff63811b746 __scrt_get_show_window_mode 15088->15089 15090 7ff63811b70a RtlVirtualUnwind 15088->15090 15091 7ff63811b778 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15089->15091 15090->15089 15092 7ff63811b7ca _wfindfirst32i64 15091->15092 15092->14969 15094 7ff63811b38e __scrt_dllmain_crt_thread_attach 15093->15094 15094->14987 15094->14988 15096 7ff63811cada 15095->15096 15097 7ff63811cad0 15095->15097 15096->14987 15101 7ff63811ce44 15097->15101 15102 7ff63811cad5 15101->15102 15103 7ff63811ce53 15101->15103 15105 7ff63811ceb0 15102->15105 15109 7ff63811d080 15103->15109 15106 7ff63811cedb 15105->15106 15107 7ff63811cedf 15106->15107 15108 7ff63811cebe DeleteCriticalSection 15106->15108 15107->15096 15108->15106 15113 7ff63811cee8 15109->15113 15114 7ff63811cf2c __vcrt_FlsAlloc 15113->15114 15120 7ff63811d002 TlsFree 15113->15120 15115 7ff63811cf5a LoadLibraryExW 15114->15115 15118 7ff63811cff1 GetProcAddress 15114->15118 15114->15120 15121 7ff63811cf9d LoadLibraryExW 15114->15121 15116 7ff63811cf7b GetLastError 15115->15116 15117 7ff63811cfd1 15115->15117 15116->15114 15117->15118 15119 7ff63811cfe8 FreeLibrary 15117->15119 15118->15120 15119->15118 15121->15114 15121->15117 15123 7ff63811c1f0 15122->15123 15123->14992 15123->15123 15125 7ff63811761f 15124->15125 15126 7ff638117670 WideCharToMultiByte 15125->15126 15127 7ff638117627 __std_exception_copy 15125->15127 15129 7ff6381176c6 WideCharToMultiByte 15125->15129 15130 7ff638117718 15125->15130 15126->15125 15126->15130 15127->14996 15129->15125 15129->15130 15454 7ff638112620 15130->15454 15134 7ff63812ec40 15131->15134 15132 7ff63812ec93 15133 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15132->15133 15137 7ff63812ecbc 15133->15137 15134->15132 15135 7ff63812ece6 15134->15135 15820 7ff63812eb18 15135->15820 15137->14998 15139 7ff638111b05 15138->15139 15140 7ff638111b20 15139->15140 15828 7ff6381124d0 15139->15828 15140->15067 15142 7ff638113ba0 15140->15142 15143 7ff63811adb0 15142->15143 15144 7ff638113bac GetModuleFileNameW 15143->15144 15145 7ff638113bdb 15144->15145 15146 7ff638113bf2 15144->15146 15147 7ff638112620 57 API calls 15145->15147 15868 7ff638117b40 15146->15868 15149 7ff638113bee 15147->15149 15151 7ff63811ad80 _wfindfirst32i64 8 API calls 15149->15151 15153 7ff638113c2f 15151->15153 15152 7ff638112770 59 API calls 15152->15149 15153->15004 15155 7ff638111b30 49 API calls 15154->15155 15156 7ff638113b3d 15155->15156 15156->15006 15158 7ff63811699a 15157->15158 15159 7ff638117a30 57 API calls 15158->15159 15160 7ff6381169bc GetEnvironmentVariableW 15159->15160 15161 7ff638116a26 15160->15161 15162 7ff6381169d4 ExpandEnvironmentStringsW 15160->15162 15164 7ff63811ad80 _wfindfirst32i64 8 API calls 15161->15164 15163 7ff638117b40 59 API calls 15162->15163 15165 7ff6381169fc 15163->15165 15166 7ff638116a38 15164->15166 15165->15161 15167 7ff638116a06 15165->15167 15166->15008 15879 7ff63812910c 15167->15879 15170 7ff63811ad80 _wfindfirst32i64 8 API calls 15171 7ff638116a1e 15170->15171 15171->15008 15173 7ff638117a30 57 API calls 15172->15173 15174 7ff638116fa7 SetEnvironmentVariableW 15173->15174 15175 7ff638116fbf __std_exception_copy 15174->15175 15175->15012 15177 7ff638111b30 49 API calls 15176->15177 15178 7ff638111a00 15177->15178 15179 7ff638111b30 49 API calls 15178->15179 15185 7ff638111a7a 15178->15185 15180 7ff638111a22 15179->15180 15181 7ff638113b20 49 API calls 15180->15181 15180->15185 15182 7ff638111a3b 15181->15182 15886 7ff6381117b0 15182->15886 15185->15015 15185->15017 15186 7ff63811f2ac 74 API calls 15186->15185 15188 7ff638117ad7 MultiByteToWideChar 15187->15188 15189 7ff638117a51 MultiByteToWideChar 15187->15189 15190 7ff638117afa 15188->15190 15191 7ff638117b1f 15188->15191 15192 7ff638117a77 15189->15192 15196 7ff638117a9c 15189->15196 15194 7ff638112620 55 API calls 15190->15194 15191->15023 15193 7ff638112620 55 API calls 15192->15193 15195 7ff638117a8a 15193->15195 15197 7ff638117b0d 15194->15197 15195->15023 15196->15188 15198 7ff638117ab2 15196->15198 15197->15023 15199 7ff638112620 55 API calls 15198->15199 15200 7ff638117ac5 15199->15200 15200->15023 15202 7ff638115e55 15201->15202 15203 7ff6381138b0 15202->15203 15204 7ff6381124d0 59 API calls 15202->15204 15203->15036 15309 7ff638115ae0 15203->15309 15204->15203 15206 7ff6381131c4 15205->15206 15213 7ff638113183 15205->15213 15207 7ff638113203 15206->15207 15208 7ff638111ab0 74 API calls 15206->15208 15209 7ff63811ad80 _wfindfirst32i64 8 API calls 15207->15209 15208->15206 15210 7ff638113215 15209->15210 15210->15067 15215 7ff638116f20 15210->15215 15213->15206 15959 7ff638111440 15213->15959 15993 7ff638112990 15213->15993 16048 7ff638111780 15213->16048 15216 7ff638117a30 57 API calls 15215->15216 15217 7ff638116f3f 15216->15217 15218 7ff638117a30 57 API calls 15217->15218 15219 7ff638116f4f 15218->15219 15220 7ff6381266b4 38 API calls 15219->15220 15221 7ff638116f5d __std_exception_copy 15220->15221 15221->15058 15223 7ff638116fe0 15222->15223 15224 7ff638117a30 57 API calls 15223->15224 15225 7ff638117011 SetConsoleCtrlHandler GetStartupInfoW 15224->15225 15226 7ff638117072 15225->15226 16925 7ff638129184 15226->16925 15230 7ff638117081 15231 7ff638129184 _fread_nolock 37 API calls 15230->15231 15232 7ff6381170a0 15231->15232 15233 7ff638126ef8 _fread_nolock 37 API calls 15232->15233 15234 7ff6381170a7 15233->15234 15235 7ff638129184 _fread_nolock 37 API calls 15234->15235 15236 7ff6381170c7 15235->15236 15270 7ff638112790 15269->15270 15271 7ff638123be4 49 API calls 15270->15271 15272 7ff6381127dd __scrt_get_show_window_mode 15271->15272 15273 7ff638117a30 57 API calls 15272->15273 15274 7ff63811280a 15273->15274 15275 7ff638112849 MessageBoxA 15274->15275 15276 7ff63811280f 15274->15276 15278 7ff638112863 15275->15278 15277 7ff638117a30 57 API calls 15276->15277 15279 7ff638112829 MessageBoxW 15277->15279 15280 7ff63811ad80 _wfindfirst32i64 8 API calls 15278->15280 15279->15278 15281 7ff638112873 15280->15281 15281->15067 15283 7ff638113cbc 15282->15283 15284 7ff638117a30 57 API calls 15283->15284 15285 7ff638113ce7 15284->15285 15286 7ff638117a30 57 API calls 15285->15286 15287 7ff638113cfa 15286->15287 16981 7ff6381254c8 15287->16981 15290 7ff63811ad80 _wfindfirst32i64 8 API calls 15291 7ff6381137da 15290->15291 15291->15035 15292 7ff638117200 15291->15292 15293 7ff638117224 15292->15293 15294 7ff63811f934 73 API calls 15293->15294 15299 7ff6381172fb __std_exception_copy 15293->15299 15295 7ff63811723e 15294->15295 15295->15299 17360 7ff638127938 15295->17360 15297 7ff63811f934 73 API calls 15300 7ff638117253 15297->15300 15298 7ff63811f5fc _fread_nolock 53 API calls 15298->15300 15299->15039 15300->15297 15300->15298 15300->15299 15302 7ff63811f2dc 15301->15302 17375 7ff63811f088 15302->17375 15304 7ff63811f2f5 15304->15035 15306 7ff638113297 15305->15306 15307 7ff6381132c0 15305->15307 15306->15307 15308 7ff638111780 59 API calls 15306->15308 15307->15018 15308->15306 15310 7ff638115b04 15309->15310 15314 7ff638115b31 15309->15314 15311 7ff638115b2c 15310->15311 15312 7ff638111780 59 API calls 15310->15312 15310->15314 15318 7ff638115b27 __std_exception_copy memcpy_s 15310->15318 17386 7ff6381112b0 15311->17386 15312->15310 15314->15318 17412 7ff638113d30 15314->17412 15316 7ff638115b97 15317 7ff638112770 59 API calls 15316->15317 15316->15318 15317->15318 15318->15041 15324 7ff63811565a memcpy_s 15319->15324 15320 7ff63811577f 15323 7ff638113d30 49 API calls 15320->15323 15322 7ff63811579b 15326 7ff638112770 59 API calls 15322->15326 15325 7ff6381157f8 15323->15325 15324->15320 15324->15322 15324->15324 15327 7ff638113d30 49 API calls 15324->15327 15328 7ff638115760 15324->15328 15336 7ff638111440 161 API calls 15324->15336 15337 7ff638115781 15324->15337 17415 7ff638111650 15324->17415 15329 7ff638113d30 49 API calls 15325->15329 15330 7ff638115791 __std_exception_copy 15326->15330 15327->15324 15328->15320 15331 7ff638113d30 49 API calls 15328->15331 15332 7ff638115828 15329->15332 15333 7ff63811ad80 _wfindfirst32i64 8 API calls 15330->15333 15331->15320 15335 7ff638113d30 49 API calls 15332->15335 15334 7ff6381138d9 15333->15334 15334->15049 15334->15050 15335->15330 15336->15324 15338 7ff638112770 59 API calls 15337->15338 15338->15330 17420 7ff6381171b0 15339->17420 15341 7ff6381155e2 15342 7ff6381171b0 58 API calls 15341->15342 15343 7ff6381155f5 15342->15343 15344 7ff63811561a 15343->15344 15346 7ff63811560d GetProcAddress 15343->15346 15345 7ff638112770 59 API calls 15344->15345 15348 7ff638115626 15345->15348 15349 7ff638115f9c GetProcAddress 15346->15349 15350 7ff638115f79 15346->15350 15348->15057 15349->15350 15351 7ff638115fc1 GetProcAddress 15349->15351 15352 7ff638112620 57 API calls 15350->15352 15351->15350 15353 7ff638115fe6 GetProcAddress 15351->15353 15354 7ff638115f8c 15352->15354 15353->15350 15355 7ff63811600e GetProcAddress 15353->15355 15354->15057 15355->15350 15356 7ff638116036 GetProcAddress 15355->15356 15356->15350 15357 7ff63811605e GetProcAddress 15356->15357 15358 7ff638116086 GetProcAddress 15357->15358 15359 7ff63811607a 15357->15359 15360 7ff6381160ae GetProcAddress 15358->15360 15361 7ff6381160a2 15358->15361 15359->15358 15362 7ff6381160d6 GetProcAddress 15360->15362 15363 7ff6381160ca 15360->15363 15361->15360 15364 7ff6381160fe GetProcAddress 15362->15364 15365 7ff6381160f2 15362->15365 15363->15362 15366 7ff638116126 GetProcAddress 15364->15366 15367 7ff63811611a 15364->15367 15365->15364 15368 7ff63811614e GetProcAddress 15366->15368 15369 7ff638116142 15366->15369 15367->15366 15370 7ff638116176 GetProcAddress 15368->15370 15371 7ff63811616a 15368->15371 15369->15368 15371->15370 15408 7ff638115cb4 15407->15408 15409 7ff6381138fa 15408->15409 15410 7ff638112770 59 API calls 15408->15410 15409->15036 15411 7ff638115d0e 15410->15411 15412 7ff638115890 FreeLibrary 15411->15412 15412->15409 15414 7ff638111b55 15413->15414 15415 7ff638123be4 49 API calls 15414->15415 15416 7ff638111b78 15415->15416 15416->15056 17424 7ff638114960 15417->17424 15420 7ff6381130fd 15420->15063 15422 7ff6381130d4 15422->15420 17480 7ff6381146e0 15422->17480 15424 7ff6381130e0 15424->15420 17490 7ff638114840 15424->17490 15426 7ff6381130ec 15426->15420 15427 7ff638113327 15426->15427 15428 7ff63811333c 15426->15428 15429 7ff638112770 59 API calls 15427->15429 15430 7ff63811335c 15428->15430 15442 7ff638113372 __std_exception_copy 15428->15442 15434 7ff638113333 __std_exception_copy 15429->15434 15432 7ff638112770 59 API calls 15430->15432 15432->15434 15435 7ff6381112b0 122 API calls 15435->15442 15436 7ff638111780 59 API calls 15436->15442 15437 7ff638111b30 49 API calls 15437->15442 15438 7ff63811360b 15440 7ff6381135e5 15442->15434 15442->15435 15442->15436 15442->15437 15442->15438 15442->15440 15443 7ff6381134d6 15442->15443 15473 7ff63811adb0 15454->15473 15457 7ff638112669 15475 7ff638123be4 15457->15475 15462 7ff638111b30 49 API calls 15463 7ff6381126c8 __scrt_get_show_window_mode 15462->15463 15464 7ff638117a30 54 API calls 15463->15464 15465 7ff6381126f5 15464->15465 15466 7ff6381126fa 15465->15466 15467 7ff638112734 MessageBoxA 15465->15467 15468 7ff638117a30 54 API calls 15466->15468 15469 7ff63811274e 15467->15469 15470 7ff638112714 MessageBoxW 15468->15470 15471 7ff63811ad80 _wfindfirst32i64 8 API calls 15469->15471 15470->15469 15472 7ff63811275e 15471->15472 15472->15127 15474 7ff63811263c GetLastError 15473->15474 15474->15457 15477 7ff638123c3e 15475->15477 15476 7ff638123c63 15478 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15476->15478 15477->15476 15479 7ff638123c9f 15477->15479 15481 7ff638123c8d 15478->15481 15505 7ff638121e70 15479->15505 15483 7ff63811ad80 _wfindfirst32i64 8 API calls 15481->15483 15482 7ff638123d7c 15484 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15482->15484 15485 7ff638112699 15483->15485 15484->15481 15493 7ff6381174b0 15485->15493 15487 7ff638123d51 15490 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15487->15490 15488 7ff638123da0 15488->15482 15489 7ff638123daa 15488->15489 15492 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15489->15492 15490->15481 15491 7ff638123d48 15491->15482 15491->15487 15492->15481 15494 7ff6381174bc 15493->15494 15495 7ff6381174d7 GetLastError 15494->15495 15496 7ff6381174dd FormatMessageW 15494->15496 15495->15496 15497 7ff63811752c WideCharToMultiByte 15496->15497 15498 7ff638117510 15496->15498 15500 7ff638117566 15497->15500 15501 7ff638117523 15497->15501 15499 7ff638112620 54 API calls 15498->15499 15499->15501 15502 7ff638112620 54 API calls 15500->15502 15503 7ff63811ad80 _wfindfirst32i64 8 API calls 15501->15503 15502->15501 15504 7ff6381126a0 15503->15504 15504->15462 15506 7ff638121eae 15505->15506 15507 7ff638121e9e 15505->15507 15508 7ff638121eb7 15506->15508 15512 7ff638121ee5 15506->15512 15509 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15507->15509 15510 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15508->15510 15511 7ff638121edd 15509->15511 15510->15511 15511->15482 15511->15487 15511->15488 15511->15491 15512->15507 15512->15511 15515 7ff638122194 15512->15515 15519 7ff638122800 15512->15519 15545 7ff6381224c8 15512->15545 15575 7ff638121d50 15512->15575 15578 7ff638123a20 15512->15578 15517 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15515->15517 15517->15507 15520 7ff638122842 15519->15520 15521 7ff6381228b5 15519->15521 15522 7ff638122848 15520->15522 15523 7ff6381228df 15520->15523 15524 7ff6381228ba 15521->15524 15525 7ff63812290f 15521->15525 15531 7ff63812284d 15522->15531 15534 7ff63812291e 15522->15534 15602 7ff638120db0 15523->15602 15526 7ff6381228bc 15524->15526 15527 7ff6381228ef 15524->15527 15525->15523 15525->15534 15543 7ff638122878 15525->15543 15528 7ff63812285d 15526->15528 15533 7ff6381228cb 15526->15533 15609 7ff6381209a0 15527->15609 15544 7ff63812294d 15528->15544 15584 7ff638123164 15528->15584 15531->15528 15535 7ff638122890 15531->15535 15531->15543 15533->15523 15537 7ff6381228d0 15533->15537 15534->15544 15616 7ff6381211c0 15534->15616 15535->15544 15594 7ff638123620 15535->15594 15537->15544 15598 7ff6381237b8 15537->15598 15539 7ff63811ad80 _wfindfirst32i64 8 API calls 15541 7ff638122be3 15539->15541 15541->15512 15543->15544 15623 7ff63812da00 15543->15623 15544->15539 15546 7ff6381224e9 15545->15546 15547 7ff6381224d3 15545->15547 15550 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15546->15550 15561 7ff638122527 15546->15561 15548 7ff638122842 15547->15548 15549 7ff6381228b5 15547->15549 15547->15561 15551 7ff638122848 15548->15551 15552 7ff6381228df 15548->15552 15553 7ff6381228ba 15549->15553 15554 7ff63812290f 15549->15554 15550->15561 15555 7ff63812291e 15551->15555 15562 7ff63812284d 15551->15562 15556 7ff638120db0 38 API calls 15552->15556 15557 7ff6381228ef 15553->15557 15558 7ff6381228bc 15553->15558 15554->15552 15554->15555 15573 7ff638122878 15554->15573 15566 7ff6381211c0 38 API calls 15555->15566 15574 7ff63812294d 15555->15574 15556->15573 15559 7ff6381209a0 38 API calls 15557->15559 15563 7ff6381228cb 15558->15563 15565 7ff63812285d 15558->15565 15559->15573 15560 7ff638123164 47 API calls 15560->15573 15561->15512 15564 7ff638122890 15562->15564 15562->15565 15562->15573 15563->15552 15567 7ff6381228d0 15563->15567 15568 7ff638123620 47 API calls 15564->15568 15564->15574 15565->15560 15565->15574 15566->15573 15570 7ff6381237b8 37 API calls 15567->15570 15567->15574 15568->15573 15569 7ff63811ad80 _wfindfirst32i64 8 API calls 15571 7ff638122be3 15569->15571 15570->15573 15571->15512 15572 7ff63812da00 47 API calls 15572->15573 15573->15572 15573->15574 15574->15569 15779 7ff63811ff74 15575->15779 15579 7ff638123a37 15578->15579 15796 7ff63812cb60 15579->15796 15585 7ff638123186 15584->15585 15633 7ff63811fde0 15585->15633 15590 7ff6381232c3 15592 7ff638123a20 45 API calls 15590->15592 15593 7ff63812334c 15590->15593 15591 7ff638123a20 45 API calls 15591->15590 15592->15593 15593->15543 15595 7ff6381236a0 15594->15595 15596 7ff638123638 15594->15596 15595->15543 15596->15595 15597 7ff63812da00 47 API calls 15596->15597 15597->15595 15601 7ff6381237d9 15598->15601 15599 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15600 7ff63812380a 15599->15600 15600->15543 15601->15599 15601->15600 15603 7ff638120de3 15602->15603 15604 7ff638120e12 15603->15604 15606 7ff638120ecf 15603->15606 15605 7ff63811fde0 12 API calls 15604->15605 15608 7ff638120e4f 15604->15608 15605->15608 15607 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15606->15607 15607->15608 15608->15543 15610 7ff6381209d3 15609->15610 15611 7ff638120a02 15610->15611 15613 7ff638120abf 15610->15613 15612 7ff63811fde0 12 API calls 15611->15612 15615 7ff638120a3f 15611->15615 15612->15615 15614 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15613->15614 15614->15615 15615->15543 15617 7ff6381211f3 15616->15617 15618 7ff638121222 15617->15618 15620 7ff6381212df 15617->15620 15619 7ff63811fde0 12 API calls 15618->15619 15622 7ff63812125f 15618->15622 15619->15622 15621 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15620->15621 15621->15622 15622->15543 15624 7ff63812da28 15623->15624 15626 7ff638123a20 45 API calls 15624->15626 15627 7ff63812da6d 15624->15627 15629 7ff63812da2d __scrt_get_show_window_mode 15624->15629 15631 7ff63812da56 __scrt_get_show_window_mode 15624->15631 15625 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15625->15629 15626->15627 15627->15629 15627->15631 15776 7ff63812f0b8 15627->15776 15629->15543 15631->15625 15631->15629 15634 7ff63811fe17 15633->15634 15640 7ff63811fe06 15633->15640 15634->15640 15663 7ff63812cacc 15634->15663 15636 7ff63811fe58 15639 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15636->15639 15638 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15638->15636 15639->15640 15641 7ff63812d718 15640->15641 15642 7ff63812d768 15641->15642 15643 7ff63812d735 15641->15643 15642->15643 15645 7ff63812d79a 15642->15645 15644 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15643->15644 15653 7ff6381232a1 15644->15653 15646 7ff63812d8ad 15645->15646 15658 7ff63812d7e2 15645->15658 15647 7ff63812d99f 15646->15647 15649 7ff63812d965 15646->15649 15651 7ff63812d934 15646->15651 15654 7ff63812d8f7 15646->15654 15655 7ff63812d8ed 15646->15655 15703 7ff63812cc04 15647->15703 15696 7ff63812cf9c 15649->15696 15689 7ff63812d27c 15651->15689 15653->15590 15653->15591 15679 7ff63812d4ac 15654->15679 15655->15649 15657 7ff63812d8f2 15655->15657 15657->15651 15657->15654 15658->15653 15670 7ff6381291ac 15658->15670 15661 7ff638129dd0 _wfindfirst32i64 17 API calls 15662 7ff63812d9fc 15661->15662 15664 7ff63812cb17 15663->15664 15668 7ff63812cadb _get_daylight 15663->15668 15666 7ff638124444 _get_daylight 11 API calls 15664->15666 15665 7ff63812cafe RtlAllocateHeap 15667 7ff63811fe44 15665->15667 15665->15668 15666->15667 15667->15636 15667->15638 15668->15664 15668->15665 15669 7ff6381326b0 _get_daylight 2 API calls 15668->15669 15669->15668 15671 7ff6381291b9 15670->15671 15672 7ff6381291c3 15670->15672 15671->15672 15677 7ff6381291de 15671->15677 15673 7ff638124444 _get_daylight 11 API calls 15672->15673 15674 7ff6381291ca 15673->15674 15675 7ff638129db0 _invalid_parameter_noinfo 37 API calls 15674->15675 15676 7ff6381291d6 15675->15676 15676->15653 15676->15661 15677->15676 15678 7ff638124444 _get_daylight 11 API calls 15677->15678 15678->15674 15712 7ff6381331cc 15679->15712 15683 7ff63812d5a9 15765 7ff63812d098 15683->15765 15684 7ff63812d554 15684->15683 15686 7ff63812d574 15684->15686 15688 7ff63812d558 15684->15688 15761 7ff63812d354 15686->15761 15688->15653 15690 7ff6381331cc 38 API calls 15689->15690 15691 7ff63812d2c6 15690->15691 15692 7ff638132c14 37 API calls 15691->15692 15693 7ff63812d316 15692->15693 15694 7ff63812d31a 15693->15694 15695 7ff63812d354 45 API calls 15693->15695 15694->15653 15695->15694 15697 7ff6381331cc 38 API calls 15696->15697 15698 7ff63812cfe7 15697->15698 15699 7ff638132c14 37 API calls 15698->15699 15700 7ff63812d03f 15699->15700 15701 7ff63812d043 15700->15701 15702 7ff63812d098 45 API calls 15700->15702 15701->15653 15702->15701 15704 7ff63812cc49 15703->15704 15705 7ff63812cc7c 15703->15705 15706 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15704->15706 15707 7ff63812cc94 15705->15707 15709 7ff63812cd15 15705->15709 15711 7ff63812cc75 __scrt_get_show_window_mode 15706->15711 15708 7ff63812cf9c 46 API calls 15707->15708 15708->15711 15710 7ff638123a20 45 API calls 15709->15710 15709->15711 15710->15711 15711->15653 15713 7ff63813321f fegetenv 15712->15713 15714 7ff63813712c 37 API calls 15713->15714 15718 7ff638133272 15714->15718 15715 7ff63813329f 15720 7ff6381291ac __std_exception_copy 37 API calls 15715->15720 15716 7ff638133362 15717 7ff63813712c 37 API calls 15716->15717 15719 7ff63813338c 15717->15719 15718->15716 15722 7ff63813328d 15718->15722 15723 7ff63813333c 15718->15723 15724 7ff63813712c 37 API calls 15719->15724 15721 7ff63813331d 15720->15721 15725 7ff638134444 15721->15725 15731 7ff638133325 15721->15731 15722->15715 15722->15716 15726 7ff6381291ac __std_exception_copy 37 API calls 15723->15726 15727 7ff63813339d 15724->15727 15728 7ff638129dd0 _wfindfirst32i64 17 API calls 15725->15728 15726->15721 15729 7ff638137320 20 API calls 15727->15729 15730 7ff638134459 15728->15730 15739 7ff638133406 __scrt_get_show_window_mode 15729->15739 15732 7ff63811ad80 _wfindfirst32i64 8 API calls 15731->15732 15733 7ff63812d4f9 15732->15733 15757 7ff638132c14 15733->15757 15734 7ff6381337af __scrt_get_show_window_mode 15735 7ff638133447 memcpy_s 15743 7ff638133d8b memcpy_s __scrt_get_show_window_mode 15735->15743 15744 7ff6381338a3 memcpy_s __scrt_get_show_window_mode 15735->15744 15736 7ff638133aef 15737 7ff638132d30 37 API calls 15736->15737 15745 7ff638134207 15737->15745 15738 7ff638133a9b 15738->15736 15740 7ff63813445c memcpy_s 37 API calls 15738->15740 15739->15734 15739->15735 15741 7ff638124444 _get_daylight 11 API calls 15739->15741 15740->15736 15742 7ff638133880 15741->15742 15746 7ff638129db0 _invalid_parameter_noinfo 37 API calls 15742->15746 15743->15736 15743->15738 15750 7ff638124444 11 API calls _get_daylight 15743->15750 15753 7ff638129db0 37 API calls _invalid_parameter_noinfo 15743->15753 15744->15738 15751 7ff638124444 11 API calls _get_daylight 15744->15751 15754 7ff638129db0 37 API calls _invalid_parameter_noinfo 15744->15754 15748 7ff63813445c memcpy_s 37 API calls 15745->15748 15756 7ff638134262 15745->15756 15746->15735 15747 7ff6381343e8 15749 7ff63813712c 37 API calls 15747->15749 15748->15756 15749->15731 15750->15743 15751->15744 15752 7ff638132d30 37 API calls 15752->15756 15753->15743 15754->15744 15755 7ff63813445c memcpy_s 37 API calls 15755->15756 15756->15747 15756->15752 15756->15755 15758 7ff638132c33 15757->15758 15759 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15758->15759 15760 7ff638132c5e memcpy_s 15758->15760 15759->15760 15760->15684 15762 7ff63812d380 memcpy_s 15761->15762 15763 7ff638123a20 45 API calls 15762->15763 15764 7ff63812d43a memcpy_s __scrt_get_show_window_mode 15762->15764 15763->15764 15764->15688 15766 7ff63812d0d3 15765->15766 15771 7ff63812d120 memcpy_s 15765->15771 15767 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15766->15767 15768 7ff63812d0ff 15767->15768 15768->15688 15769 7ff63812d18b 15770 7ff6381291ac __std_exception_copy 37 API calls 15769->15770 15775 7ff63812d1cd memcpy_s 15770->15775 15771->15769 15772 7ff638123a20 45 API calls 15771->15772 15772->15769 15773 7ff638129dd0 _wfindfirst32i64 17 API calls 15774 7ff63812d278 15773->15774 15775->15773 15778 7ff63812f0dc WideCharToMultiByte 15776->15778 15780 7ff63811ffa1 15779->15780 15781 7ff63811ffb3 15779->15781 15782 7ff638124444 _get_daylight 11 API calls 15780->15782 15784 7ff63811ffc0 15781->15784 15787 7ff63811fffd 15781->15787 15783 7ff63811ffa6 15782->15783 15785 7ff638129db0 _invalid_parameter_noinfo 37 API calls 15783->15785 15786 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15784->15786 15793 7ff63811ffb1 15785->15793 15786->15793 15788 7ff6381200a6 15787->15788 15789 7ff638124444 _get_daylight 11 API calls 15787->15789 15790 7ff638124444 _get_daylight 11 API calls 15788->15790 15788->15793 15791 7ff63812009b 15789->15791 15792 7ff638120150 15790->15792 15794 7ff638129db0 _invalid_parameter_noinfo 37 API calls 15791->15794 15795 7ff638129db0 _invalid_parameter_noinfo 37 API calls 15792->15795 15793->15512 15794->15788 15795->15793 15797 7ff63812cb79 15796->15797 15798 7ff638123a5f 15796->15798 15797->15798 15804 7ff638132424 15797->15804 15800 7ff63812cbcc 15798->15800 15801 7ff63812cbe5 15800->15801 15803 7ff638123a6f 15800->15803 15801->15803 15817 7ff638131790 15801->15817 15803->15512 15805 7ff63812a620 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 15804->15805 15806 7ff638132433 15805->15806 15807 7ff63813247e 15806->15807 15816 7ff63812f788 EnterCriticalSection 15806->15816 15807->15798 15818 7ff63812a620 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 15817->15818 15819 7ff638131799 15818->15819 15827 7ff6381242ec EnterCriticalSection 15820->15827 15829 7ff6381124ec 15828->15829 15830 7ff638123be4 49 API calls 15829->15830 15831 7ff63811253f 15830->15831 15832 7ff638124444 _get_daylight 11 API calls 15831->15832 15833 7ff638112544 15832->15833 15847 7ff638124464 15833->15847 15836 7ff638111b30 49 API calls 15837 7ff638112573 __scrt_get_show_window_mode 15836->15837 15838 7ff638117a30 57 API calls 15837->15838 15839 7ff6381125a0 15838->15839 15840 7ff6381125df MessageBoxA 15839->15840 15841 7ff6381125a5 15839->15841 15843 7ff6381125f9 15840->15843 15842 7ff638117a30 57 API calls 15841->15842 15844 7ff6381125bf MessageBoxW 15842->15844 15845 7ff63811ad80 _wfindfirst32i64 8 API calls 15843->15845 15844->15843 15846 7ff638112609 15845->15846 15846->15140 15848 7ff63812a798 _get_daylight 11 API calls 15847->15848 15849 7ff63812447b 15848->15849 15850 7ff63811254b 15849->15850 15851 7ff63812dd40 _get_daylight 11 API calls 15849->15851 15853 7ff6381244bb 15849->15853 15850->15836 15852 7ff6381244b0 15851->15852 15854 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15852->15854 15853->15850 15859 7ff63812e418 15853->15859 15854->15853 15857 7ff638129dd0 _wfindfirst32i64 17 API calls 15858 7ff638124500 15857->15858 15864 7ff63812e435 15859->15864 15860 7ff63812e43a 15861 7ff6381244e1 15860->15861 15862 7ff638124444 _get_daylight 11 API calls 15860->15862 15861->15850 15861->15857 15863 7ff63812e444 15862->15863 15865 7ff638129db0 _invalid_parameter_noinfo 37 API calls 15863->15865 15864->15860 15864->15861 15866 7ff63812e484 15864->15866 15865->15861 15866->15861 15867 7ff638124444 _get_daylight 11 API calls 15866->15867 15867->15863 15869 7ff638117bd2 WideCharToMultiByte 15868->15869 15870 7ff638117b64 WideCharToMultiByte 15868->15870 15872 7ff638117bff 15869->15872 15875 7ff638113c05 15869->15875 15871 7ff638117b8e 15870->15871 15876 7ff638117ba5 15870->15876 15873 7ff638112620 57 API calls 15871->15873 15874 7ff638112620 57 API calls 15872->15874 15873->15875 15874->15875 15875->15149 15875->15152 15876->15869 15877 7ff638117bbb 15876->15877 15878 7ff638112620 57 API calls 15877->15878 15878->15875 15880 7ff638116a0e 15879->15880 15881 7ff638129123 15879->15881 15880->15170 15881->15880 15882 7ff6381291ac __std_exception_copy 37 API calls 15881->15882 15883 7ff638129150 15882->15883 15883->15880 15884 7ff638129dd0 _wfindfirst32i64 17 API calls 15883->15884 15885 7ff638129180 15884->15885 15887 7ff6381117e4 15886->15887 15888 7ff6381117d4 15886->15888 15890 7ff638117200 83 API calls 15887->15890 15916 7ff638111842 15887->15916 15889 7ff638113cb0 116 API calls 15888->15889 15889->15887 15891 7ff638111815 15890->15891 15891->15916 15920 7ff63811f934 15891->15920 15893 7ff63811182b 15895 7ff63811184c 15893->15895 15896 7ff63811182f 15893->15896 15894 7ff63811ad80 _wfindfirst32i64 8 API calls 15897 7ff6381119c0 15894->15897 15924 7ff63811f5fc 15895->15924 15898 7ff6381124d0 59 API calls 15896->15898 15897->15185 15897->15186 15898->15916 15901 7ff638111867 15903 7ff6381124d0 59 API calls 15901->15903 15902 7ff63811f934 73 API calls 15904 7ff6381118d1 15902->15904 15903->15916 15905 7ff6381118fe 15904->15905 15906 7ff6381118e3 15904->15906 15908 7ff63811f5fc _fread_nolock 53 API calls 15905->15908 15907 7ff6381124d0 59 API calls 15906->15907 15907->15916 15909 7ff638111913 15908->15909 15909->15901 15910 7ff638111925 15909->15910 15927 7ff63811f370 15910->15927 15913 7ff63811193d 15915 7ff638112770 59 API calls 15913->15915 15914 7ff638111950 15918 7ff638111993 15914->15918 15919 7ff638112770 59 API calls 15914->15919 15915->15916 15916->15894 15917 7ff63811f2ac 74 API calls 15917->15916 15918->15916 15918->15917 15919->15918 15921 7ff63811f964 15920->15921 15933 7ff63811f6c4 15921->15933 15923 7ff63811f97d 15923->15893 15945 7ff63811f61c 15924->15945 15928 7ff63811f379 15927->15928 15929 7ff638111939 15927->15929 15930 7ff638124444 _get_daylight 11 API calls 15928->15930 15929->15913 15929->15914 15931 7ff63811f37e 15930->15931 15932 7ff638129db0 _invalid_parameter_noinfo 37 API calls 15931->15932 15932->15929 15934 7ff63811f72e 15933->15934 15935 7ff63811f6ee 15933->15935 15934->15935 15937 7ff63811f73a 15934->15937 15936 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 15935->15936 15938 7ff63811f715 15936->15938 15944 7ff6381242ec EnterCriticalSection 15937->15944 15938->15923 15946 7ff63811f646 15945->15946 15947 7ff638111861 15945->15947 15946->15947 15948 7ff63811f692 15946->15948 15949 7ff63811f655 __scrt_get_show_window_mode 15946->15949 15947->15901 15947->15902 15958 7ff6381242ec EnterCriticalSection 15948->15958 15952 7ff638124444 _get_daylight 11 API calls 15949->15952 15954 7ff63811f66a 15952->15954 15956 7ff638129db0 _invalid_parameter_noinfo 37 API calls 15954->15956 15956->15947 16052 7ff638116720 15959->16052 15961 7ff638111454 15962 7ff638111459 15961->15962 16061 7ff638116a40 15961->16061 15962->15213 15965 7ff6381114a7 15968 7ff6381114e0 15965->15968 15970 7ff638113cb0 116 API calls 15965->15970 15966 7ff638111487 15967 7ff6381124d0 59 API calls 15966->15967 15972 7ff63811149d 15967->15972 15969 7ff63811f934 73 API calls 15968->15969 15971 7ff6381114f2 15969->15971 15973 7ff6381114bf 15970->15973 15974 7ff638111516 15971->15974 15975 7ff6381114f6 15971->15975 15972->15213 15973->15968 15976 7ff6381114c7 15973->15976 15978 7ff63811151c 15974->15978 15979 7ff638111534 15974->15979 15977 7ff6381124d0 59 API calls 15975->15977 15980 7ff638112770 59 API calls 15976->15980 15987 7ff6381114d6 __std_exception_copy 15977->15987 16086 7ff638111050 15978->16086 15983 7ff638111556 15979->15983 15991 7ff638111575 15979->15991 15980->15987 15982 7ff638111624 15985 7ff63811f2ac 74 API calls 15982->15985 15986 7ff6381124d0 59 API calls 15983->15986 15984 7ff63811f2ac 74 API calls 15984->15982 15985->15972 15986->15987 15987->15982 15987->15984 15988 7ff63811f5fc _fread_nolock 53 API calls 15988->15991 15989 7ff6381115d5 15992 7ff6381124d0 59 API calls 15989->15992 15991->15987 15991->15988 15991->15989 16104 7ff63811fd3c 15991->16104 15992->15987 15994 7ff6381129a6 15993->15994 15995 7ff638111b30 49 API calls 15994->15995 15996 7ff6381129db 15995->15996 15997 7ff638113b20 49 API calls 15996->15997 16026 7ff638112de1 15996->16026 15998 7ff638112a4f 15997->15998 16683 7ff638112e00 15998->16683 16001 7ff638112aca 16004 7ff638112e00 75 API calls 16001->16004 16002 7ff638112a91 16003 7ff638116720 98 API calls 16002->16003 16005 7ff638112a99 16003->16005 16006 7ff638112b1c 16004->16006 16007 7ff638112aba 16005->16007 16691 7ff638116600 16005->16691 16008 7ff638112b86 16006->16008 16009 7ff638112b20 16006->16009 16011 7ff638112770 59 API calls 16007->16011 16015 7ff638112ac3 16007->16015 16013 7ff638112e00 75 API calls 16008->16013 16010 7ff638116720 98 API calls 16009->16010 16014 7ff638112b28 16010->16014 16011->16015 16016 7ff638112bb2 16013->16016 16014->16007 16018 7ff638116600 138 API calls 16014->16018 16020 7ff63811ad80 _wfindfirst32i64 8 API calls 16015->16020 16017 7ff638112c12 16016->16017 16021 7ff638112e00 75 API calls 16016->16021 16019 7ff638116720 98 API calls 16017->16019 16017->16026 16023 7ff638112b45 16018->16023 16028 7ff638112c22 16019->16028 16024 7ff638112b7b 16020->16024 16022 7ff638112be2 16021->16022 16022->16017 16027 7ff638112e00 75 API calls 16022->16027 16023->16007 16025 7ff638112dc6 16023->16025 16024->15213 16031 7ff638112770 59 API calls 16025->16031 16027->16017 16028->16026 16029 7ff638111af0 59 API calls 16028->16029 16041 7ff638112d3f 16028->16041 16030 7ff638112c7f 16029->16030 16030->16026 16033 7ff638111b30 49 API calls 16030->16033 16032 7ff638112d3a 16031->16032 16034 7ff638111ab0 74 API calls 16032->16034 16035 7ff638112ca7 16033->16035 16034->16026 16035->16025 16037 7ff638111b30 49 API calls 16035->16037 16036 7ff638112dab 16036->16025 16039 7ff638111440 161 API calls 16036->16039 16038 7ff638112cd4 16037->16038 16038->16025 16040 7ff638111b30 49 API calls 16038->16040 16039->16036 16041->16036 16043 7ff638111780 59 API calls 16041->16043 16043->16041 16049 7ff6381117a1 16048->16049 16050 7ff638111795 16048->16050 16049->15213 16051 7ff638112770 59 API calls 16050->16051 16051->16049 16053 7ff638116732 16052->16053 16058 7ff638116768 16052->16058 16108 7ff6381116d0 16053->16108 16058->15961 16059 7ff638112770 59 API calls 16060 7ff63811675d 16059->16060 16060->15961 16062 7ff638116a50 16061->16062 16063 7ff638111b30 49 API calls 16062->16063 16064 7ff638116a81 16063->16064 16065 7ff638111b30 49 API calls 16064->16065 16077 7ff638116c4b 16064->16077 16068 7ff638116aa8 16065->16068 16066 7ff63811ad80 _wfindfirst32i64 8 API calls 16067 7ff63811147f 16066->16067 16067->15965 16067->15966 16068->16077 16633 7ff6381250e8 16068->16633 16070 7ff638116add 16071 7ff638116bb9 16070->16071 16070->16077 16082 7ff6381250e8 49 API calls 16070->16082 16084 7ff638117a30 57 API calls 16070->16084 16085 7ff6381178a0 58 API calls 16070->16085 16072 7ff638117a30 57 API calls 16071->16072 16074 7ff638116bd1 16072->16074 16073 7ff638116c7a 16075 7ff638113cb0 116 API calls 16073->16075 16074->16073 16076 7ff638116990 61 API calls 16074->16076 16083 7ff638116c02 __std_exception_copy 16074->16083 16075->16077 16076->16083 16077->16066 16078 7ff638116c6e 16081 7ff638112880 59 API calls 16078->16081 16079 7ff638116c3f 16642 7ff638112880 16079->16642 16081->16073 16082->16070 16083->16078 16083->16079 16084->16070 16085->16070 16087 7ff6381110a6 16086->16087 16088 7ff6381110ad 16087->16088 16089 7ff6381110d3 16087->16089 16090 7ff638112770 59 API calls 16088->16090 16092 7ff638111109 16089->16092 16093 7ff6381110ed 16089->16093 16091 7ff6381110c0 16090->16091 16091->15987 16095 7ff63811111b 16092->16095 16103 7ff638111137 memcpy_s 16092->16103 16094 7ff6381124d0 59 API calls 16093->16094 16099 7ff638111104 __std_exception_copy 16094->16099 16096 7ff6381124d0 59 API calls 16095->16096 16096->16099 16097 7ff63811f5fc _fread_nolock 53 API calls 16097->16103 16098 7ff63811f370 37 API calls 16098->16103 16099->15987 16100 7ff6381111fe 16101 7ff638112770 59 API calls 16100->16101 16101->16099 16102 7ff63811fd3c 76 API calls 16102->16103 16103->16097 16103->16098 16103->16099 16103->16100 16103->16102 16105 7ff63811fd6c 16104->16105 16668 7ff63811fa8c 16105->16668 16107 7ff63811fd8a 16107->15991 16110 7ff6381116f5 16108->16110 16109 7ff638111738 16112 7ff638116780 16109->16112 16110->16109 16111 7ff638112770 59 API calls 16110->16111 16111->16109 16113 7ff638116798 16112->16113 16114 7ff6381167b8 16113->16114 16115 7ff63811680b 16113->16115 16117 7ff638116990 61 API calls 16114->16117 16116 7ff638116810 GetTempPathW 16115->16116 16118 7ff638116825 16116->16118 16119 7ff6381167c4 16117->16119 16152 7ff638112470 16118->16152 16176 7ff638116480 16119->16176 16124 7ff63811ad80 _wfindfirst32i64 8 API calls 16127 7ff63811674d 16124->16127 16126 7ff6381167ea __std_exception_copy 16126->16116 16129 7ff6381167f8 16126->16129 16127->16058 16127->16059 16132 7ff638112770 59 API calls 16129->16132 16130 7ff6381168e6 16134 7ff638117b40 59 API calls 16130->16134 16131 7ff63811683e __std_exception_copy 16131->16130 16135 7ff638116871 16131->16135 16156 7ff63812736c 16131->16156 16159 7ff6381178a0 16131->16159 16133 7ff638116804 16132->16133 16151 7ff6381168aa __std_exception_copy 16133->16151 16137 7ff6381168f7 __std_exception_copy 16134->16137 16136 7ff638117a30 57 API calls 16135->16136 16135->16151 16138 7ff638116887 16136->16138 16139 7ff638117a30 57 API calls 16137->16139 16137->16151 16140 7ff6381168c9 SetEnvironmentVariableW 16138->16140 16141 7ff63811688c 16138->16141 16142 7ff638116915 16139->16142 16140->16151 16143 7ff638117a30 57 API calls 16141->16143 16144 7ff63811691a 16142->16144 16145 7ff63811694d SetEnvironmentVariableW 16142->16145 16146 7ff63811689c 16143->16146 16147 7ff638117a30 57 API calls 16144->16147 16145->16151 16148 7ff6381266b4 38 API calls 16146->16148 16149 7ff63811692a 16147->16149 16148->16151 16150 7ff6381266b4 38 API calls 16149->16150 16150->16151 16151->16124 16153 7ff638112495 16152->16153 16210 7ff638123e38 16153->16210 16382 7ff638126f98 16156->16382 16160 7ff63811adb0 16159->16160 16161 7ff6381178b0 GetCurrentProcess OpenProcessToken 16160->16161 16162 7ff6381178fb GetTokenInformation 16161->16162 16163 7ff638117971 __std_exception_copy 16161->16163 16164 7ff638117928 16162->16164 16165 7ff63811791d GetLastError 16162->16165 16166 7ff63811798a 16163->16166 16167 7ff638117984 CloseHandle 16163->16167 16164->16163 16168 7ff63811793e GetTokenInformation 16164->16168 16165->16163 16165->16164 16513 7ff6381175a0 16166->16513 16167->16166 16168->16163 16170 7ff638117964 ConvertSidToStringSidW 16168->16170 16170->16163 16177 7ff63811648c 16176->16177 16178 7ff638117a30 57 API calls 16177->16178 16179 7ff6381164ae 16178->16179 16180 7ff6381164b6 16179->16180 16181 7ff6381164c9 ExpandEnvironmentStringsW 16179->16181 16183 7ff638112770 59 API calls 16180->16183 16182 7ff6381164ef __std_exception_copy 16181->16182 16184 7ff638116506 16182->16184 16185 7ff6381164f3 16182->16185 16189 7ff6381164c2 16183->16189 16190 7ff638116520 16184->16190 16191 7ff638116514 16184->16191 16187 7ff638112770 59 API calls 16185->16187 16186 7ff63811ad80 _wfindfirst32i64 8 API calls 16188 7ff6381165e8 16186->16188 16187->16189 16188->16151 16200 7ff6381266b4 16188->16200 16189->16186 16524 7ff638125348 16190->16524 16517 7ff638125f44 16191->16517 16194 7ff63811651e 16195 7ff63811653a 16194->16195 16198 7ff63811654d __scrt_get_show_window_mode 16194->16198 16196 7ff638112770 59 API calls 16195->16196 16196->16189 16197 7ff6381165c2 CreateDirectoryW 16197->16189 16198->16197 16199 7ff63811659c CreateDirectoryW 16198->16199 16199->16198 16201 7ff6381266c1 16200->16201 16202 7ff6381266d4 16200->16202 16204 7ff638124444 _get_daylight 11 API calls 16201->16204 16625 7ff638126338 16202->16625 16206 7ff6381266c6 16204->16206 16207 7ff638129db0 _invalid_parameter_noinfo 37 API calls 16206->16207 16209 7ff6381266d2 16207->16209 16209->16126 16213 7ff638123e92 16210->16213 16211 7ff638123eb7 16212 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 16211->16212 16217 7ff638123ee1 16212->16217 16213->16211 16214 7ff638123ef3 16213->16214 16228 7ff6381221f0 16214->16228 16216 7ff638123fd4 16219 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16216->16219 16218 7ff63811ad80 _wfindfirst32i64 8 API calls 16217->16218 16221 7ff6381124b4 16218->16221 16219->16217 16221->16131 16222 7ff638123fa9 16225 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16222->16225 16223 7ff638123ffa 16223->16216 16224 7ff638124004 16223->16224 16227 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16224->16227 16225->16217 16226 7ff638123fa0 16226->16216 16226->16222 16227->16217 16229 7ff63812222e 16228->16229 16230 7ff63812221e 16228->16230 16231 7ff638122237 16229->16231 16236 7ff638122265 16229->16236 16233 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 16230->16233 16234 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 16231->16234 16232 7ff63812225d 16232->16216 16232->16222 16232->16223 16232->16226 16233->16232 16234->16232 16236->16230 16236->16232 16239 7ff638122c04 16236->16239 16272 7ff638122650 16236->16272 16309 7ff638121de0 16236->16309 16240 7ff638122cb7 16239->16240 16241 7ff638122c46 16239->16241 16244 7ff638122cbc 16240->16244 16245 7ff638122d10 16240->16245 16242 7ff638122c4c 16241->16242 16243 7ff638122ce1 16241->16243 16246 7ff638122c51 16242->16246 16247 7ff638122c80 16242->16247 16328 7ff638120fb4 16243->16328 16248 7ff638122cbe 16244->16248 16249 7ff638122cf1 16244->16249 16250 7ff638122d27 16245->16250 16251 7ff638122d1a 16245->16251 16256 7ff638122d1f 16245->16256 16246->16250 16253 7ff638122c57 16246->16253 16247->16253 16247->16256 16254 7ff638122c60 16248->16254 16259 7ff638122ccd 16248->16259 16335 7ff638120ba4 16249->16335 16342 7ff63812390c 16250->16342 16251->16243 16251->16256 16253->16254 16260 7ff638122c92 16253->16260 16267 7ff638122c7b 16253->16267 16271 7ff638122d50 16254->16271 16312 7ff6381233b8 16254->16312 16256->16271 16346 7ff6381213c4 16256->16346 16259->16243 16262 7ff638122cd2 16259->16262 16260->16271 16322 7ff6381236f4 16260->16322 16265 7ff6381237b8 37 API calls 16262->16265 16262->16271 16264 7ff63811ad80 _wfindfirst32i64 8 API calls 16266 7ff63812304a 16264->16266 16265->16267 16266->16236 16268 7ff638123a20 45 API calls 16267->16268 16270 7ff638122f3c 16267->16270 16267->16271 16268->16270 16270->16271 16353 7ff63812dbb0 16270->16353 16271->16264 16273 7ff63812265e 16272->16273 16274 7ff638122674 16272->16274 16275 7ff638122cb7 16273->16275 16276 7ff638122c46 16273->16276 16280 7ff6381226b4 16273->16280 16277 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 16274->16277 16274->16280 16281 7ff638122cbc 16275->16281 16282 7ff638122d10 16275->16282 16278 7ff638122c4c 16276->16278 16279 7ff638122ce1 16276->16279 16277->16280 16283 7ff638122c51 16278->16283 16284 7ff638122c80 16278->16284 16289 7ff638120fb4 38 API calls 16279->16289 16280->16236 16285 7ff638122cbe 16281->16285 16286 7ff638122cf1 16281->16286 16287 7ff638122d27 16282->16287 16288 7ff638122d1a 16282->16288 16293 7ff638122d1f 16282->16293 16283->16287 16290 7ff638122c57 16283->16290 16284->16290 16284->16293 16295 7ff638122ccd 16285->16295 16299 7ff638122c60 16285->16299 16291 7ff638120ba4 38 API calls 16286->16291 16294 7ff63812390c 45 API calls 16287->16294 16288->16279 16288->16293 16305 7ff638122c7b 16289->16305 16296 7ff638122c92 16290->16296 16290->16299 16290->16305 16291->16305 16292 7ff6381233b8 47 API calls 16292->16305 16297 7ff6381213c4 38 API calls 16293->16297 16307 7ff638122d50 16293->16307 16294->16305 16295->16279 16298 7ff638122cd2 16295->16298 16300 7ff6381236f4 46 API calls 16296->16300 16296->16307 16297->16305 16302 7ff6381237b8 37 API calls 16298->16302 16298->16307 16299->16292 16299->16307 16300->16305 16301 7ff63811ad80 _wfindfirst32i64 8 API calls 16303 7ff63812304a 16301->16303 16302->16305 16303->16236 16304 7ff638123a20 45 API calls 16308 7ff638122f3c 16304->16308 16305->16304 16305->16307 16305->16308 16306 7ff63812dbb0 46 API calls 16306->16308 16307->16301 16308->16306 16308->16307 16365 7ff638120228 16309->16365 16313 7ff6381233de 16312->16313 16314 7ff63811fde0 12 API calls 16313->16314 16315 7ff63812342e 16314->16315 16316 7ff63812d718 46 API calls 16315->16316 16324 7ff638123729 16322->16324 16323 7ff638123747 16326 7ff63812dbb0 46 API calls 16323->16326 16324->16323 16325 7ff638123a20 45 API calls 16324->16325 16327 7ff63812376e 16324->16327 16325->16323 16326->16327 16327->16267 16329 7ff638120fe7 16328->16329 16330 7ff638121016 16329->16330 16333 7ff6381210d3 16329->16333 16331 7ff638121053 16330->16331 16332 7ff63811fe88 12 API calls 16330->16332 16331->16267 16332->16331 16334 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 16333->16334 16334->16331 16336 7ff638120bd7 16335->16336 16337 7ff638120c06 16336->16337 16339 7ff638120cc3 16336->16339 16338 7ff63811fe88 12 API calls 16337->16338 16341 7ff638120c43 16337->16341 16338->16341 16340 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 16339->16340 16340->16341 16341->16267 16343 7ff63812394f 16342->16343 16344 7ff6381239a8 45 API calls 16343->16344 16345 7ff638123953 __crtLCMapStringW 16343->16345 16344->16345 16345->16267 16348 7ff6381213f7 16346->16348 16347 7ff638121426 16349 7ff63811fe88 12 API calls 16347->16349 16352 7ff638121463 16347->16352 16348->16347 16350 7ff6381214e3 16348->16350 16349->16352 16351 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 16350->16351 16351->16352 16352->16267 16354 7ff63812dbef 16353->16354 16355 7ff63812dbe1 16353->16355 16354->16270 16355->16354 16356 7ff63812dc0f 16355->16356 16357 7ff638123a20 45 API calls 16355->16357 16358 7ff63812dc47 16356->16358 16357->16356 16358->16354 16366 7ff63812025d 16365->16366 16367 7ff63812026f 16365->16367 16368 7ff638124444 _get_daylight 11 API calls 16366->16368 16370 7ff63812027d 16367->16370 16373 7ff6381202b9 16367->16373 16369 7ff638120262 16368->16369 16371 7ff638129db0 _invalid_parameter_noinfo 37 API calls 16369->16371 16372 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 16370->16372 16379 7ff63812026d 16371->16379 16372->16379 16374 7ff638120635 16373->16374 16376 7ff638124444 _get_daylight 11 API calls 16373->16376 16375 7ff638124444 _get_daylight 11 API calls 16374->16375 16374->16379 16377 7ff6381208c9 16375->16377 16378 7ff63812062a 16376->16378 16380 7ff638129db0 _invalid_parameter_noinfo 37 API calls 16377->16380 16381 7ff638129db0 _invalid_parameter_noinfo 37 API calls 16378->16381 16379->16236 16380->16379 16381->16374 16423 7ff638130698 16382->16423 16482 7ff638130410 16423->16482 16503 7ff63812f788 EnterCriticalSection 16482->16503 16514 7ff6381175c5 16513->16514 16515 7ff638123e38 48 API calls 16514->16515 16516 7ff6381175e8 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 16515->16516 16518 7ff638125f95 16517->16518 16519 7ff638125f62 16517->16519 16518->16194 16519->16518 16536 7ff63812f924 16519->16536 16522 7ff638129dd0 _wfindfirst32i64 17 API calls 16523 7ff638125fc5 16522->16523 16525 7ff6381253d2 16524->16525 16526 7ff638125364 16524->16526 16570 7ff63812f090 16525->16570 16526->16525 16528 7ff638125369 16526->16528 16529 7ff63812539e 16528->16529 16530 7ff638125381 16528->16530 16553 7ff63812518c GetFullPathNameW 16529->16553 16545 7ff638125118 GetFullPathNameW 16530->16545 16535 7ff638125396 __std_exception_copy 16535->16194 16537 7ff63812f931 16536->16537 16538 7ff63812f93b 16536->16538 16537->16538 16543 7ff63812f957 16537->16543 16539 7ff638124444 _get_daylight 11 API calls 16538->16539 16540 7ff63812f943 16539->16540 16541 7ff638129db0 _invalid_parameter_noinfo 37 API calls 16540->16541 16542 7ff638125f91 16541->16542 16542->16518 16542->16522 16543->16542 16544 7ff638124444 _get_daylight 11 API calls 16543->16544 16544->16540 16546 7ff63812513e GetLastError 16545->16546 16548 7ff638125154 16545->16548 16549 7ff6381243b8 _fread_nolock 11 API calls 16546->16549 16547 7ff638125150 16547->16535 16548->16547 16551 7ff638124444 _get_daylight 11 API calls 16548->16551 16550 7ff63812514b 16549->16550 16552 7ff638124444 _get_daylight 11 API calls 16550->16552 16551->16547 16552->16547 16554 7ff6381251bf GetLastError 16553->16554 16558 7ff6381251d5 __std_exception_copy 16553->16558 16555 7ff6381243b8 _fread_nolock 11 API calls 16554->16555 16556 7ff6381251cc 16555->16556 16557 7ff638124444 _get_daylight 11 API calls 16556->16557 16559 7ff6381251d1 16557->16559 16558->16559 16560 7ff63812522f GetFullPathNameW 16558->16560 16561 7ff638125264 16559->16561 16560->16554 16560->16559 16564 7ff6381252d8 memcpy_s 16561->16564 16565 7ff63812528d __scrt_get_show_window_mode 16561->16565 16562 7ff6381252c1 16564->16535 16565->16562 16565->16564 16567 7ff6381252fa 16565->16567 16567->16564 16573 7ff63812eea0 16570->16573 16574 7ff63812eecb 16573->16574 16575 7ff63812eee2 16573->16575 16576 7ff638124444 _get_daylight 11 API calls 16574->16576 16577 7ff63812eee6 16575->16577 16578 7ff63812ef07 16575->16578 16580 7ff63812eed0 16576->16580 16599 7ff63812f00c 16577->16599 16611 7ff63812e508 16578->16611 16584 7ff638129db0 _invalid_parameter_noinfo 37 API calls 16580->16584 16598 7ff63812eedb __std_exception_copy 16584->16598 16591 7ff63811ad80 _wfindfirst32i64 8 API calls 16592 7ff63812f001 16591->16592 16592->16535 16598->16591 16600 7ff63812f056 16599->16600 16601 7ff63812f026 16599->16601 16602 7ff63812f041 16600->16602 16603 7ff63812f061 GetDriveTypeW 16600->16603 16604 7ff638124424 _fread_nolock 11 API calls 16601->16604 16606 7ff63811ad80 _wfindfirst32i64 8 API calls 16602->16606 16603->16602 16605 7ff63812f02b 16604->16605 16607 7ff638124444 _get_daylight 11 API calls 16605->16607 16608 7ff63812eeeb 16606->16608 16612 7ff63811c210 __scrt_get_show_window_mode 16611->16612 16613 7ff63812e53e GetCurrentDirectoryW 16612->16613 16614 7ff63812e57c 16613->16614 16615 7ff63812e555 16613->16615 16632 7ff63812f788 EnterCriticalSection 16625->16632 16634 7ff63812a620 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16633->16634 16635 7ff6381250fd 16634->16635 16636 7ff63812ee97 16635->16636 16639 7ff63812edb6 16635->16639 16655 7ff63811af14 16636->16655 16640 7ff63811ad80 _wfindfirst32i64 8 API calls 16639->16640 16641 7ff63812ee8f 16640->16641 16641->16070 16643 7ff6381128a0 16642->16643 16644 7ff638123be4 49 API calls 16643->16644 16645 7ff6381128ed __scrt_get_show_window_mode 16644->16645 16646 7ff638117a30 57 API calls 16645->16646 16647 7ff63811291a 16646->16647 16648 7ff638112959 MessageBoxA 16647->16648 16649 7ff63811291f 16647->16649 16650 7ff638112973 16648->16650 16651 7ff638117a30 57 API calls 16649->16651 16658 7ff63811af28 IsProcessorFeaturePresent 16655->16658 16659 7ff63811af3f 16658->16659 16664 7ff63811afc4 RtlCaptureContext RtlLookupFunctionEntry 16659->16664 16665 7ff63811af53 16664->16665 16666 7ff63811aff4 RtlVirtualUnwind 16664->16666 16667 7ff63811ae00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16665->16667 16666->16665 16669 7ff63811fad9 16668->16669 16670 7ff63811faac 16668->16670 16669->16107 16670->16669 16671 7ff63811fab6 16670->16671 16672 7ff63811fae1 16670->16672 16673 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 16671->16673 16675 7ff63811f9cc 16672->16675 16673->16669 16682 7ff6381242ec EnterCriticalSection 16675->16682 16684 7ff638112e34 16683->16684 16685 7ff638123be4 49 API calls 16684->16685 16686 7ff638112e5a 16685->16686 16687 7ff638112e6b 16686->16687 16715 7ff638124e08 16686->16715 16689 7ff63811ad80 _wfindfirst32i64 8 API calls 16687->16689 16690 7ff638112a8d 16689->16690 16690->16001 16690->16002 16692 7ff63811660e 16691->16692 16693 7ff638113cb0 116 API calls 16692->16693 16694 7ff638116635 16693->16694 16695 7ff638116a40 136 API calls 16694->16695 16696 7ff638116643 16695->16696 16697 7ff6381166f3 16696->16697 16699 7ff63811665d 16696->16699 16698 7ff6381166ef 16697->16698 16700 7ff63811f2ac 74 API calls 16697->16700 16702 7ff63811ad80 _wfindfirst32i64 8 API calls 16698->16702 16899 7ff63811f344 16699->16899 16700->16698 16703 7ff638116715 16702->16703 16703->16007 16704 7ff63811f2ac 74 API calls 16706 7ff6381166e7 16704->16706 16705 7ff63811f5fc _fread_nolock 53 API calls 16707 7ff638116662 16705->16707 16708 7ff63811f2ac 74 API calls 16706->16708 16707->16705 16709 7ff63811f370 37 API calls 16707->16709 16710 7ff63811fd3c 76 API calls 16707->16710 16711 7ff63811f344 37 API calls 16707->16711 16712 7ff638116699 16707->16712 16714 7ff6381166d0 16707->16714 16708->16698 16709->16707 16710->16707 16711->16707 16905 7ff638127388 16712->16905 16714->16704 16716 7ff638124e31 16715->16716 16717 7ff638124e25 16715->16717 16757 7ff638124a1c 16716->16757 16732 7ff638124680 16717->16732 16722 7ff638124e69 16768 7ff638124504 16722->16768 16725 7ff638124ed9 16727 7ff638124680 69 API calls 16725->16727 16726 7ff638124ec5 16728 7ff638124e2a 16726->16728 16730 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16726->16730 16729 7ff638124ee5 16727->16729 16728->16687 16729->16728 16731 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16729->16731 16730->16728 16731->16728 16733 7ff6381246b7 16732->16733 16734 7ff63812469a 16732->16734 16733->16734 16736 7ff6381246ca CreateFileW 16733->16736 16735 7ff638124424 _fread_nolock 11 API calls 16734->16735 16737 7ff63812469f 16735->16737 16738 7ff6381246fe 16736->16738 16739 7ff638124734 16736->16739 16742 7ff638124444 _get_daylight 11 API calls 16737->16742 16790 7ff6381247d4 GetFileType 16738->16790 16816 7ff638124cf8 16739->16816 16745 7ff6381246a7 16742->16745 16750 7ff638129db0 _invalid_parameter_noinfo 37 API calls 16745->16750 16746 7ff638124729 CloseHandle 16751 7ff6381246b2 16746->16751 16747 7ff638124713 CloseHandle 16747->16751 16748 7ff638124768 16837 7ff638124ab8 16748->16837 16749 7ff63812473d 16752 7ff6381243b8 _fread_nolock 11 API calls 16749->16752 16750->16751 16751->16728 16756 7ff638124747 16752->16756 16756->16751 16758 7ff638124a3b 16757->16758 16759 7ff638124a40 16757->16759 16758->16722 16765 7ff63812dfcc 16758->16765 16759->16758 16760 7ff63812a620 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16759->16760 16761 7ff638124a5b 16760->16761 16878 7ff63812cb2c 16761->16878 16886 7ff63812ddb8 16765->16886 16769 7ff63812452e 16768->16769 16770 7ff638124552 16768->16770 16774 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16769->16774 16779 7ff63812453d 16769->16779 16771 7ff638124557 16770->16771 16772 7ff6381245ac 16770->16772 16775 7ff63812456c 16771->16775 16776 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16771->16776 16771->16779 16896 7ff63812e7f0 16772->16896 16774->16779 16777 7ff63812cacc _fread_nolock 12 API calls 16775->16777 16776->16775 16777->16779 16779->16725 16779->16726 16791 7ff6381248df 16790->16791 16792 7ff638124822 16790->16792 16794 7ff6381248e7 16791->16794 16795 7ff638124909 16791->16795 16793 7ff63812484e GetFileInformationByHandle 16792->16793 16797 7ff638124bf4 21 API calls 16792->16797 16798 7ff638124877 16793->16798 16799 7ff6381248fa GetLastError 16793->16799 16794->16799 16800 7ff6381248eb 16794->16800 16796 7ff63812492c PeekNamedPipe 16795->16796 16814 7ff6381248ca 16795->16814 16796->16814 16806 7ff63812483c 16797->16806 16801 7ff638124ab8 51 API calls 16798->16801 16803 7ff6381243b8 _fread_nolock 11 API calls 16799->16803 16802 7ff638124444 _get_daylight 11 API calls 16800->16802 16804 7ff638124882 16801->16804 16802->16814 16803->16814 16854 7ff63812497c 16804->16854 16805 7ff63811ad80 _wfindfirst32i64 8 API calls 16808 7ff63812470c 16805->16808 16806->16793 16806->16814 16808->16746 16808->16747 16810 7ff63812497c 10 API calls 16811 7ff6381248a1 16810->16811 16814->16805 16817 7ff638124d2e 16816->16817 16818 7ff638124444 _get_daylight 11 API calls 16817->16818 16836 7ff638124dc6 __std_exception_copy 16817->16836 16820 7ff638124d40 16818->16820 16819 7ff63811ad80 _wfindfirst32i64 8 API calls 16821 7ff638124739 16819->16821 16822 7ff638124444 _get_daylight 11 API calls 16820->16822 16821->16748 16821->16749 16823 7ff638124d48 16822->16823 16824 7ff638125348 45 API calls 16823->16824 16825 7ff638124d5d 16824->16825 16826 7ff638124d6f 16825->16826 16827 7ff638124d65 16825->16827 16829 7ff638124444 _get_daylight 11 API calls 16826->16829 16828 7ff638124444 _get_daylight 11 API calls 16827->16828 16835 7ff638124d6a 16828->16835 16830 7ff638124d74 16829->16830 16831 7ff638124444 _get_daylight 11 API calls 16830->16831 16830->16836 16832 7ff638124d7e 16831->16832 16833 7ff638125348 45 API calls 16832->16833 16833->16835 16834 7ff638124db8 GetDriveTypeW 16834->16836 16835->16834 16835->16836 16836->16819 16838 7ff638124ae0 16837->16838 16846 7ff638124775 16838->16846 16861 7ff63812e674 16838->16861 16847 7ff638124bf4 16846->16847 16848 7ff638124c0e 16847->16848 16849 7ff638124c45 16848->16849 16850 7ff638124c1e 16848->16850 16851 7ff63812e508 21 API calls 16849->16851 16852 7ff638124c2e 16850->16852 16853 7ff6381243b8 _fread_nolock 11 API calls 16850->16853 16851->16852 16852->16756 16853->16852 16855 7ff638124998 16854->16855 16856 7ff6381249a5 FileTimeToSystemTime 16854->16856 16855->16856 16858 7ff6381249a0 16855->16858 16857 7ff6381249b9 SystemTimeToTzSpecificLocalTime 16856->16857 16856->16858 16857->16858 16859 7ff63811ad80 _wfindfirst32i64 8 API calls 16858->16859 16860 7ff638124891 16859->16860 16860->16810 16862 7ff63812e681 16861->16862 16863 7ff63812e6a5 16861->16863 16862->16863 16864 7ff63812e686 16862->16864 16865 7ff63812e6df 16863->16865 16868 7ff63812e6fe 16863->16868 16866 7ff638124444 _get_daylight 11 API calls 16864->16866 16867 7ff638124444 _get_daylight 11 API calls 16865->16867 16869 7ff63812e68b 16866->16869 16870 7ff63812e6e4 16867->16870 16871 7ff638124a1c 45 API calls 16868->16871 16874 7ff63812e70b 16871->16874 16879 7ff638124a7e 16878->16879 16880 7ff63812cb41 16878->16880 16882 7ff63812cb98 16879->16882 16880->16879 16881 7ff638132424 45 API calls 16880->16881 16881->16879 16883 7ff63812cbad 16882->16883 16885 7ff63812cbc0 16882->16885 16884 7ff638131790 45 API calls 16883->16884 16883->16885 16884->16885 16885->16758 16887 7ff63812de15 16886->16887 16894 7ff63812de10 __vcrt_FlsAlloc 16886->16894 16887->16722 16888 7ff63812de45 LoadLibraryW 16890 7ff63812df1a 16888->16890 16891 7ff63812de6a GetLastError 16888->16891 16889 7ff63812df3a GetProcAddress 16889->16887 16893 7ff63812df4b 16889->16893 16890->16889 16892 7ff63812df31 FreeLibrary 16890->16892 16891->16894 16892->16889 16893->16887 16894->16887 16894->16888 16894->16889 16895 7ff63812dea4 LoadLibraryExW 16894->16895 16895->16890 16895->16894 16898 7ff63812e7f9 MultiByteToWideChar 16896->16898 16900 7ff63811f34d 16899->16900 16901 7ff63811f35d 16899->16901 16902 7ff638124444 _get_daylight 11 API calls 16900->16902 16901->16707 16903 7ff63811f352 16902->16903 16904 7ff638129db0 _invalid_parameter_noinfo 37 API calls 16903->16904 16904->16901 16906 7ff638127390 16905->16906 16907 7ff6381273cd 16906->16907 16908 7ff6381273ac 16906->16908 16926 7ff63812918d 16925->16926 16927 7ff63811707a 16925->16927 16928 7ff638124444 _get_daylight 11 API calls 16926->16928 16931 7ff638126ef8 16927->16931 16929 7ff638129192 16928->16929 16930 7ff638129db0 _invalid_parameter_noinfo 37 API calls 16929->16930 16930->16927 16932 7ff638126f01 16931->16932 16934 7ff638126f16 16931->16934 16933 7ff638124424 _fread_nolock 11 API calls 16932->16933 16935 7ff638126f06 16933->16935 16936 7ff638124424 _fread_nolock 11 API calls 16934->16936 16939 7ff638126f0e 16934->16939 16937 7ff638124444 _get_daylight 11 API calls 16935->16937 16938 7ff638126f51 16936->16938 16937->16939 16940 7ff638124444 _get_daylight 11 API calls 16938->16940 16939->15230 16941 7ff638126f59 16940->16941 16942 7ff638129db0 _invalid_parameter_noinfo 37 API calls 16941->16942 16942->16939 16982 7ff6381253fc 16981->16982 16983 7ff638125422 16982->16983 16985 7ff638125455 16982->16985 16984 7ff638124444 _get_daylight 11 API calls 16983->16984 16986 7ff638125427 16984->16986 16987 7ff638125468 16985->16987 16988 7ff63812545b 16985->16988 16989 7ff638129db0 _invalid_parameter_noinfo 37 API calls 16986->16989 17000 7ff63812a0f8 16987->17000 16990 7ff638124444 _get_daylight 11 API calls 16988->16990 16992 7ff638113d09 16989->16992 16990->16992 16992->15290 17013 7ff63812f788 EnterCriticalSection 17000->17013 17361 7ff638127968 17360->17361 17364 7ff638127444 17361->17364 17363 7ff638127981 17363->15300 17365 7ff63812745f 17364->17365 17366 7ff63812748e 17364->17366 17367 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 17365->17367 17374 7ff6381242ec EnterCriticalSection 17366->17374 17369 7ff63812747f 17367->17369 17369->17363 17376 7ff63811f0d1 17375->17376 17377 7ff63811f0a3 17375->17377 17379 7ff63811f0c3 17376->17379 17385 7ff6381242ec EnterCriticalSection 17376->17385 17378 7ff638129ce4 _invalid_parameter_noinfo 37 API calls 17377->17378 17378->17379 17379->15304 17387 7ff6381112c6 17386->17387 17388 7ff6381112f8 17386->17388 17389 7ff638113cb0 116 API calls 17387->17389 17390 7ff63811f934 73 API calls 17388->17390 17391 7ff6381112d6 17389->17391 17392 7ff63811130a 17390->17392 17391->17388 17393 7ff6381112de 17391->17393 17394 7ff63811130e 17392->17394 17395 7ff63811132f 17392->17395 17396 7ff638112770 59 API calls 17393->17396 17397 7ff6381124d0 59 API calls 17394->17397 17400 7ff638111364 17395->17400 17401 7ff638111344 17395->17401 17398 7ff6381112ee 17396->17398 17399 7ff638111325 17397->17399 17398->15314 17399->15314 17403 7ff63811137e 17400->17403 17405 7ff638111395 17400->17405 17402 7ff6381124d0 59 API calls 17401->17402 17411 7ff63811135f __std_exception_copy 17402->17411 17404 7ff638111050 98 API calls 17403->17404 17404->17411 17407 7ff63811f5fc _fread_nolock 53 API calls 17405->17407 17409 7ff6381113de 17405->17409 17405->17411 17406 7ff638111421 17406->15314 17407->17405 17408 7ff63811f2ac 74 API calls 17408->17406 17410 7ff6381124d0 59 API calls 17409->17410 17410->17411 17411->17406 17411->17408 17413 7ff638111b30 49 API calls 17412->17413 17414 7ff638113d60 17413->17414 17414->15316 17416 7ff6381116aa 17415->17416 17417 7ff638111666 17415->17417 17416->15324 17417->17416 17418 7ff638112770 59 API calls 17417->17418 17419 7ff6381116be 17418->17419 17419->15324 17421 7ff638117a30 57 API calls 17420->17421 17422 7ff6381171c7 LoadLibraryExW 17421->17422 17423 7ff6381171e4 __std_exception_copy 17422->17423 17423->15341 17425 7ff638114970 17424->17425 17426 7ff638111b30 49 API calls 17425->17426 17427 7ff6381149a2 17426->17427 17428 7ff6381149cb 17427->17428 17429 7ff6381149ab 17427->17429 17430 7ff638114a22 17428->17430 17432 7ff638113d30 49 API calls 17428->17432 17431 7ff638112770 59 API calls 17429->17431 17433 7ff638113d30 49 API calls 17430->17433 17451 7ff6381149c1 17431->17451 17434 7ff6381149ec 17432->17434 17435 7ff638114a3b 17433->17435 17436 7ff638114a0a 17434->17436 17441 7ff638112770 59 API calls 17434->17441 17438 7ff638114a59 17435->17438 17439 7ff638112770 59 API calls 17435->17439 17509 7ff638113c40 17436->17509 17437 7ff63811ad80 _wfindfirst32i64 8 API calls 17443 7ff6381130be 17437->17443 17440 7ff6381171b0 58 API calls 17438->17440 17439->17438 17444 7ff638114a66 17440->17444 17441->17436 17443->15420 17452 7ff638114ce0 17443->17452 17446 7ff638114a6b 17444->17446 17447 7ff638114a8d 17444->17447 17448 7ff638112620 57 API calls 17446->17448 17515 7ff638113df0 GetProcAddress 17447->17515 17448->17451 17450 7ff6381171b0 58 API calls 17450->17430 17451->17437 17453 7ff638116990 61 API calls 17452->17453 17455 7ff638114cf5 17453->17455 17454 7ff638114d10 17456 7ff638117a30 57 API calls 17454->17456 17455->17454 17457 7ff638112880 59 API calls 17455->17457 17458 7ff638114d54 17456->17458 17457->17454 17459 7ff638114d59 17458->17459 17460 7ff638114d70 17458->17460 17461 7ff638112770 59 API calls 17459->17461 17463 7ff638117a30 57 API calls 17460->17463 17462 7ff638114d65 17461->17462 17462->15422 17464 7ff638114da5 17463->17464 17466 7ff638111b30 49 API calls 17464->17466 17478 7ff638114daa __std_exception_copy 17464->17478 17465 7ff638112770 59 API calls 17467 7ff638114f51 17465->17467 17468 7ff638114e27 17466->17468 17467->15422 17469 7ff638114e2e 17468->17469 17470 7ff638114e53 17468->17470 17471 7ff638112770 59 API calls 17469->17471 17472 7ff638117a30 57 API calls 17470->17472 17473 7ff638114e43 17471->17473 17474 7ff638114e6c 17472->17474 17473->15422 17474->17478 17622 7ff638114ac0 17474->17622 17478->17465 17479 7ff638114f3a 17478->17479 17479->15422 17481 7ff6381146f7 17480->17481 17481->17481 17482 7ff638114720 17481->17482 17488 7ff638114737 __std_exception_copy 17481->17488 17483 7ff638112770 59 API calls 17482->17483 17484 7ff63811472c 17483->17484 17484->15424 17485 7ff63811481b 17485->15424 17486 7ff638111780 59 API calls 17486->17488 17487 7ff6381112b0 122 API calls 17487->17488 17488->17485 17488->17486 17488->17487 17489 7ff638112770 59 API calls 17488->17489 17489->17488 17491 7ff638114947 17490->17491 17493 7ff63811485b 17490->17493 17491->15426 17492 7ff638111780 59 API calls 17492->17493 17493->17491 17493->17492 17494 7ff638112770 59 API calls 17493->17494 17494->17493 17510 7ff638113c4a 17509->17510 17511 7ff638117a30 57 API calls 17510->17511 17512 7ff638113c72 17511->17512 17513 7ff63811ad80 _wfindfirst32i64 8 API calls 17512->17513 17514 7ff638113c9a 17513->17514 17514->17430 17514->17450 17516 7ff638113e18 17515->17516 17517 7ff638113e3b GetProcAddress 17515->17517 17520 7ff638112620 57 API calls 17516->17520 17517->17516 17518 7ff638113e60 GetProcAddress 17517->17518 17518->17516 17519 7ff638113e85 GetProcAddress 17518->17519 17519->17516 17521 7ff638113ead GetProcAddress 17519->17521 17522 7ff638113e2b 17520->17522 17521->17516 17523 7ff638113ed5 GetProcAddress 17521->17523 17522->17451 17523->17516 17524 7ff638113efd GetProcAddress 17523->17524 17525 7ff638113f19 17524->17525 17526 7ff638113f25 GetProcAddress 17524->17526 17525->17526 17527 7ff638113f4d GetProcAddress 17526->17527 17528 7ff638113f41 17526->17528 17529 7ff638113f69 17527->17529 17528->17527 17530 7ff638113f7d GetProcAddress 17529->17530 17531 7ff638113fa5 GetProcAddress 17529->17531 17530->17531 17532 7ff638113f99 17530->17532 17533 7ff638113fcd GetProcAddress 17531->17533 17534 7ff638113fc1 17531->17534 17532->17531 17535 7ff638113fe9 17533->17535 17536 7ff638113ff5 GetProcAddress 17533->17536 17534->17533 17535->17536 17537 7ff63811401d GetProcAddress 17536->17537 17538 7ff638114011 17536->17538 17539 7ff638114039 17537->17539 17540 7ff638114045 GetProcAddress 17537->17540 17538->17537 17539->17540 17541 7ff63811406d GetProcAddress 17540->17541 17542 7ff638114061 17540->17542 17543 7ff638114089 17541->17543 17544 7ff638114095 GetProcAddress 17541->17544 17542->17541 17543->17544 17545 7ff6381140bd GetProcAddress 17544->17545 17546 7ff6381140b1 17544->17546 17546->17545 17628 7ff638114ada 17622->17628 17623 7ff63811ad80 _wfindfirst32i64 8 API calls 17625 7ff638114cb0 17623->17625 17624 7ff638111780 59 API calls 17624->17628 17649 7ff638117c30 17625->17649 17626 7ff638114bf3 17629 7ff638129184 _fread_nolock 37 API calls 17626->17629 17635 7ff638114c91 17626->17635 17628->17624 17628->17626 17630 7ff638114cc9 17628->17630 17628->17635 17656 7ff6381256d0 17628->17656 17631 7ff638114c0a 17629->17631 17632 7ff638112770 59 API calls 17630->17632 17660 7ff6381257dc 17631->17660 17632->17635 17635->17623 17657 7ff638125700 17656->17657 17685 7ff6381254d4 17657->17685 17686 7ff638125507 17685->17686 17687 7ff638125549 17686->17687 17688 7ff63812551c 17686->17688 17697 7ff63812550c 17686->17697 18244 7ff63812a4a0 18245 7ff63812a4ba 18244->18245 18246 7ff63812a4a5 18244->18246 18250 7ff63812a4c0 18246->18250 18251 7ff63812a50a 18250->18251 18252 7ff63812a502 18250->18252 18254 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18251->18254 18253 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18252->18253 18253->18251 18255 7ff63812a517 18254->18255 18256 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18255->18256 18257 7ff63812a524 18256->18257 18258 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18257->18258 18259 7ff63812a531 18258->18259 18260 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18259->18260 18261 7ff63812a53e 18260->18261 18262 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18261->18262 18263 7ff63812a54b 18262->18263 18264 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18263->18264 18265 7ff63812a558 18264->18265 18266 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18265->18266 18267 7ff63812a565 18266->18267 18268 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18267->18268 18269 7ff63812a575 18268->18269 18270 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18269->18270 18271 7ff63812a585 18270->18271 18276 7ff63812a364 18271->18276 18290 7ff63812f788 EnterCriticalSection 18276->18290 18312 7ff638136fa0 18315 7ff638131730 18312->18315 18316 7ff638131782 18315->18316 18317 7ff63813173d 18315->18317 18321 7ff63812a6f4 18317->18321 18322 7ff63812a720 FlsSetValue 18321->18322 18323 7ff63812a705 FlsGetValue 18321->18323 18325 7ff63812a712 18322->18325 18326 7ff63812a72d 18322->18326 18324 7ff63812a71a 18323->18324 18323->18325 18324->18322 18327 7ff63812a718 18325->18327 18328 7ff63812920c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18325->18328 18329 7ff63812dd40 _get_daylight 11 API calls 18326->18329 18341 7ff638131404 18327->18341 18330 7ff63812a795 18328->18330 18331 7ff63812a73c 18329->18331 18332 7ff63812a75a FlsSetValue 18331->18332 18333 7ff63812a74a FlsSetValue 18331->18333 18335 7ff63812a778 18332->18335 18336 7ff63812a766 FlsSetValue 18332->18336 18334 7ff63812a753 18333->18334 18338 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18334->18338 18337 7ff63812a3c4 _get_daylight 11 API calls 18335->18337 18336->18334 18339 7ff63812a780 18337->18339 18338->18325 18340 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18339->18340 18340->18327 18364 7ff638131674 18341->18364 18343 7ff638131439 18379 7ff638131104 18343->18379 18346 7ff63812cacc _fread_nolock 12 API calls 18347 7ff638131467 18346->18347 18348 7ff63813146f 18347->18348 18350 7ff63813147e 18347->18350 18349 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18348->18349 18361 7ff638131456 18349->18361 18350->18350 18386 7ff6381317ac 18350->18386 18353 7ff63813157a 18354 7ff638124444 _get_daylight 11 API calls 18353->18354 18355 7ff63813157f 18354->18355 18357 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18355->18357 18356 7ff6381315d5 18359 7ff63813163c 18356->18359 18397 7ff638130f34 18356->18397 18357->18361 18358 7ff638131594 18358->18356 18362 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18358->18362 18360 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18359->18360 18360->18361 18361->18316 18362->18356 18365 7ff638131697 18364->18365 18367 7ff6381316a1 18365->18367 18412 7ff63812f788 EnterCriticalSection 18365->18412 18368 7ff638131713 18367->18368 18372 7ff63812920c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18367->18372 18368->18343 18373 7ff63813172b 18372->18373 18375 7ff638131782 18373->18375 18376 7ff63812a6f4 50 API calls 18373->18376 18375->18343 18377 7ff63813176c 18376->18377 18378 7ff638131404 65 API calls 18377->18378 18378->18375 18380 7ff638124a1c 45 API calls 18379->18380 18381 7ff638131118 18380->18381 18382 7ff638131136 18381->18382 18383 7ff638131124 GetOEMCP 18381->18383 18384 7ff63813114b 18382->18384 18385 7ff63813113b GetACP 18382->18385 18383->18384 18384->18346 18384->18361 18385->18384 18387 7ff638131104 47 API calls 18386->18387 18388 7ff6381317d9 18387->18388 18389 7ff63813192f 18388->18389 18390 7ff638131816 IsValidCodePage 18388->18390 18396 7ff638131830 __scrt_get_show_window_mode 18388->18396 18391 7ff63811ad80 _wfindfirst32i64 8 API calls 18389->18391 18390->18389 18392 7ff638131827 18390->18392 18393 7ff638131571 18391->18393 18394 7ff638131856 GetCPInfo 18392->18394 18392->18396 18393->18353 18393->18358 18394->18389 18394->18396 18413 7ff63813121c 18396->18413 18484 7ff63812f788 EnterCriticalSection 18397->18484 18414 7ff638131259 GetCPInfo 18413->18414 18423 7ff63813134f 18413->18423 18419 7ff63813126c 18414->18419 18414->18423 18415 7ff63811ad80 _wfindfirst32i64 8 API calls 18417 7ff6381313ee 18415->18417 18417->18389 18424 7ff638131f60 18419->18424 18422 7ff638136f04 54 API calls 18422->18423 18423->18415 18425 7ff638124a1c 45 API calls 18424->18425 18426 7ff638131fa2 18425->18426 18427 7ff63812e7f0 _fread_nolock MultiByteToWideChar 18426->18427 18429 7ff638131fd8 18427->18429 18428 7ff638131fdf 18431 7ff63811ad80 _wfindfirst32i64 8 API calls 18428->18431 18429->18428 18430 7ff63812cacc _fread_nolock 12 API calls 18429->18430 18432 7ff63813209c 18429->18432 18434 7ff638132008 __scrt_get_show_window_mode 18429->18434 18430->18434 18433 7ff6381312e3 18431->18433 18432->18428 18435 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18432->18435 18439 7ff638136f04 18433->18439 18434->18432 18436 7ff63812e7f0 _fread_nolock MultiByteToWideChar 18434->18436 18435->18428 18437 7ff63813207e 18436->18437 18437->18432 18438 7ff638132082 GetStringTypeW 18437->18438 18438->18432 18440 7ff638124a1c 45 API calls 18439->18440 18441 7ff638136f29 18440->18441 18444 7ff638136bd0 18441->18444 18445 7ff638136c11 18444->18445 18446 7ff63812e7f0 _fread_nolock MultiByteToWideChar 18445->18446 18449 7ff638136c5b 18446->18449 18447 7ff638136ed9 18448 7ff63811ad80 _wfindfirst32i64 8 API calls 18447->18448 18451 7ff638131316 18448->18451 18449->18447 18450 7ff638136c93 18449->18450 18452 7ff63812cacc _fread_nolock 12 API calls 18449->18452 18465 7ff638136d91 18449->18465 18454 7ff63812e7f0 _fread_nolock MultiByteToWideChar 18450->18454 18450->18465 18451->18422 18452->18450 18453 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18453->18447 18455 7ff638136d06 18454->18455 18455->18465 18475 7ff63812e18c 18455->18475 18458 7ff638136d51 18461 7ff63812e18c __crtLCMapStringW 6 API calls 18458->18461 18458->18465 18459 7ff638136da2 18460 7ff63812cacc _fread_nolock 12 API calls 18459->18460 18462 7ff638136e74 18459->18462 18464 7ff638136dc0 18459->18464 18460->18464 18461->18465 18463 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18462->18463 18462->18465 18463->18465 18464->18465 18466 7ff63812e18c __crtLCMapStringW 6 API calls 18464->18466 18465->18447 18465->18453 18467 7ff638136e40 18466->18467 18467->18462 18468 7ff638136e76 18467->18468 18469 7ff638136e60 18467->18469 18471 7ff63812f0b8 WideCharToMultiByte 18468->18471 18470 7ff63812f0b8 WideCharToMultiByte 18469->18470 18472 7ff638136e6e 18470->18472 18471->18472 18472->18462 18473 7ff638136e8e 18472->18473 18473->18465 18474 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18473->18474 18474->18465 18476 7ff63812ddb8 __crtLCMapStringW 5 API calls 18475->18476 18477 7ff63812e1ca 18476->18477 18478 7ff63812e1d2 18477->18478 18481 7ff63812e278 18477->18481 18478->18458 18478->18459 18478->18465 18480 7ff63812e23b LCMapStringW 18480->18478 18482 7ff63812ddb8 __crtLCMapStringW 5 API calls 18481->18482 18483 7ff63812e2a6 __crtLCMapStringW 18482->18483 18483->18480 18564 7ff63811b0b0 18565 7ff63811b0c0 18564->18565 18581 7ff63812579c 18565->18581 18567 7ff63811b0cc 18587 7ff63811b3b8 18567->18587 18569 7ff63811b69c 7 API calls 18571 7ff63811b165 18569->18571 18570 7ff63811b0e4 _RTC_Initialize 18579 7ff63811b139 18570->18579 18592 7ff63811b568 18570->18592 18573 7ff63811b0f9 18595 7ff638127e6c 18573->18595 18579->18569 18580 7ff63811b155 18579->18580 18582 7ff6381257ad 18581->18582 18583 7ff6381257b5 18582->18583 18584 7ff638124444 _get_daylight 11 API calls 18582->18584 18583->18567 18585 7ff6381257c4 18584->18585 18586 7ff638129db0 _invalid_parameter_noinfo 37 API calls 18585->18586 18586->18583 18588 7ff63811b3c9 18587->18588 18591 7ff63811b3ce __scrt_release_startup_lock 18587->18591 18589 7ff63811b69c 7 API calls 18588->18589 18588->18591 18590 7ff63811b442 18589->18590 18591->18570 18620 7ff63811b52c 18592->18620 18594 7ff63811b571 18594->18573 18596 7ff638127e8c 18595->18596 18610 7ff63811b105 18595->18610 18597 7ff638127eaa GetModuleFileNameW 18596->18597 18598 7ff638127e94 18596->18598 18602 7ff638127ed5 18597->18602 18599 7ff638124444 _get_daylight 11 API calls 18598->18599 18600 7ff638127e99 18599->18600 18601 7ff638129db0 _invalid_parameter_noinfo 37 API calls 18600->18601 18601->18610 18635 7ff638127e0c 18602->18635 18605 7ff638127f1d 18606 7ff638124444 _get_daylight 11 API calls 18605->18606 18607 7ff638127f22 18606->18607 18608 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18607->18608 18608->18610 18609 7ff638127f35 18612 7ff638127f83 18609->18612 18613 7ff638127f9c 18609->18613 18617 7ff638127f57 18609->18617 18610->18579 18619 7ff63811b63c InitializeSListHead 18610->18619 18611 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18611->18610 18614 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18612->18614 18615 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18613->18615 18616 7ff638127f8c 18614->18616 18615->18617 18618 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18616->18618 18617->18611 18618->18610 18621 7ff63811b546 18620->18621 18623 7ff63811b53f 18620->18623 18624 7ff638128eec 18621->18624 18623->18594 18627 7ff638128b28 18624->18627 18634 7ff63812f788 EnterCriticalSection 18627->18634 18636 7ff638127e24 18635->18636 18637 7ff638127e5c 18635->18637 18636->18637 18638 7ff63812dd40 _get_daylight 11 API calls 18636->18638 18637->18605 18637->18609 18639 7ff638127e52 18638->18639 18640 7ff638129e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18639->18640 18640->18637 18884 7ff6381396f9 18885 7ff638139708 18884->18885 18886 7ff638139712 18884->18886 18888 7ff63812f7e8 LeaveCriticalSection 18885->18888 18737 7ff638124290 18738 7ff63812429b 18737->18738 18746 7ff63812e354 18738->18746 18759 7ff63812f788 EnterCriticalSection 18746->18759 17758 7ff638126714 17759 7ff63812677b 17758->17759 17760 7ff638126742 17758->17760 17759->17760 17761 7ff638126780 FindFirstFileExW 17759->17761 17762 7ff638124444 _get_daylight 11 API calls 17760->17762 17763 7ff6381267e9 17761->17763 17764 7ff6381267a2 GetLastError 17761->17764 17765 7ff638126747 17762->17765 17818 7ff638126984 17763->17818 17767 7ff6381267d9 17764->17767 17768 7ff6381267ad 17764->17768 17769 7ff638129db0 _invalid_parameter_noinfo 37 API calls 17765->17769 17772 7ff638124444 _get_daylight 11 API calls 17767->17772 17768->17767 17774 7ff6381267b7 17768->17774 17775 7ff6381267c9 17768->17775 17771 7ff638126752 17769->17771 17779 7ff63811ad80 _wfindfirst32i64 8 API calls 17771->17779 17772->17771 17773 7ff638126984 _wfindfirst32i64 10 API calls 17776 7ff63812680f 17773->17776 17774->17767 17777 7ff6381267bc 17774->17777 17778 7ff638124444 _get_daylight 11 API calls 17775->17778 17780 7ff638126984 _wfindfirst32i64 10 API calls 17776->17780 17781 7ff638124444 _get_daylight 11 API calls 17777->17781 17778->17771 17782 7ff638126766 17779->17782 17783 7ff63812681d 17780->17783 17781->17771 17784 7ff63812f924 _wfindfirst32i64 37 API calls 17783->17784 17785 7ff63812683b 17784->17785 17785->17771 17786 7ff638126847 17785->17786 17787 7ff638129dd0 _wfindfirst32i64 17 API calls 17786->17787 17788 7ff63812685b 17787->17788 17789 7ff638126885 17788->17789 17791 7ff6381268c4 FindNextFileW 17788->17791 17790 7ff638124444 _get_daylight 11 API calls 17789->17790 17792 7ff63812688a 17790->17792 17793 7ff6381268d3 GetLastError 17791->17793 17794 7ff638126914 17791->17794 17795 7ff638129db0 _invalid_parameter_noinfo 37 API calls 17792->17795 17797 7ff638126907 17793->17797 17798 7ff6381268de 17793->17798 17796 7ff638126984 _wfindfirst32i64 10 API calls 17794->17796 17809 7ff638126895 17795->17809 17800 7ff63812692c 17796->17800 17799 7ff638124444 _get_daylight 11 API calls 17797->17799 17798->17797 17803 7ff6381268e8 17798->17803 17804 7ff6381268fa 17798->17804 17799->17809 17802 7ff638126984 _wfindfirst32i64 10 API calls 17800->17802 17801 7ff63811ad80 _wfindfirst32i64 8 API calls 17805 7ff6381268a8 17801->17805 17806 7ff63812693a 17802->17806 17803->17797 17807 7ff6381268ed 17803->17807 17808 7ff638124444 _get_daylight 11 API calls 17804->17808 17810 7ff638126984 _wfindfirst32i64 10 API calls 17806->17810 17811 7ff638124444 _get_daylight 11 API calls 17807->17811 17808->17809 17809->17801 17812 7ff638126948 17810->17812 17811->17809 17813 7ff63812f924 _wfindfirst32i64 37 API calls 17812->17813 17814 7ff638126966 17813->17814 17814->17809 17815 7ff63812696e 17814->17815 17816 7ff638129dd0 _wfindfirst32i64 17 API calls 17815->17816 17817 7ff638126982 17816->17817 17819 7ff63812699c 17818->17819 17820 7ff6381269a2 FileTimeToSystemTime 17818->17820 17819->17820 17823 7ff6381269c7 17819->17823 17821 7ff6381269b1 SystemTimeToTzSpecificLocalTime 17820->17821 17820->17823 17821->17823 17822 7ff63811ad80 _wfindfirst32i64 8 API calls 17824 7ff638126801 17822->17824 17823->17822 17824->17773

                                                  Executed Functions

                                                  Function 00007FF638134E20 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 135 7ff638134e20-7ff638134e5b call 7ff6381347a8 call 7ff6381347b0 call 7ff638134818 142 7ff638134e61-7ff638134e6c call 7ff6381347b8 135->142 143 7ff638135085-7ff6381350d1 call 7ff638129dd0 call 7ff6381347a8 call 7ff6381347b0 call 7ff638134818 135->143 142->143 149 7ff638134e72-7ff638134e7c 142->149 169 7ff6381350d7-7ff6381350e2 call 7ff6381347b8 143->169 170 7ff63813520f-7ff63813527d call 7ff638129dd0 call 7ff6381306b8 143->170 151 7ff638134e9e-7ff638134ea2 149->151 152 7ff638134e7e-7ff638134e81 149->152 153 7ff638134ea5-7ff638134ead 151->153 155 7ff638134e84-7ff638134e8f 152->155 153->153 156 7ff638134eaf-7ff638134ec2 call 7ff63812cacc 153->156 158 7ff638134e9a-7ff638134e9c 155->158 159 7ff638134e91-7ff638134e98 155->159 165 7ff638134eda-7ff638134ee6 call 7ff638129e18 156->165 166 7ff638134ec4-7ff638134ec6 call 7ff638129e18 156->166 158->151 160 7ff638134ecb-7ff638134ed9 158->160 159->155 159->158 175 7ff638134eed-7ff638134ef5 165->175 166->160 169->170 178 7ff6381350e8-7ff6381350f3 call 7ff6381347e8 169->178 187 7ff63813528b-7ff63813528e 170->187 188 7ff63813527f-7ff638135286 170->188 175->175 179 7ff638134ef7-7ff638134f08 call 7ff63812f924 175->179 178->170 189 7ff6381350f9-7ff63813511c call 7ff638129e18 GetTimeZoneInformation 178->189 179->143 190 7ff638134f0e-7ff638134f64 call 7ff63811c210 * 4 call 7ff638134d3c 179->190 192 7ff638135290 187->192 193 7ff6381352c5-7ff6381352d8 call 7ff63812cacc 187->193 191 7ff63813531b-7ff63813531e 188->191 202 7ff6381351e4-7ff63813520e call 7ff6381347a0 call 7ff638134790 call 7ff638134798 189->202 203 7ff638135122-7ff638135143 189->203 247 7ff638134f66-7ff638134f6a 190->247 196 7ff638135293 call 7ff63813509c 191->196 199 7ff638135324-7ff63813532c call 7ff638134e20 191->199 192->196 213 7ff6381352da 193->213 214 7ff6381352e3-7ff6381352fe call 7ff6381306b8 193->214 207 7ff638135298-7ff6381352c4 call 7ff638129e18 call 7ff63811ad80 196->207 199->207 208 7ff63813514e-7ff638135155 203->208 209 7ff638135145-7ff63813514b 203->209 218 7ff638135169 208->218 219 7ff638135157-7ff63813515f 208->219 209->208 215 7ff6381352dc-7ff6381352e1 call 7ff638129e18 213->215 230 7ff638135300-7ff638135303 214->230 231 7ff638135305-7ff638135317 call 7ff638129e18 214->231 215->192 227 7ff63813516b-7ff6381351df call 7ff63811c210 * 4 call 7ff638131c7c call 7ff638135334 * 2 218->227 219->218 225 7ff638135161-7ff638135167 219->225 225->227 227->202 230->215 231->191 249 7ff638134f6c 247->249 250 7ff638134f70-7ff638134f74 247->250 249->250 250->247 252 7ff638134f76-7ff638134f9b call 7ff638137c64 250->252 258 7ff638134f9e-7ff638134fa2 252->258 260 7ff638134fb1-7ff638134fb5 258->260 261 7ff638134fa4-7ff638134faf 258->261 260->258 261->260 263 7ff638134fb7-7ff638134fbb 261->263 266 7ff63813503c-7ff638135040 263->266 267 7ff638134fbd-7ff638134fe5 call 7ff638137c64 263->267 268 7ff638135047-7ff638135054 266->268 269 7ff638135042-7ff638135044 266->269 275 7ff638134fe7 267->275 276 7ff638135003-7ff638135007 267->276 271 7ff638135056-7ff63813506c call 7ff638134d3c 268->271 272 7ff63813506f-7ff63813507e call 7ff6381347a0 call 7ff638134790 268->272 269->268 271->272 272->143 280 7ff638134fea-7ff638134ff1 275->280 276->266 278 7ff638135009-7ff638135027 call 7ff638137c64 276->278 287 7ff638135033-7ff63813503a 278->287 280->276 284 7ff638134ff3-7ff638135001 280->284 284->276 284->280 287->266 288 7ff638135029-7ff63813502d 287->288 288->266 289 7ff63813502f 288->289 289->287
                                                  APIs
                                                  • _get_daylight.LIBCMT ref: 00007FF638134E65
                                                    • Part of subcall function 00007FF6381347B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6381347CC
                                                    • Part of subcall function 00007FF638129E18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF638131E42,?,?,?,00007FF638131E7F,?,?,00000000,00007FF638132345,?,?,?,00007FF638132277), ref: 00007FF638129E2E
                                                    • Part of subcall function 00007FF638129E18: GetLastError.KERNEL32(?,?,?,00007FF638131E42,?,?,?,00007FF638131E7F,?,?,00000000,00007FF638132345,?,?,?,00007FF638132277), ref: 00007FF638129E38
                                                    • Part of subcall function 00007FF638129DD0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF638129DAF,?,?,?,?,?,00007FF6381221EC), ref: 00007FF638129DD9
                                                    • Part of subcall function 00007FF638129DD0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF638129DAF,?,?,?,?,?,00007FF6381221EC), ref: 00007FF638129DFE
                                                  • _get_daylight.LIBCMT ref: 00007FF638134E54
                                                    • Part of subcall function 00007FF638134818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF63813482C
                                                  • _get_daylight.LIBCMT ref: 00007FF6381350CA
                                                  • _get_daylight.LIBCMT ref: 00007FF6381350DB
                                                  • _get_daylight.LIBCMT ref: 00007FF6381350EC
                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF63813532C), ref: 00007FF638135113
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureInformationLanguagesLastPreferredPresentProcessProcessorRestoreThreadTimeZone
                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                  • API String ID: 1458651798-239921721
                                                  • Opcode ID: 77ba2d10f7a40a17f98ee8fd01e8c058cff67636c36494bf754a44884999314e
                                                  • Instruction ID: 5726fed40908caf983000ade77bf3c75cd33b17212a11180574e53c25d2e04a3
                                                  • Opcode Fuzzy Hash: 77ba2d10f7a40a17f98ee8fd01e8c058cff67636c36494bf754a44884999314e
                                                  • Instruction Fuzzy Hash: 2FD1CE27A0824386EB20AF35D8415F967A1FF94B94F444035EA0DC7789DF7EE981E748
                                                  Function 00007FF638135D6C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 320 7ff638135d6c-7ff638135ddf call 7ff638135aa0 323 7ff638135df9-7ff638135e03 call 7ff638126cfc 320->323 324 7ff638135de1-7ff638135dea call 7ff638124424 320->324 330 7ff638135e1e-7ff638135e87 CreateFileW 323->330 331 7ff638135e05-7ff638135e1c call 7ff638124424 call 7ff638124444 323->331 329 7ff638135ded-7ff638135df4 call 7ff638124444 324->329 347 7ff63813613a-7ff63813615a 329->347 333 7ff638135e89-7ff638135e8f 330->333 334 7ff638135f04-7ff638135f0f GetFileType 330->334 331->329 337 7ff638135ed1-7ff638135eff GetLastError call 7ff6381243b8 333->337 338 7ff638135e91-7ff638135e95 333->338 340 7ff638135f11-7ff638135f4c GetLastError call 7ff6381243b8 CloseHandle 334->340 341 7ff638135f62-7ff638135f69 334->341 337->329 338->337 345 7ff638135e97-7ff638135ecf CreateFileW 338->345 340->329 355 7ff638135f52-7ff638135f5d call 7ff638124444 340->355 343 7ff638135f6b-7ff638135f6f 341->343 344 7ff638135f71-7ff638135f74 341->344 350 7ff638135f7a-7ff638135fcf call 7ff638126c14 343->350 344->350 351 7ff638135f76 344->351 345->334 345->337 359 7ff638135fd1-7ff638135fdd call 7ff638135ca8 350->359 360 7ff638135fee-7ff63813601f call 7ff638135820 350->360 351->350 355->329 359->360 367 7ff638135fdf 359->367 365 7ff638136021-7ff638136023 360->365 366 7ff638136025-7ff638136067 360->366 368 7ff638135fe1-7ff638135fe9 call 7ff638129f90 365->368 369 7ff638136089-7ff638136094 366->369 370 7ff638136069-7ff63813606d 366->370 367->368 368->347 372 7ff638136138 369->372 373 7ff63813609a-7ff63813609e 369->373 370->369 371 7ff63813606f-7ff638136084 370->371 371->369 372->347 373->372 375 7ff6381360a4-7ff6381360e9 CloseHandle CreateFileW 373->375 377 7ff6381360eb-7ff638136119 GetLastError call 7ff6381243b8 call 7ff638126e3c 375->377 378 7ff63813611e-7ff638136133 375->378 377->378 378->372
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                  • String ID:
                                                  • API String ID: 1617910340-0
                                                  • Opcode ID: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                  • Instruction ID: 1b6c35f1d951f25347a471b9c5886f4e51a30ac52c08017ca329969b6bed6817
                                                  • Opcode Fuzzy Hash: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                  • Instruction Fuzzy Hash: E8C1BE33B28A4286EB11CF78C8906EC3761FB49B98F110239DA1E97799CF7AD451E304
                                                  Function 00007FF638116780 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • GetTempPathW.KERNEL32(?,00000000,?,00007FF63811674D), ref: 00007FF63811681A
                                                    • Part of subcall function 00007FF638116990: GetEnvironmentVariableW.KERNEL32(00007FF6381136E7), ref: 00007FF6381169CA
                                                    • Part of subcall function 00007FF638116990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6381169E7
                                                    • Part of subcall function 00007FF6381266B4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6381266CD
                                                  • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF6381168D1
                                                    • Part of subcall function 00007FF638112770: MessageBoxW.USER32 ref: 00007FF638112841
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                  • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                  • API String ID: 3752271684-1116378104
                                                  • Opcode ID: 3863800b2665c7901903b481e41fcfda7d0e5020c540a2559d82cfcc8f27efd6
                                                  • Instruction ID: 94931bd5d6f58534e6b2054c84f25c8daea76035c87c44c598b82bf12211e248
                                                  • Opcode Fuzzy Hash: 3863800b2665c7901903b481e41fcfda7d0e5020c540a2559d82cfcc8f27efd6
                                                  • Instruction Fuzzy Hash: 5D51AE23F2D64385FA54AB72A9552FA53415F6ABD0F444431ED0ECBB86EE2FE501E308
                                                  Function 00007FF63813509C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 799 7ff63813509c-7ff6381350d1 call 7ff6381347a8 call 7ff6381347b0 call 7ff638134818 806 7ff6381350d7-7ff6381350e2 call 7ff6381347b8 799->806 807 7ff63813520f-7ff63813527d call 7ff638129dd0 call 7ff6381306b8 799->807 806->807 812 7ff6381350e8-7ff6381350f3 call 7ff6381347e8 806->812 818 7ff63813528b-7ff63813528e 807->818 819 7ff63813527f-7ff638135286 807->819 812->807 820 7ff6381350f9-7ff63813511c call 7ff638129e18 GetTimeZoneInformation 812->820 822 7ff638135290 818->822 823 7ff6381352c5-7ff6381352d8 call 7ff63812cacc 818->823 821 7ff63813531b-7ff63813531e 819->821 830 7ff6381351e4-7ff63813520e call 7ff6381347a0 call 7ff638134790 call 7ff638134798 820->830 831 7ff638135122-7ff638135143 820->831 825 7ff638135293 call 7ff63813509c 821->825 827 7ff638135324-7ff63813532c call 7ff638134e20 821->827 822->825 839 7ff6381352da 823->839 840 7ff6381352e3-7ff6381352fe call 7ff6381306b8 823->840 834 7ff638135298-7ff6381352c4 call 7ff638129e18 call 7ff63811ad80 825->834 827->834 835 7ff63813514e-7ff638135155 831->835 836 7ff638135145-7ff63813514b 831->836 844 7ff638135169 835->844 845 7ff638135157-7ff63813515f 835->845 836->835 841 7ff6381352dc-7ff6381352e1 call 7ff638129e18 839->841 854 7ff638135300-7ff638135303 840->854 855 7ff638135305-7ff638135317 call 7ff638129e18 840->855 841->822 851 7ff63813516b-7ff6381351df call 7ff63811c210 * 4 call 7ff638131c7c call 7ff638135334 * 2 844->851 845->844 850 7ff638135161-7ff638135167 845->850 850->851 851->830 854->841 855->821
                                                  APIs
                                                  • _get_daylight.LIBCMT ref: 00007FF6381350CA
                                                    • Part of subcall function 00007FF638134818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF63813482C
                                                  • _get_daylight.LIBCMT ref: 00007FF6381350DB
                                                    • Part of subcall function 00007FF6381347B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6381347CC
                                                  • _get_daylight.LIBCMT ref: 00007FF6381350EC
                                                    • Part of subcall function 00007FF6381347E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6381347FC
                                                    • Part of subcall function 00007FF638129E18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF638131E42,?,?,?,00007FF638131E7F,?,?,00000000,00007FF638132345,?,?,?,00007FF638132277), ref: 00007FF638129E2E
                                                    • Part of subcall function 00007FF638129E18: GetLastError.KERNEL32(?,?,?,00007FF638131E42,?,?,?,00007FF638131E7F,?,?,00000000,00007FF638132345,?,?,?,00007FF638132277), ref: 00007FF638129E38
                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF63813532C), ref: 00007FF638135113
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorInformationLanguagesLastPreferredRestoreThreadTimeZone
                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                  • API String ID: 2248164782-239921721
                                                  • Opcode ID: 74e2aae664cff904285b8cceaf5bd78e264b53cf78d1017760ee0a7f729cca6e
                                                  • Instruction ID: b3236a8346e95905bb0de8bcb1dac17936830276dfd08a3cd69b9f2f5ad55781
                                                  • Opcode Fuzzy Hash: 74e2aae664cff904285b8cceaf5bd78e264b53cf78d1017760ee0a7f729cca6e
                                                  • Instruction Fuzzy Hash: B1519E37A1864386E720EF31E8815E96760FB98B84F404136EA4DC3796DF7EE941E748
                                                  Function 00007FF638117820 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Find$CloseFileFirst
                                                  • String ID:
                                                  • API String ID: 2295610775-0
                                                  • Opcode ID: b154a429360a9d8fc422caeeb97d2d39407f5ca637504bf6a4efef03296319f0
                                                  • Instruction ID: d046aab723611fc25b7f6ab5862336a5b6a46d3b0c69500516d822613010ed8b
                                                  • Opcode Fuzzy Hash: b154a429360a9d8fc422caeeb97d2d39407f5ca637504bf6a4efef03296319f0
                                                  • Instruction Fuzzy Hash: 45F08123A18A8286E7608F70A4447AA7390BB94764F000735D66D427D8DF7DD019DB04
                                                  Function 00007FF6381117B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                  • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                  • API String ID: 2153230061-4158440160
                                                  • Opcode ID: 3adde6671e39194cfaa8a9bdd68ec212f54036f73c891b8fd327acb89c24b009
                                                  • Instruction ID: d63ce2dc3a4a0aaf1ad77b7751da7da216d6f327851263ce8032515c5d7f6c69
                                                  • Opcode Fuzzy Hash: 3adde6671e39194cfaa8a9bdd68ec212f54036f73c891b8fd327acb89c24b009
                                                  • Instruction Fuzzy Hash: 1D516BB3A09A0786EB54CF38D4502B873A0FB68B88B519135DA1DC3799DF7EE940D748
                                                  Function 00007FF638111440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 53 7ff638111440-7ff638111457 call 7ff638116720 56 7ff638111459-7ff638111461 53->56 57 7ff638111462-7ff638111485 call 7ff638116a40 53->57 60 7ff6381114a7-7ff6381114ad 57->60 61 7ff638111487-7ff6381114a2 call 7ff6381124d0 57->61 63 7ff6381114af-7ff6381114ba call 7ff638113cb0 60->63 64 7ff6381114e0-7ff6381114f4 call 7ff63811f934 60->64 69 7ff638111635-7ff638111647 61->69 70 7ff6381114bf-7ff6381114c5 63->70 71 7ff638111516-7ff63811151a 64->71 72 7ff6381114f6-7ff638111511 call 7ff6381124d0 64->72 70->64 73 7ff6381114c7-7ff6381114db call 7ff638112770 70->73 75 7ff63811151c-7ff638111528 call 7ff638111050 71->75 76 7ff638111534-7ff638111554 call 7ff6381240b0 71->76 82 7ff638111617-7ff63811161d 72->82 73->82 83 7ff63811152d-7ff63811152f 75->83 87 7ff638111556-7ff638111570 call 7ff6381124d0 76->87 88 7ff638111575-7ff63811157b 76->88 85 7ff63811162b-7ff63811162e call 7ff63811f2ac 82->85 86 7ff63811161f call 7ff63811f2ac 82->86 83->82 97 7ff638111633 85->97 96 7ff638111624 86->96 99 7ff63811160d-7ff638111612 87->99 89 7ff638111581-7ff638111586 88->89 90 7ff638111605-7ff638111608 call 7ff63812409c 88->90 95 7ff638111590-7ff6381115b2 call 7ff63811f5fc 89->95 90->99 102 7ff6381115b4-7ff6381115cc call 7ff63811fd3c 95->102 103 7ff6381115e5-7ff6381115ec 95->103 96->85 97->69 99->82 108 7ff6381115ce-7ff6381115d1 102->108 109 7ff6381115d5-7ff6381115e3 102->109 105 7ff6381115f3-7ff6381115fb call 7ff6381124d0 103->105 112 7ff638111600 105->112 108->95 111 7ff6381115d3 108->111 109->105 111->112 112->90
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                  • API String ID: 0-666925554
                                                  • Opcode ID: 77cbb17ac5536da52dec83c240cc1f98439834d8a0c17e327cab9263b7da9877
                                                  • Instruction ID: 505504404c4281b45ba6f2452f4eeb3ba237994007048afbd0d95afdd960bc70
                                                  • Opcode Fuzzy Hash: 77cbb17ac5536da52dec83c240cc1f98439834d8a0c17e327cab9263b7da9877
                                                  • Instruction Fuzzy Hash: FC51BC63B08A4381EA50DB31A8446F9A3A0AF61BD8F445431DE0DC7B96EF7FE545E308
                                                  Function 00007FF6381178A0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                  • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                  • API String ID: 4998090-2855260032
                                                  • Opcode ID: 2e28230f75d657313d5b30c4cdf08458408b558478e57b477a7299d9920cfa6e
                                                  • Instruction ID: bd864025de591b909dd843df625ab595e20db414960645fc3020f10fe71d27dd
                                                  • Opcode Fuzzy Hash: 2e28230f75d657313d5b30c4cdf08458408b558478e57b477a7299d9920cfa6e
                                                  • Instruction Fuzzy Hash: 89418B3361CA8782EA109F30E8446EA7361FB847A4F540231EA9E877D8DF7DD448DB04
                                                  Function 00007FF638116FD0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                  • String ID: CreateProcessW$Error creating child process!
                                                  • API String ID: 2895956056-3524285272
                                                  • Opcode ID: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                  • Instruction ID: fe9b0d324c28e45d239d59294d1b6a1943dea1087eab0d995211471225e04c22
                                                  • Opcode Fuzzy Hash: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                  • Instruction Fuzzy Hash: E1412933A08B8282EA20DB74F8452EAA3A0FB95364F500735E6AD87BD5DF7DD444DB44
                                                  Function 00007FF638111000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 383 7ff638111000-7ff638113686 call 7ff63811f080 call 7ff63811f078 call 7ff638117600 call 7ff63811f078 call 7ff63811adb0 call 7ff638124270 call 7ff638124f14 call 7ff638111af0 401 7ff63811379a 383->401 402 7ff63811368c-7ff63811369b call 7ff638113ba0 383->402 403 7ff63811379f-7ff6381137bf call 7ff63811ad80 401->403 402->401 408 7ff6381136a1-7ff6381136b4 call 7ff638113a70 402->408 408->401 411 7ff6381136ba-7ff6381136cd call 7ff638113b20 408->411 411->401 414 7ff6381136d3-7ff6381136fa call 7ff638116990 411->414 417 7ff63811373c-7ff638113764 call 7ff638116f90 call 7ff6381119d0 414->417 418 7ff6381136fc-7ff63811370b call 7ff638116990 414->418 428 7ff63811376a-7ff638113780 call 7ff6381119d0 417->428 429 7ff63811384d-7ff63811385e 417->429 418->417 424 7ff63811370d-7ff638113713 418->424 426 7ff63811371f-7ff638113739 call 7ff63812409c call 7ff638116f90 424->426 427 7ff638113715-7ff63811371d 424->427 426->417 427->426 440 7ff6381137c0-7ff6381137c3 428->440 441 7ff638113782-7ff638113795 call 7ff638112770 428->441 433 7ff638113860-7ff63811386a call 7ff638113280 429->433 434 7ff638113873-7ff63811388b call 7ff638117a30 429->434 448 7ff6381138ab-7ff6381138b8 call 7ff638115e40 433->448 449 7ff63811386c 433->449 444 7ff63811388d-7ff638113899 call 7ff638112770 434->444 445 7ff63811389e-7ff6381138a5 SetDllDirectoryW 434->445 440->429 447 7ff6381137c9-7ff6381137e0 call 7ff638113cb0 440->447 441->401 444->401 445->448 456 7ff6381137e7-7ff638113813 call 7ff638117200 447->456 457 7ff6381137e2-7ff6381137e5 447->457 458 7ff638113906-7ff63811390b call 7ff638115dc0 448->458 459 7ff6381138ba-7ff6381138ca call 7ff638115ae0 448->459 449->434 468 7ff63811383d-7ff63811384b 456->468 469 7ff638113815-7ff63811381d call 7ff63811f2ac 456->469 460 7ff638113822-7ff638113838 call 7ff638112770 457->460 466 7ff638113910-7ff638113913 458->466 459->458 473 7ff6381138cc-7ff6381138db call 7ff638115640 459->473 460->401 471 7ff6381139c6-7ff6381139d5 call 7ff638113110 466->471 472 7ff638113919-7ff638113926 466->472 468->433 469->460 471->401 485 7ff6381139db-7ff638113a12 call 7ff638116f20 call 7ff638116990 call 7ff6381153e0 471->485 476 7ff638113930-7ff63811393a 472->476 483 7ff6381138fc-7ff638113901 call 7ff638115890 473->483 484 7ff6381138dd-7ff6381138e9 call 7ff6381155d0 473->484 480 7ff63811393c-7ff638113941 476->480 481 7ff638113943-7ff638113945 476->481 480->476 480->481 486 7ff638113947-7ff63811396a call 7ff638111b30 481->486 487 7ff638113991-7ff6381139c1 call 7ff638113270 call 7ff6381130b0 call 7ff638113260 call 7ff638115890 call 7ff638115dc0 481->487 483->458 484->483 498 7ff6381138eb-7ff6381138fa call 7ff638115c90 484->498 485->401 510 7ff638113a18-7ff638113a4d call 7ff638113270 call 7ff638116fd0 call 7ff638115890 call 7ff638115dc0 485->510 486->401 497 7ff638113970-7ff63811397b 486->497 487->403 501 7ff638113980-7ff63811398f 497->501 498->466 501->487 501->501 523 7ff638113a57-7ff638113a5a call 7ff638111ab0 510->523 524 7ff638113a4f-7ff638113a52 call 7ff638116c90 510->524 527 7ff638113a5f-7ff638113a61 523->527 524->523 527->403
                                                  APIs
                                                    • Part of subcall function 00007FF638113BA0: GetModuleFileNameW.KERNEL32(?,00007FF638113699), ref: 00007FF638113BD1
                                                  • SetDllDirectoryW.KERNEL32 ref: 00007FF6381138A5
                                                    • Part of subcall function 00007FF638116990: GetEnvironmentVariableW.KERNEL32(00007FF6381136E7), ref: 00007FF6381169CA
                                                    • Part of subcall function 00007FF638116990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6381169E7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                  • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                  • API String ID: 2344891160-3602715111
                                                  • Opcode ID: 426576a0d0326df7c30950c6b1a5e1b6b49a81e1bfd48d9296af6f421a1cdc99
                                                  • Instruction ID: df1d32d35723ec5705babb8199433c997febc20f5b4a6ff35690f32a774f3722
                                                  • Opcode Fuzzy Hash: 426576a0d0326df7c30950c6b1a5e1b6b49a81e1bfd48d9296af6f421a1cdc99
                                                  • Instruction Fuzzy Hash: 8CB1B363A1CA8341FE64AB3198512FD6391BFA4784F404135EA4DC779EEF2EE605E708
                                                  Function 00007FF638111050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 528 7ff638111050-7ff6381110ab call 7ff63811a610 531 7ff6381110ad-7ff6381110d2 call 7ff638112770 528->531 532 7ff6381110d3-7ff6381110eb call 7ff6381240b0 528->532 537 7ff638111109-7ff638111119 call 7ff6381240b0 532->537 538 7ff6381110ed-7ff638111104 call 7ff6381124d0 532->538 544 7ff638111137-7ff638111147 537->544 545 7ff63811111b-7ff638111132 call 7ff6381124d0 537->545 543 7ff63811126c-7ff638111281 call 7ff63811a2f0 call 7ff63812409c * 2 538->543 561 7ff638111286-7ff6381112a0 543->561 547 7ff638111150-7ff638111175 call 7ff63811f5fc 544->547 545->543 554 7ff63811117b-7ff638111185 call 7ff63811f370 547->554 555 7ff63811125e 547->555 554->555 562 7ff63811118b-7ff638111197 554->562 557 7ff638111264 555->557 557->543 563 7ff6381111a0-7ff6381111c8 call 7ff638118a60 562->563 566 7ff6381111ca-7ff6381111cd 563->566 567 7ff638111241-7ff63811125c call 7ff638112770 563->567 569 7ff63811123c 566->569 570 7ff6381111cf-7ff6381111d9 566->570 567->557 569->567 572 7ff6381111db-7ff6381111e8 call 7ff63811fd3c 570->572 573 7ff638111203-7ff638111206 570->573 577 7ff6381111ed-7ff6381111f0 572->577 575 7ff638111208-7ff638111216 call 7ff63811bb60 573->575 576 7ff638111219-7ff63811121e 573->576 575->576 576->563 579 7ff638111220-7ff638111223 576->579 580 7ff6381111fe-7ff638111201 577->580 581 7ff6381111f2-7ff6381111fc call 7ff63811f370 577->581 583 7ff638111237-7ff63811123a 579->583 584 7ff638111225-7ff638111228 579->584 580->567 581->576 581->580 583->557 584->567 586 7ff63811122a-7ff638111232 584->586 586->547
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Message
                                                  • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                  • API String ID: 2030045667-1655038675
                                                  • Opcode ID: fb25f745df464e20138d1470271bd21ea6706bdcc7bc579a4e09f6b848cc895b
                                                  • Instruction ID: 23d57d1fcf1949ed2fdd74423ec823205b9ee62d73bd9b07e57cb5e8ae77be9e
                                                  • Opcode Fuzzy Hash: fb25f745df464e20138d1470271bd21ea6706bdcc7bc579a4e09f6b848cc895b
                                                  • Instruction Fuzzy Hash: 8251E263A0CA8381EAA09B71E4403FAA391FBA4794F545131DE4DC7785EF3EE545E708
                                                  Function 00007FF63812DDB8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • FreeLibrary.KERNEL32(?,00000000,?,00007FF63812E152,?,?,-00000018,00007FF63812A223,?,?,?,00007FF63812A11A,?,?,?,00007FF638125472), ref: 00007FF63812DF34
                                                  • GetProcAddress.KERNEL32(?,00000000,?,00007FF63812E152,?,?,-00000018,00007FF63812A223,?,?,?,00007FF63812A11A,?,?,?,00007FF638125472), ref: 00007FF63812DF40
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeLibraryProc
                                                  • String ID: api-ms-$ext-ms-
                                                  • API String ID: 3013587201-537541572
                                                  • Opcode ID: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                  • Instruction ID: 4b3445ea8daf155c57069d4b500b1ab831f471465923a5836dd2bc6f1921be75
                                                  • Opcode Fuzzy Hash: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                  • Instruction Fuzzy Hash: AA41B063B19A1781FA56CB36D8009E92391BF56BA0F594135DD0DC7788EE3EE845E308
                                                  Function 00007FF63812AF2C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 686 7ff63812af2c-7ff63812af52 687 7ff63812af6d-7ff63812af71 686->687 688 7ff63812af54-7ff63812af68 call 7ff638124424 call 7ff638124444 686->688 690 7ff63812b347-7ff63812b353 call 7ff638124424 call 7ff638124444 687->690 691 7ff63812af77-7ff63812af7e 687->691 706 7ff63812b35e 688->706 708 7ff63812b359 call 7ff638129db0 690->708 691->690 693 7ff63812af84-7ff63812afb2 691->693 693->690 697 7ff63812afb8-7ff63812afbf 693->697 698 7ff63812afd8-7ff63812afdb 697->698 699 7ff63812afc1-7ff63812afd3 call 7ff638124424 call 7ff638124444 697->699 704 7ff63812afe1-7ff63812afe7 698->704 705 7ff63812b343-7ff63812b345 698->705 699->708 704->705 710 7ff63812afed-7ff63812aff0 704->710 709 7ff63812b361-7ff63812b378 705->709 706->709 708->706 710->699 713 7ff63812aff2-7ff63812b017 710->713 715 7ff63812b019-7ff63812b01b 713->715 716 7ff63812b04a-7ff63812b051 713->716 719 7ff63812b01d-7ff63812b024 715->719 720 7ff63812b042-7ff63812b048 715->720 717 7ff63812b026-7ff63812b03d call 7ff638124424 call 7ff638124444 call 7ff638129db0 716->717 718 7ff63812b053-7ff63812b07b call 7ff63812cacc call 7ff638129e18 * 2 716->718 747 7ff63812b1d0 717->747 749 7ff63812b098-7ff63812b0c3 call 7ff63812b754 718->749 750 7ff63812b07d-7ff63812b093 call 7ff638124444 call 7ff638124424 718->750 719->717 719->720 721 7ff63812b0c8-7ff63812b0df 720->721 724 7ff63812b15a-7ff63812b164 call 7ff638132a3c 721->724 725 7ff63812b0e1-7ff63812b0e9 721->725 736 7ff63812b16a-7ff63812b17f 724->736 737 7ff63812b1ee 724->737 725->724 728 7ff63812b0eb-7ff63812b0ed 725->728 728->724 732 7ff63812b0ef-7ff63812b105 728->732 732->724 739 7ff63812b107-7ff63812b113 732->739 736->737 741 7ff63812b181-7ff63812b193 GetConsoleMode 736->741 745 7ff63812b1f3-7ff63812b213 ReadFile 737->745 739->724 743 7ff63812b115-7ff63812b117 739->743 741->737 746 7ff63812b195-7ff63812b19d 741->746 743->724 748 7ff63812b119-7ff63812b131 743->748 751 7ff63812b219-7ff63812b221 745->751 752 7ff63812b30d-7ff63812b316 GetLastError 745->752 746->745 754 7ff63812b19f-7ff63812b1c1 ReadConsoleW 746->754 757 7ff63812b1d3-7ff63812b1dd call 7ff638129e18 747->757 748->724 758 7ff63812b133-7ff63812b13f 748->758 749->721 750->747 751->752 760 7ff63812b227 751->760 755 7ff63812b318-7ff63812b32e call 7ff638124444 call 7ff638124424 752->755 756 7ff63812b333-7ff63812b336 752->756 763 7ff63812b1e2-7ff63812b1ec 754->763 764 7ff63812b1c3 GetLastError 754->764 755->747 768 7ff63812b1c9-7ff63812b1cb call 7ff6381243b8 756->768 769 7ff63812b33c-7ff63812b33e 756->769 757->709 758->724 767 7ff63812b141-7ff63812b143 758->767 761 7ff63812b22e-7ff63812b243 760->761 761->757 771 7ff63812b245-7ff63812b250 761->771 763->761 764->768 767->724 775 7ff63812b145-7ff63812b155 767->775 768->747 769->757 777 7ff63812b277-7ff63812b27f 771->777 778 7ff63812b252-7ff63812b26b call 7ff63812ab44 771->778 775->724 782 7ff63812b2fb-7ff63812b308 call 7ff63812a984 777->782 783 7ff63812b281-7ff63812b293 777->783 786 7ff63812b270-7ff63812b272 778->786 782->786 787 7ff63812b2ee-7ff63812b2f6 783->787 788 7ff63812b295 783->788 786->757 787->757 790 7ff63812b29a-7ff63812b2a1 788->790 791 7ff63812b2dd-7ff63812b2e8 790->791 792 7ff63812b2a3-7ff63812b2a7 790->792 791->787 793 7ff63812b2a9-7ff63812b2b0 792->793 794 7ff63812b2c3 792->794 793->794 795 7ff63812b2b2-7ff63812b2b6 793->795 796 7ff63812b2c9-7ff63812b2d9 794->796 795->794 797 7ff63812b2b8-7ff63812b2c1 795->797 796->790 798 7ff63812b2db 796->798 797->796 798->787
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: 184652ea66a00c646f0d6e367f8fa0d47b8fb75159f9cd0cc9461bb9675fa9ff
                                                  • Instruction ID: 2effaf90b089757a8b2aa84d39d9c8a76db8e72fe235dcafd16bde3eff83adee
                                                  • Opcode Fuzzy Hash: 184652ea66a00c646f0d6e367f8fa0d47b8fb75159f9cd0cc9461bb9675fa9ff
                                                  • Instruction Fuzzy Hash: E0C1B223A0C787C1EB619B35A4402FE7BA5EB82B80F554131DA5D83791DF7EE859E308
                                                  Function 00007FF63812C430 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 876 7ff63812c430-7ff63812c455 877 7ff63812c45b-7ff63812c45e 876->877 878 7ff63812c723 876->878 880 7ff63812c497-7ff63812c4c3 877->880 881 7ff63812c460-7ff63812c492 call 7ff638129ce4 877->881 879 7ff63812c725-7ff63812c735 878->879 882 7ff63812c4ce-7ff63812c4d4 880->882 883 7ff63812c4c5-7ff63812c4cc 880->883 881->879 886 7ff63812c4d6-7ff63812c4df call 7ff63812b7f0 882->886 887 7ff63812c4e4-7ff63812c4f9 call 7ff638132a3c 882->887 883->881 883->882 886->887 891 7ff63812c4ff-7ff63812c508 887->891 892 7ff63812c613-7ff63812c61c 887->892 891->892 895 7ff63812c50e-7ff63812c512 891->895 893 7ff63812c670-7ff63812c695 WriteFile 892->893 894 7ff63812c61e-7ff63812c624 892->894 896 7ff63812c697-7ff63812c69d GetLastError 893->896 897 7ff63812c6a0 893->897 898 7ff63812c626-7ff63812c629 894->898 899 7ff63812c65c-7ff63812c66e call 7ff63812bee8 894->899 900 7ff63812c514-7ff63812c51c call 7ff638123a20 895->900 901 7ff63812c523-7ff63812c52e 895->901 896->897 903 7ff63812c6a3 897->903 904 7ff63812c648-7ff63812c65a call 7ff63812c108 898->904 905 7ff63812c62b-7ff63812c62e 898->905 919 7ff63812c600-7ff63812c607 899->919 900->901 907 7ff63812c530-7ff63812c539 901->907 908 7ff63812c53f-7ff63812c554 GetConsoleMode 901->908 912 7ff63812c6a8 903->912 904->919 913 7ff63812c6b4-7ff63812c6be 905->913 914 7ff63812c634-7ff63812c646 call 7ff63812bfec 905->914 907->892 907->908 909 7ff63812c60c 908->909 910 7ff63812c55a-7ff63812c560 908->910 909->892 917 7ff63812c5e9-7ff63812c5fb call 7ff63812ba70 910->917 918 7ff63812c566-7ff63812c569 910->918 920 7ff63812c6ad 912->920 921 7ff63812c71c-7ff63812c721 913->921 922 7ff63812c6c0-7ff63812c6c5 913->922 914->919 917->919 926 7ff63812c56b-7ff63812c56e 918->926 927 7ff63812c574-7ff63812c582 918->927 919->912 920->913 921->879 928 7ff63812c6c7-7ff63812c6ca 922->928 929 7ff63812c6f3-7ff63812c6fd 922->929 926->920 926->927 933 7ff63812c5e0-7ff63812c5e4 927->933 934 7ff63812c584 927->934 935 7ff63812c6cc-7ff63812c6db 928->935 936 7ff63812c6e3-7ff63812c6ee call 7ff638124400 928->936 931 7ff63812c6ff-7ff63812c702 929->931 932 7ff63812c704-7ff63812c713 929->932 931->878 931->932 932->921 933->903 937 7ff63812c588-7ff63812c59f call 7ff638132b08 934->937 935->936 936->929 942 7ff63812c5d7-7ff63812c5dd GetLastError 937->942 943 7ff63812c5a1-7ff63812c5ad 937->943 942->933 944 7ff63812c5cc-7ff63812c5d3 943->944 945 7ff63812c5af-7ff63812c5c1 call 7ff638132b08 943->945 944->933 947 7ff63812c5d5 944->947 945->942 949 7ff63812c5c3-7ff63812c5ca 945->949 947->937 949->944
                                                  APIs
                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF63812C41B), ref: 00007FF63812C54C
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF63812C41B), ref: 00007FF63812C5D7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ConsoleErrorLastMode
                                                  • String ID:
                                                  • API String ID: 953036326-0
                                                  • Opcode ID: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                  • Instruction ID: 78fad1e42ae5141c21a6a721f686d02fc5b57bdbe00bf142aad435d817f1383d
                                                  • Opcode Fuzzy Hash: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                  • Instruction Fuzzy Hash: 66919E23B1865385F7608F7994402FD2BA0AB56B88F545139DF0E96B84DF3FD442E708
                                                  Function 00007FF63812E8DC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight$_isindst
                                                  • String ID:
                                                  • API String ID: 4170891091-0
                                                  • Opcode ID: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                  • Instruction ID: 206376dc4e7f5f49a81ce0f4e93f627497d6dbac7e4da912beff0435817e9ebd
                                                  • Opcode Fuzzy Hash: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                  • Instruction Fuzzy Hash: 2051EF73F046138AEF28CB7499416FC27A1BB19358F545235EE1E92BE6DE3EA402D704
                                                  Function 00007FF6381247D4 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                  • String ID:
                                                  • API String ID: 2780335769-0
                                                  • Opcode ID: 6d39917c2a5e172715dc0149da862f2fc663c363b49fcf3998972eea944cc0d9
                                                  • Instruction ID: fa1826dc703ce07b8ec84c0884592fee388fe91c862dad64734c71cd73ddff22
                                                  • Opcode Fuzzy Hash: 6d39917c2a5e172715dc0149da862f2fc663c363b49fcf3998972eea944cc0d9
                                                  • Instruction Fuzzy Hash: 3D515863E186428AFB14DFB094503BD23A1BB49B98F218134DE4D97789DF3DD691E348
                                                  Function 00007FF63811B19C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                  • String ID:
                                                  • API String ID: 1452418845-0
                                                  • Opcode ID: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                  • Instruction ID: d44855fc49f3bafd215e3050a9f1f8bd74817fce9426ca90355ff5240faeee8d
                                                  • Opcode Fuzzy Hash: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                  • Instruction Fuzzy Hash: FB313953E0860345FA94AB75A4513FE2391AFB5384F844034E90EC77D7DE6EB809E24D
                                                  Function 00007FF638124680 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 1279662727-0
                                                  • Opcode ID: aa6a3d9890cc6a7f195a6e990ba186583f2f0d5ddde8471eaaef5ef51b0941e7
                                                  • Instruction ID: ba8c2056a5b231542cb155c448b6d8acaa004bd8aa2f41e6da7b6bfbc3216d62
                                                  • Opcode Fuzzy Hash: aa6a3d9890cc6a7f195a6e990ba186583f2f0d5ddde8471eaaef5ef51b0941e7
                                                  • Instruction Fuzzy Hash: BE419523D1878383E7549B3195103B96360FB96764F109334EAAC83BD6DF6DA6E0E704
                                                  Function 00007FF638128888 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Process$CurrentExitTerminate
                                                  • String ID:
                                                  • API String ID: 1703294689-0
                                                  • Opcode ID: d426427e4f48dbbb9dc5f253e5f2c69f0b75b8518679dacd75070a6bbb583433
                                                  • Instruction ID: 04c0594579097860d5a87396adaef25d7fdfc2961d100d7f2fb1dacea84c3172
                                                  • Opcode Fuzzy Hash: d426427e4f48dbbb9dc5f253e5f2c69f0b75b8518679dacd75070a6bbb583433
                                                  • Instruction Fuzzy Hash: B7D09212F18B0382FA187B705C951F912226F89B41F201838D90FC6397DDBEA849E208
                                                  Function 00007FF63811F39C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: e6b31fcbb010569d964db91d6e465c54053a5eb593f9b70391a20bf1ad845ba7
                                                  • Instruction ID: bf5ecfd08f7aa43e0eba1c2d7b6068a7d7cbaffd5e910064b00f3d5762edc55d
                                                  • Opcode Fuzzy Hash: e6b31fcbb010569d964db91d6e465c54053a5eb593f9b70391a20bf1ad845ba7
                                                  • Instruction Fuzzy Hash: 5751D463B0969387EA689E3594006FA6381BF94BA4F144730DE6D837CBCF3ED441E609
                                                  Function 00007FF63812A028 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF638129EA5,?,?,00000000,00007FF638129F5A), ref: 00007FF63812A096
                                                  • GetLastError.KERNEL32(?,?,?,00007FF638129EA5,?,?,00000000,00007FF638129F5A), ref: 00007FF63812A0A0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ChangeCloseErrorFindLastNotification
                                                  • String ID:
                                                  • API String ID: 1687624791-0
                                                  • Opcode ID: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                  • Instruction ID: 0342e080e2a34f6023cab3116283e05439edaa5ed9bd3e78e8a90e84ca073f0d
                                                  • Opcode Fuzzy Hash: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                  • Instruction Fuzzy Hash: EA21C313B1868342FE549735D4542FD1691AF86BA0F244235DA2EC77C2CE6EE445E30C
                                                  Function 00007FF63812B604 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • SetFilePointerEx.KERNELBASE(?,?,?,?,00000000,00007FF63812B79D), ref: 00007FF63812B650
                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF63812B79D), ref: 00007FF63812B65A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastPointer
                                                  • String ID:
                                                  • API String ID: 2976181284-0
                                                  • Opcode ID: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                  • Instruction ID: 19a905708aa05b98a36c292df173eac4b4764f9d7dcae98df1264e5a8c2e5dc6
                                                  • Opcode Fuzzy Hash: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                  • Instruction Fuzzy Hash: D2118F62A18B8281DA108B35F8041AA6762AB46BF4F644331EA7D877E9CF7DD451D708
                                                  Function 00007FF63812497C Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF638124891), ref: 00007FF6381249AF
                                                  • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF638124891), ref: 00007FF6381249C5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Time$System$FileLocalSpecific
                                                  • String ID:
                                                  • API String ID: 1707611234-0
                                                  • Opcode ID: 42d85f7bbfb38a33647f37402af2049ec243a38652db21839daf1665d9964160
                                                  • Instruction ID: a0d94fc9680d883d3cfe86864a0c674fde3225a2364b8b6cc5e5506483947107
                                                  • Opcode Fuzzy Hash: 42d85f7bbfb38a33647f37402af2049ec243a38652db21839daf1665d9964160
                                                  • Instruction Fuzzy Hash: F211A37360C65381EF648B21A4111BEB760FB86771F601235FA9EC1AD8EF6ED144EB08
                                                  Function 00007FF638126984 Relevance: 3.0, APIs: 2, Instructions: 35timeCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF638126801), ref: 00007FF6381269A7
                                                  • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF638126801), ref: 00007FF6381269BD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Time$System$FileLocalSpecific
                                                  • String ID:
                                                  • API String ID: 1707611234-0
                                                  • Opcode ID: 1d02911a82879df930b91fc915557220ec32c277741baff5be31943c493d896d
                                                  • Instruction ID: 097f9848b6fe97b721274ba133d09719c80923943996ced91734da6b5004c784
                                                  • Opcode Fuzzy Hash: 1d02911a82879df930b91fc915557220ec32c277741baff5be31943c493d896d
                                                  • Instruction Fuzzy Hash: BE01A17351C65286EB605F24E4012BEB7B0FB82721F600336E6AD816D4DF7ED414EB04
                                                  Function 00007FF638129E18 Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF638131E42,?,?,?,00007FF638131E7F,?,?,00000000,00007FF638132345,?,?,?,00007FF638132277), ref: 00007FF638129E2E
                                                  • GetLastError.KERNEL32(?,?,?,00007FF638131E42,?,?,?,00007FF638131E7F,?,?,00000000,00007FF638132345,?,?,?,00007FF638132277), ref: 00007FF638129E38
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                  • String ID:
                                                  • API String ID: 588628887-0
                                                  • Opcode ID: 875bb2537aa3df01b4a1e34b7b101e94a2dc47b4cb64fa0c1180c15e07a79d81
                                                  • Instruction ID: 7bd6f651a75b0b0b0b9550d8a7019664a83d8b72239797e07a39f513a750752a
                                                  • Opcode Fuzzy Hash: 875bb2537aa3df01b4a1e34b7b101e94a2dc47b4cb64fa0c1180c15e07a79d81
                                                  • Instruction Fuzzy Hash: 3DE08C62F0860382FF18ABB2A8454F912609F85B40B445034C90DC2352EF2EA995F348
                                                  Function 00007FF6381266EC Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: DirectoryErrorLastRemove
                                                  • String ID:
                                                  • API String ID: 377330604-0
                                                  • Opcode ID: 45670ffc5494559b4402bb32e1ee61b2bed3bec50e0362f78a5b89dc8e7724e5
                                                  • Instruction ID: eb5e77d02cb11f155e9eddb1e00dcc64860e9149959d9a049cad5f1b25fa5537
                                                  • Opcode Fuzzy Hash: 45670ffc5494559b4402bb32e1ee61b2bed3bec50e0362f78a5b89dc8e7724e5
                                                  • Instruction Fuzzy Hash: C9D01256F3C90381F61427715C451F821903F45720F600630C02EC13D1EE6FA555F259
                                                  Function 00007FF638126F70 Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: DeleteErrorFileLast
                                                  • String ID:
                                                  • API String ID: 2018770650-0
                                                  • Opcode ID: 677f2ceb8ee0d5d75214142403d5559098fe9c7e5a50d88e5e1a5187c850d191
                                                  • Instruction ID: c3c87c94374d99a9f4245ee0c28c9e1517abaf2e598a162433634b5682bcc7b7
                                                  • Opcode Fuzzy Hash: 677f2ceb8ee0d5d75214142403d5559098fe9c7e5a50d88e5e1a5187c850d191
                                                  • Instruction Fuzzy Hash: 50D01216F3991385FB1427714C955F812902F45720F600734C41DC03D0EE5EB5D5F209
                                                  Function 00007FF638116C90 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide_findclose
                                                  • String ID:
                                                  • API String ID: 2772937645-0
                                                  • Opcode ID: 37a4e224697fbf4831613d35a88c56fbb79b718194e75a506f580689560dc945
                                                  • Instruction ID: 84b5b8f723754a18e8242eedb9ec2cfc4b0dd403de5c9699befaebddcae0fade
                                                  • Opcode Fuzzy Hash: 37a4e224697fbf4831613d35a88c56fbb79b718194e75a506f580689560dc945
                                                  • Instruction Fuzzy Hash: 4A71AD53E28AC681EA11CB3CC5052FD6360F7A9B4CF55E321DB9C52692EF29E2D9C704
                                                  Function 00007FF63812B37C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: ce9b52f680c1b5a7cbc95938458c13a1dbec8158119413affe32dcc0b3335035
                                                  • Instruction ID: 836cd19a3b2e71a9cf780ddd5f483621f25a7cb39c42ec2f60570e09d9f12e3e
                                                  • Opcode Fuzzy Hash: ce9b52f680c1b5a7cbc95938458c13a1dbec8158119413affe32dcc0b3335035
                                                  • Instruction Fuzzy Hash: 7B41CF3390864383EA24DB39A5812BA77A0EB97B50F140231D78EC77D1CF2EE442E759
                                                  Function 00007FF638117200 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _fread_nolock
                                                  • String ID:
                                                  • API String ID: 840049012-0
                                                  • Opcode ID: ef649bdc3b362dde69e9048677613dc35e5a2f5f899d36db1cfe2770a03142f7
                                                  • Instruction ID: 7e60623622b24b6992799a001fd4493c12a7f1cb8185a23fc32cb303420a8458
                                                  • Opcode Fuzzy Hash: ef649bdc3b362dde69e9048677613dc35e5a2f5f899d36db1cfe2770a03142f7
                                                  • Instruction Fuzzy Hash: 3C21EA23B1825346FA519B3265047FAA751BF55BD4F885830EE0D87786CF3EE142D708
                                                  Function 00007FF63812AE0C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: 47f2cb7360056a46563935c31beadd7a45ae652dec1b657f4a22353b163fa2db
                                                  • Instruction ID: f613733d4627d01ca5b4c4edbd12fb7c54568f5b42b2bccc34e08073f442aac3
                                                  • Opcode Fuzzy Hash: 47f2cb7360056a46563935c31beadd7a45ae652dec1b657f4a22353b163fa2db
                                                  • Instruction Fuzzy Hash: 5831A123A1865385E715AB35C8007FC2A90EF42B50F510235EA1D833D2DF7EE542E719
                                                  Function 00007FF6381287B9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                  • String ID:
                                                  • API String ID: 3947729631-0
                                                  • Opcode ID: e9a7e304643df4a79f5f92f113a909c0855d61e5f1cd2648997e34e72053eb35
                                                  • Instruction ID: e123d6de9083c3a97046f1a1dbf81e9034dfbe6525db454c870287c1d6243cbe
                                                  • Opcode Fuzzy Hash: e9a7e304643df4a79f5f92f113a909c0855d61e5f1cd2648997e34e72053eb35
                                                  • Instruction Fuzzy Hash: 91217832E04A468AEB249F74D4402FC33A0FB05718F14163AD62C86BD9DFBDD584DB88
                                                  Function 00007FF6381254C8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                  • Instruction ID: a4973bf6b06a02175314f4e9735d5170014d094b152628a84e64401e1faa6eb9
                                                  • Opcode Fuzzy Hash: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                  • Instruction Fuzzy Hash: EB116623A1C6C381EAA09F6194402F9E2A0FF86B80F944431EA4CD779ADF7ED540E709
                                                  Function 00007FF63813575C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                  • Instruction ID: 9f21d5eccfcc59b9372693b520ef343c1f66bb2dd07374cdc10ded4c6ad6b96b
                                                  • Opcode Fuzzy Hash: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                  • Instruction Fuzzy Hash: 21215033A1868286DB628F29E8403F976A0EB94F94F544234EA5DC77D9DF7ED800DB04
                                                  Function 00007FF63811F61C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                  • Instruction ID: d726c1cd29b6eb97955c4fb766fc33786e7c60c24f0aa200903ae0977f2840fe
                                                  • Opcode Fuzzy Hash: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                  • Instruction Fuzzy Hash: 1A01A522A08B8342E9049B72A9010E9A795FB96FE0F485631DE5C97BD7DF3ED501E308
                                                  Function 00007FF63812DD40 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF63812A8B6,?,?,?,00007FF638129A73,?,?,00000000,00007FF638129D0E), ref: 00007FF63812DD95
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                  • Instruction ID: 5b2f88313f819526dcef53462380e757c14c05b6c0e339e264e96803c6370639
                                                  • Opcode Fuzzy Hash: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                  • Instruction Fuzzy Hash: 6AF06D56B19A4F40FE996772D9013F502805F8AB80F5C9630CD0EC63C2DE5EE580E319
                                                  Function 00007FF63812CACC Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(?,?,?,00007FF63811FE44,?,?,?,00007FF638121356,?,?,?,?,?,00007FF638122949), ref: 00007FF63812CB0A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                  • Instruction ID: f4142ec70bffb3a6e54350b30470b14be541ed3057421138c87a43530b65eac4
                                                  • Opcode Fuzzy Hash: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                  • Instruction Fuzzy Hash: 9BF05802F0D34341FE2467B258002F512805F8A7E0F080630DE2ED67C2EEAFA980F218
                                                  Function 00007FF638117330 Relevance: 1.3, APIs: 1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: DirectoryErrorLastRemove
                                                  • String ID:
                                                  • API String ID: 377330604-0
                                                  • Opcode ID: 7bec2109183b07f1093a4788361d4b10d7cee014a84238bf74f355e0c818f314
                                                  • Instruction ID: 8d169190706dd6834ca179e038be0ac2c545ec0581f57062036e4a4bfc7eeeee
                                                  • Opcode Fuzzy Hash: 7bec2109183b07f1093a4788361d4b10d7cee014a84238bf74f355e0c818f314
                                                  • Instruction Fuzzy Hash: D1419017E18AC681E7119B74D5412FD6360FBA9748F50A632EF8D82797EF2DA2C8D304

                                                  Non-executed Functions

                                                  Function 00007FF638113DF0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: AddressProc
                                                  • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                  • API String ID: 190572456-3109299426
                                                  • Opcode ID: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                  • Instruction ID: 1d9adf466212498ee1372c2e2fb469e7a37b65a3a40d2fde55bc962fba57a560
                                                  • Opcode Fuzzy Hash: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                  • Instruction Fuzzy Hash: 8542B866A0EF0391FE55CB34AC901F523A1AF64794B945135C80E86368FFBEF959F208
                                                  Function 00007FF638111B90 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                  • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                  • API String ID: 2446303242-1601438679
                                                  • Opcode ID: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                  • Instruction ID: 221a62481681c682d8130fbe5122f52798a1359dac36c4ae2e31666e5e8678f1
                                                  • Opcode Fuzzy Hash: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                  • Instruction Fuzzy Hash: 9EA15937218B8287E714CF21E95479AB760F788B90F604129DB8D43B24CF7EE5A9DB44
                                                  Function 00007FF6381331CC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                  • API String ID: 808467561-2761157908
                                                  • Opcode ID: 46fb5d0366b8e1e712cdd684d815614daf2c7cda5b16cac76ba58e706ef79b66
                                                  • Instruction ID: f49c7e6f3cd60602d1d30dcb6b24cce24214886583bcade374652220b8492b55
                                                  • Opcode Fuzzy Hash: 46fb5d0366b8e1e712cdd684d815614daf2c7cda5b16cac76ba58e706ef79b66
                                                  • Instruction Fuzzy Hash: 9CB2B373A182838BE7658E74E8407F977A1FB94348F445135DA0D97B84DF7AEA00EB48
                                                  Function 00007FF6381174B0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(00000000,00007FF6381126A0), ref: 00007FF6381174D7
                                                  • FormatMessageW.KERNEL32(00000000,00007FF6381126A0), ref: 00007FF638117506
                                                  • WideCharToMultiByte.KERNEL32 ref: 00007FF63811755C
                                                    • Part of subcall function 00007FF638112620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF638117744,?,?,?,?,?,?,?,?,?,?,?,00007FF63811101D), ref: 00007FF638112654
                                                    • Part of subcall function 00007FF638112620: MessageBoxW.USER32 ref: 00007FF63811272C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                  • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                  • API String ID: 2920928814-2573406579
                                                  • Opcode ID: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                  • Instruction ID: 5f353dd57a03d6dc444ce64c689ec521fea65eb445c03c98cb2e371753767178
                                                  • Opcode Fuzzy Hash: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                  • Instruction Fuzzy Hash: 1C217133B08A4382EB609B31EC402E66761FB98385F940035E54DC2798EFBEE505E708
                                                  Function 00007FF63811B69C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                  • String ID:
                                                  • API String ID: 3140674995-0
                                                  • Opcode ID: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                  • Instruction ID: 4a83c0a8358bf44c3cf0d3c7eb2c360dc8e0420c9f6bdf707d3e5b5929983b01
                                                  • Opcode Fuzzy Hash: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                  • Instruction Fuzzy Hash: 20315E73608A828AEB609F70E8803EE7360FB94744F444439DA4D87B94EF7DD548D714
                                                  Function 00007FF638129AE4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                  • String ID:
                                                  • API String ID: 1239891234-0
                                                  • Opcode ID: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                  • Instruction ID: 2afeda61ad49f3449ac84b87a3cd5166ac64ca747f3df1e8f910e5b8f8f142c5
                                                  • Opcode Fuzzy Hash: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                  • Instruction Fuzzy Hash: 16316B37618F8286DB608B35E8406EE33A0FB89754F500135EA8D83B95DF3DC555CB04
                                                  Function 00007FF6381309B4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 2227656907-0
                                                  • Opcode ID: 1a8060551746b007c23963201f19a9fa9ddec40a19b74045b76b4ab8f762ca91
                                                  • Instruction ID: 987653065a87bdac93d4c155caf1b9cac3dff74c8b1542d7f840c869bdd607db
                                                  • Opcode Fuzzy Hash: 1a8060551746b007c23963201f19a9fa9ddec40a19b74045b76b4ab8f762ca91
                                                  • Instruction Fuzzy Hash: CFB1B327B1869741EA619B35A8006F963D0EB44BE4F444131EE9D87BC9DEBEEC41E708
                                                  Function 00007FF638132D30 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: memcpy_s
                                                  • String ID:
                                                  • API String ID: 1502251526-0
                                                  • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                  • Instruction ID: 603b0d84ccaed28fad1b3d4d652937aeaf24316585d4effb033da45224177a34
                                                  • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                  • Instruction Fuzzy Hash: F6C11573B1828687EB25CF69A8446AAB791F784B84F448134DB4E83744DF7EEC01DB48
                                                  Function 00007FF638138B68 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ExceptionRaise_clrfp
                                                  • String ID:
                                                  • API String ID: 15204871-0
                                                  • Opcode ID: 34bf4ba4d1f77b159a602f4f3a79dc58b46c4397abc6f90fe1b78d3c276b8e03
                                                  • Instruction ID: 81920dfae0c52fdbffd092dcb5d8c703aae6fde2d25c0de9026a3357d8eeb0d2
                                                  • Opcode Fuzzy Hash: 34bf4ba4d1f77b159a602f4f3a79dc58b46c4397abc6f90fe1b78d3c276b8e03
                                                  • Instruction Fuzzy Hash: 22B15E73604B8A8BEB55CF39C8463A87BA0F744B48F158921DB5D83BA4CFBAD851D704
                                                  Function 00007FF638122C04 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $
                                                  • API String ID: 0-227171996
                                                  • Opcode ID: 2d8c388a4af4e59f7aa018185c24a80b808f927c20487c79df8fa8b9671cd73b
                                                  • Instruction ID: cf78432a5efc2bd998866ecd9d545dbad43d45333e024bcc8f136d8256327ac3
                                                  • Opcode Fuzzy Hash: 2d8c388a4af4e59f7aa018185c24a80b808f927c20487c79df8fa8b9671cd73b
                                                  • Instruction Fuzzy Hash: E9E1A433A0864B86EB688E3581505BDE3A0FF46B58F144235DA4E877A4DF2FE851E748
                                                  Function 00007FF63812D098 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: e+000$gfff
                                                  • API String ID: 0-3030954782
                                                  • Opcode ID: e8ad3313ac50deca76865dcff50c63e8317fb702a62c77948e89599ff08dba86
                                                  • Instruction ID: 0b78e05d6524923b2576c3ab3a79bf3f39656f183ddd665298c965a69e777356
                                                  • Opcode Fuzzy Hash: e8ad3313ac50deca76865dcff50c63e8317fb702a62c77948e89599ff08dba86
                                                  • Instruction Fuzzy Hash: D3516923B182CA46E724CE35E8007A9BB91E786B94F489231CBACC7BC5CE3ED440D704
                                                  Function 00007FF63812FA08 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: CurrentFeaturePresentProcessProcessor
                                                  • String ID:
                                                  • API String ID: 1010374628-0
                                                  • Opcode ID: 3dd89506066c6ffdf0f12fb75a986cd17193a66726dd75fee6c51e450970bbea
                                                  • Instruction ID: 89d17f55792b0f165c6fd96f8fe6dd403223b54d2f736aa08ae06c756d6886a6
                                                  • Opcode Fuzzy Hash: 3dd89506066c6ffdf0f12fb75a986cd17193a66726dd75fee6c51e450970bbea
                                                  • Instruction Fuzzy Hash: E902AD63A0D64782FA65AB359800AF92680AF47BA0F544635DD6DC73D2DE7FA811F30C
                                                  Function 00007FF63812CC04 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: gfffffff
                                                  • API String ID: 0-1523873471
                                                  • Opcode ID: 24567b7b7ad9cc25883cfe86a0af8cdb31fb8148e1153fa934f37376d4be2ae6
                                                  • Instruction ID: a7a674d648497585483fa6e21902361003860c3931c731476a2cd2c7ea85e18f
                                                  • Opcode Fuzzy Hash: 24567b7b7ad9cc25883cfe86a0af8cdb31fb8148e1153fa934f37376d4be2ae6
                                                  • Instruction Fuzzy Hash: 88A13563A087C686EB25CB39A4007E97B91EB56BC4F048132DB8D87795DE3FD505D701
                                                  Function 00007FF638126F98 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: TMP
                                                  • API String ID: 3215553584-3125297090
                                                  • Opcode ID: a95fe7b9809f20d24c45d18936c36fa2317ccb405fffb6bad0c56651588825d4
                                                  • Instruction ID: 1316a38a723c1dfaeeef6147d113ae8cba46b2c2eff12d1317df6ac1563984a2
                                                  • Opcode Fuzzy Hash: a95fe7b9809f20d24c45d18936c36fa2317ccb405fffb6bad0c56651588825d4
                                                  • Instruction Fuzzy Hash: 9B51BD13B0864341FA68EB3659115FB52A0AF87BD4F484834DE0DC3796EE3EE856E24C
                                                  Function 00007FF6381325A0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: HeapProcess
                                                  • String ID:
                                                  • API String ID: 54951025-0
                                                  • Opcode ID: 6aaf01db4fcd6d8e5e92a2165bcca8bef3bc9097c29bcaeff3790f5a52787e5b
                                                  • Instruction ID: 4e5babc0a6db05fff76700561497d611e5da3541bca34ecc10a55fade6dda7c4
                                                  • Opcode Fuzzy Hash: 6aaf01db4fcd6d8e5e92a2165bcca8bef3bc9097c29bcaeff3790f5a52787e5b
                                                  • Instruction Fuzzy Hash: C2B09221E07B03C2EA092B316C8225823A87F48700FA90038C00C80320DF6D24EAA705
                                                  Function 00007FF638122800 Relevance: .3, Instructions: 327COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 720b0f885fc535c3a242e303a59ba9c626026de2633fd245c18c7096fc28f432
                                                  • Instruction ID: 338fb0d531bf454dc49f6fb713f969d5f9a723e878bfa7c7aefaa7e4d2302e07
                                                  • Opcode Fuzzy Hash: 720b0f885fc535c3a242e303a59ba9c626026de2633fd245c18c7096fc28f432
                                                  • Instruction Fuzzy Hash: 70D1D463A0865B85EB788E3984402BDE3A0FF46B58F144235CE0D87B95DF3EE845E348
                                                  Function 00007FF6381180A0 Relevance: .3, Instructions: 287COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 25b4879d951165098d7d9ad8dfdbe188c5f26750c92d05a39af3c572e9b4c9ce
                                                  • Instruction ID: dee6aa91ad09f17e78c023a0b1cf4a00c8b25cdba45410669b8aad5c303d0897
                                                  • Opcode Fuzzy Hash: 25b4879d951165098d7d9ad8dfdbe188c5f26750c92d05a39af3c572e9b4c9ce
                                                  • Instruction Fuzzy Hash: A1C193732141E18BE2C9EB29E4698BE7391F79934DB94403BEB8747B89CB3CA414D750
                                                  Function 00007FF638121E70 Relevance: .2, Instructions: 241COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3511ad376341763adbf03eaa1481790c1cd7a3e825f7d6c297581565e8b6740f
                                                  • Instruction ID: dea572acdc376d3013beb812840f24d2432f71a731af07f5e584189c68259b76
                                                  • Opcode Fuzzy Hash: 3511ad376341763adbf03eaa1481790c1cd7a3e825f7d6c297581565e8b6740f
                                                  • Instruction Fuzzy Hash: FEB13A73A0869A85E765CF39C4506BCBBA0FB4AB58F244135CB4E87395CF2EE441E708
                                                  Function 00007FF63812D718 Relevance: .2, Instructions: 198COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b482d32cf4439f597672c93949c919f143e2d798b80af63496daf47fa9f459cc
                                                  • Instruction ID: 93c9d5319e52d0d24511aa7dd72fc38450df352e3ed48e50e0b901ba4b8b5b17
                                                  • Opcode Fuzzy Hash: b482d32cf4439f597672c93949c919f143e2d798b80af63496daf47fa9f459cc
                                                  • Instruction Fuzzy Hash: B981C273A0878686EB64CB39E4403A96690FB86794F544235EB9D83B99DF3ED440DB04
                                                  Function 00007FF638135820 Relevance: .2, Instructions: 183COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: 43964b9baea6600a933ee8e1a049a499104490ec7162e6d0a4f8078b6de4c171
                                                  • Instruction ID: 9b92bd477d71bcdf1f501dd46de70249390b868d73da753a0fbf836c7ad7fb8b
                                                  • Opcode Fuzzy Hash: 43964b9baea6600a933ee8e1a049a499104490ec7162e6d0a4f8078b6de4c171
                                                  • Instruction Fuzzy Hash: 1F61E823E0829346FB668A3998502F96691BF41B70F544235DA1EC67D9DEAFEC00F708
                                                  Function 00007FF638120BA4 Relevance: .1, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
                                                  • Instruction ID: ad8530c4751ff12b3738c8a7f26788d5313c169b6e7102a5fbe004b85d13750d
                                                  • Opcode Fuzzy Hash: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
                                                  • Instruction Fuzzy Hash: 93519077A1865686E7248B38D0402B833A1EB4AB68F244331CE4D87795CF3FE852D744
                                                  Function 00007FF6381213C4 Relevance: .1, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
                                                  • Instruction ID: d1fc311bdd09b063aae303f105c6effea2c08b8e0f206b94106ca82d39abb8f8
                                                  • Opcode Fuzzy Hash: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
                                                  • Instruction Fuzzy Hash: 24515037A18692C6E7A4CB39D0406A837A1EB56B68F244131CE4E87794DF3FF842D784
                                                  Function 00007FF638120FB4 Relevance: .1, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
                                                  • Instruction ID: bc959b468439023e3009594495468be9dfd8d81ca8a390f8368063fc43ee1e6d
                                                  • Opcode Fuzzy Hash: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
                                                  • Instruction Fuzzy Hash: 8D515277A1869286E7A4CB39C0402A927A0FB4AB68F244131CE4D97795CF7FF843D748
                                                  Function 00007FF6381209A0 Relevance: .1, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
                                                  • Instruction ID: b2da1d2223b3b9e3f54513e93ac11b3c0779c6c1857046d7f97efee88537b50e
                                                  • Opcode Fuzzy Hash: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
                                                  • Instruction Fuzzy Hash: 2851AF37A1865686E7248B39C0402BC27A1EB46B98F684271CE4D977A5DF3FEC42DB44
                                                  Function 00007FF6381211C0 Relevance: .1, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
                                                  • Instruction ID: a732b1322f749710b66dff5f83dba6684b06fe92f1c7e2b7c5c33b8c7fbaab84
                                                  • Opcode Fuzzy Hash: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
                                                  • Instruction Fuzzy Hash: DC516C37A1865286E7A4CB39D0402A827A1EB46B68F344131DE4D97798DF3FF893D744
                                                  Function 00007FF638120DB0 Relevance: .1, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
                                                  • Instruction ID: 36c8943d019fa16befc08bf9ca968d9b2675a5dabfa14c5957ce1e2567bf22bd
                                                  • Opcode Fuzzy Hash: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
                                                  • Instruction Fuzzy Hash: B1518037A1866286E7648B39D0406B837A1EB46B58F244231CE4D977A5CF3FE892E744
                                                  Function 00007FF638124F50 Relevance: .1, Instructions: 138COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                  • Instruction ID: 86164b3e53a329c6ec7f0f83721401d0073de55769ef82e996631cf2df9a1618
                                                  • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                  • Instruction Fuzzy Hash: 7941B85390965B84F9D5893C49406F82680EF63BB0D685270DC9A933DBCE1F2A86F14C
                                                  Function 00007FF638128BA0 Relevance: .1, Instructions: 126COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                  • String ID:
                                                  • API String ID: 588628887-0
                                                  • Opcode ID: d52a693ca64156346f3ce50e8e1564a69fccf06189b002bdd4e7495fde204544
                                                  • Instruction ID: 255edf522961fe95069852ec8e7f0203afa526f261965bfa8696e575fc5a0f33
                                                  • Opcode Fuzzy Hash: d52a693ca64156346f3ce50e8e1564a69fccf06189b002bdd4e7495fde204544
                                                  • Instruction Fuzzy Hash: 0B411273B14A5682EF14CF3AD9145E9A3A1AB88FD4B499032EE0DC7B58DE3ED446D304
                                                  Function 00007FF638126560 Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ee4673de95ce1c3203f19ce9ce644468e75f80e7845f38315ddde02822e300f2
                                                  • Instruction ID: 2dd046e34df3b66766b3b8906639af61b86ca342089f7fcb37f3923322565d8f
                                                  • Opcode Fuzzy Hash: ee4673de95ce1c3203f19ce9ce644468e75f80e7845f38315ddde02822e300f2
                                                  • Instruction Fuzzy Hash: BB319333718B4342E6249F35A8401AD66D5AB86BA0F144238EA5E93BD5DF3DD412E70C
                                                  Function 00007FF6381389B0 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b98f8205f4dd5ad0f3b4c63852b6076f32f3a1b530b1ff8e23dc59df104b107b
                                                  • Instruction ID: 2c7f8fb8fe0fd4b28e769cd4ddf4c584d27ecadb2cc60c7690978e9529b25979
                                                  • Opcode Fuzzy Hash: b98f8205f4dd5ad0f3b4c63852b6076f32f3a1b530b1ff8e23dc59df104b107b
                                                  • Instruction Fuzzy Hash: 05F068B27182568AEBD89F79A80266977D0F7083C0F809039D58DC3B14DA3D9491DF08
                                                  Function 00007FF63811B880 Relevance: .0, Instructions: 2COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 03ec394501486fefa8e68c4fc5f22486c81951ca79d36a27091b1f9b4683aa64
                                                  • Instruction ID: 9ab49ee41f3f1e3f5787a753ba63683ba257d3e00569225b164c199735228883
                                                  • Opcode Fuzzy Hash: 03ec394501486fefa8e68c4fc5f22486c81951ca79d36a27091b1f9b4683aa64
                                                  • Instruction Fuzzy Hash: F1A0022390CC07D0EA45AB20EC500B13370FBA4700B500031D40DC12B0AFBEA841F348
                                                  Function 00007FF6381155D0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$LibraryLoad
                                                  • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                  • API String ID: 2238633743-1453502826
                                                  • Opcode ID: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                  • Instruction ID: e4696895c53c03a24f167c732f9ae53ace8e0021e6dae6559ce9650b49fe5ca2
                                                  • Opcode Fuzzy Hash: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                  • Instruction Fuzzy Hash: 63E193A7A5DF0391FA55CB34AC901F863A5AF14790F945135C80E86368EFBEE958F308
                                                  Function 00007FF638112030 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                  • String ID: P%
                                                  • API String ID: 2147705588-2959514604
                                                  • Opcode ID: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                  • Instruction ID: 34e4a8107c57118f6a7b2c35df882cd309595426b7095d65a5f759bcc191bf77
                                                  • Opcode Fuzzy Hash: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                  • Instruction Fuzzy Hash: 9B510626604BA286D6349F32A4181FAB7A1F798B61F004121EBCE83784DF7DD085EB14
                                                  Function 00007FF638120228 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: f$f$p$p$f
                                                  • API String ID: 3215553584-1325933183
                                                  • Opcode ID: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                  • Instruction ID: 300f7104dddf744627cfe1672e5ef850de827382ef1838ed7c88910843cbc4c7
                                                  • Opcode Fuzzy Hash: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                  • Instruction Fuzzy Hash: 7D12A763E0C18386FB249A34E0547FA7691FB82750F844235E69A877C4DF7EE480EB58
                                                  Function 00007FF6381112B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Message
                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                  • API String ID: 2030045667-3659356012
                                                  • Opcode ID: ce637a1b0568444316d1d973c9eb82cf30ef1a93ff795c13cd93f1fff632e1be
                                                  • Instruction ID: 218d73ee33a384e23c688c3d49341f08218583d8119f08dd1759b94404f18382
                                                  • Opcode Fuzzy Hash: ce637a1b0568444316d1d973c9eb82cf30ef1a93ff795c13cd93f1fff632e1be
                                                  • Instruction Fuzzy Hash: F2418223A08A4381EA54DB31B8402EAA3A0FF64B94F545431DE4D87B55EF7EE581E308
                                                  Function 00007FF63811DC30 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 849930591-393685449
                                                  • Opcode ID: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                  • Instruction ID: f70e369452d41adf79495752feec7ebbf672890fecd1829dc93ae64d9f5bffd2
                                                  • Opcode Fuzzy Hash: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                  • Instruction Fuzzy Hash: E5E17C73A08B438AEB209F7594412ED7BA0FB65B98F100135EE8D87B99CF39E581D744
                                                  Function 00007FF638117600 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF63811101D), ref: 00007FF63811769F
                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF63811101D), ref: 00007FF6381176EF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide
                                                  • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                  • API String ID: 626452242-27947307
                                                  • Opcode ID: ff563fd808d69f35f83569dbbc19b7f1e21c5d08308d418d8919d0e7ff1619ab
                                                  • Instruction ID: 42bf47658a9c5fc516542598f902ec8b7c7cf191a0655e1422ac76c701ca6352
                                                  • Opcode Fuzzy Hash: ff563fd808d69f35f83569dbbc19b7f1e21c5d08308d418d8919d0e7ff1619ab
                                                  • Instruction Fuzzy Hash: B941AE33A0DB8381E620CF25B8441AAB7A5FB94BA0F584535DA8DC3B98DF7DD451E708
                                                  Function 00007FF638117B40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WideCharToMultiByte.KERNEL32(?,00007FF638113699), ref: 00007FF638117B81
                                                    • Part of subcall function 00007FF638112620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF638117744,?,?,?,?,?,?,?,?,?,?,?,00007FF63811101D), ref: 00007FF638112654
                                                    • Part of subcall function 00007FF638112620: MessageBoxW.USER32 ref: 00007FF63811272C
                                                  • WideCharToMultiByte.KERNEL32(?,00007FF638113699), ref: 00007FF638117BF5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$ErrorLastMessage
                                                  • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                  • API String ID: 3723044601-27947307
                                                  • Opcode ID: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                  • Instruction ID: 2631dc5f874d2edf034e335f457c9197d4429d606356cc9015f021c6cdb5195f
                                                  • Opcode Fuzzy Hash: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                  • Instruction Fuzzy Hash: B9214B23B08B4385EA10DF36E8401F97761AB94B94F584535DA4DC3794EFBEE951E308
                                                  Function 00007FF638129264 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: f$p$p
                                                  • API String ID: 3215553584-1995029353
                                                  • Opcode ID: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                  • Instruction ID: d64f28705afaab70a94f8bfc8865d7bc1927670e47514368164b776a69fb0bf0
                                                  • Opcode Fuzzy Hash: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                  • Instruction Fuzzy Hash: 5512A163E0C14786FB249B39E154AF97691FB82750F884035E68A877C4DF3EE590EB18
                                                  Function 00007FF638117C30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide
                                                  • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                  • API String ID: 626452242-876015163
                                                  • Opcode ID: 290b57ca8453ae885af3ff2fc0035437ec55c1325ab119fe22c2f927501d8716
                                                  • Instruction ID: f4a000c0b708ab3da3bd0facd792da29e89fdfe30daaf8470e3649328696437d
                                                  • Opcode Fuzzy Hash: 290b57ca8453ae885af3ff2fc0035437ec55c1325ab119fe22c2f927501d8716
                                                  • Instruction Fuzzy Hash: B8418E33A08B4382EA20DB35A8401FA67A5FB54B90F144135DA8D87BA8EF3DD452E708
                                                  Function 00007FF638116480 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF638117A30: MultiByteToWideChar.KERNEL32 ref: 00007FF638117A6A
                                                  • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6381167CF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF6381164DF
                                                    • Part of subcall function 00007FF638112770: MessageBoxW.USER32 ref: 00007FF638112841
                                                  Strings
                                                  • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6381164B6
                                                  • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF63811653A
                                                  • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6381164F3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                  • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                  • API String ID: 1662231829-3498232454
                                                  • Opcode ID: e82e75a9301f2c01be817318613aadd6cb56ce3046e43f6970fb0f78f3b425c1
                                                  • Instruction ID: 85e5e529d506ed39bedb913c0cfa91e3a2ade479eacb8261f7425bb013b9ece8
                                                  • Opcode Fuzzy Hash: e82e75a9301f2c01be817318613aadd6cb56ce3046e43f6970fb0f78f3b425c1
                                                  • Instruction Fuzzy Hash: 1C316717B1CB8341FA61E731A9553FA5351AFA87C0F844431DA4EC2BDAEE6EE504E608
                                                  Function 00007FF63811CEE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF63811D19A,?,?,?,00007FF63811CE8C,?,?,00000001,00007FF63811CAA9), ref: 00007FF63811CF6D
                                                  • GetLastError.KERNEL32(?,?,?,00007FF63811D19A,?,?,?,00007FF63811CE8C,?,?,00000001,00007FF63811CAA9), ref: 00007FF63811CF7B
                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF63811D19A,?,?,?,00007FF63811CE8C,?,?,00000001,00007FF63811CAA9), ref: 00007FF63811CFA5
                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF63811D19A,?,?,?,00007FF63811CE8C,?,?,00000001,00007FF63811CAA9), ref: 00007FF63811CFEB
                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF63811D19A,?,?,?,00007FF63811CE8C,?,?,00000001,00007FF63811CAA9), ref: 00007FF63811CFF7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                  • String ID: api-ms-
                                                  • API String ID: 2559590344-2084034818
                                                  • Opcode ID: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                  • Instruction ID: b437e98a652bdc574f08cecbfd032da59886d90933033a2302cdc4aa993abbe7
                                                  • Opcode Fuzzy Hash: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                  • Instruction Fuzzy Hash: 4E31C023A1AA4391FE52DB22A8016F56394FF58BA0F594535ED1D8A380DF3DE445E708
                                                  Function 00007FF638117A30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MultiByteToWideChar.KERNEL32 ref: 00007FF638117A6A
                                                    • Part of subcall function 00007FF638112620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF638117744,?,?,?,?,?,?,?,?,?,?,?,00007FF63811101D), ref: 00007FF638112654
                                                    • Part of subcall function 00007FF638112620: MessageBoxW.USER32 ref: 00007FF63811272C
                                                  • MultiByteToWideChar.KERNEL32 ref: 00007FF638117AF0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$ErrorLastMessage
                                                  • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                  • API String ID: 3723044601-876015163
                                                  • Opcode ID: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                  • Instruction ID: 428a534258df246e63ec12d3f13b9fa06572d94fd527396c19fb78e59acc890d
                                                  • Opcode Fuzzy Hash: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                  • Instruction Fuzzy Hash: B3215327B08A4382EB50CB35F8000AAA761FB95794F584531DF4CC3BA9EF6DD551D708
                                                  Function 00007FF63812A620 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F,?,?,?,00007FF638129313), ref: 00007FF63812A62F
                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F,?,?,?,00007FF638129313), ref: 00007FF63812A644
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F,?,?,?,00007FF638129313), ref: 00007FF63812A665
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F,?,?,?,00007FF638129313), ref: 00007FF63812A692
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F,?,?,?,00007FF638129313), ref: 00007FF63812A6A3
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F,?,?,?,00007FF638129313), ref: 00007FF63812A6B4
                                                  • SetLastError.KERNEL32(?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F,?,?,?,00007FF638129313), ref: 00007FF63812A6CF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Value$ErrorLast
                                                  • String ID:
                                                  • API String ID: 2506987500-0
                                                  • Opcode ID: 6fa1fab48d66e1463309dc109adf4585d75bfd82a6fbadce2d7c74c597cc3b40
                                                  • Instruction ID: 2f30914540f03979cb898efd90552673d2316d92d5e2472409ab0ba37b61e607
                                                  • Opcode Fuzzy Hash: 6fa1fab48d66e1463309dc109adf4585d75bfd82a6fbadce2d7c74c597cc3b40
                                                  • Instruction Fuzzy Hash: B0214223E0C64342F964A73166565F962525F8ABB0F240734D93EC77D6DF2EE441E708
                                                  Function 00007FF63813706C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                  • String ID: CONOUT$
                                                  • API String ID: 3230265001-3130406586
                                                  • Opcode ID: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                  • Instruction ID: f3daac0977182d2c56695f9d8da4ad89a393c54cc5b984c72b9ef09cd9ed19b0
                                                  • Opcode Fuzzy Hash: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                  • Instruction Fuzzy Hash: 5B114C23B18E4286E7518B66AC5436962A0BB88BE4F544234EA5DC7794CFBDD814C748
                                                  Function 00007FF63812A798 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,?,00007FF63812444D,?,?,?,?,00007FF63812DDA7,?,?,00000000,00007FF63812A8B6,?,?,?), ref: 00007FF63812A7A7
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF63812444D,?,?,?,?,00007FF63812DDA7,?,?,00000000,00007FF63812A8B6,?,?,?), ref: 00007FF63812A7DD
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF63812444D,?,?,?,?,00007FF63812DDA7,?,?,00000000,00007FF63812A8B6,?,?,?), ref: 00007FF63812A80A
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF63812444D,?,?,?,?,00007FF63812DDA7,?,?,00000000,00007FF63812A8B6,?,?,?), ref: 00007FF63812A81B
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF63812444D,?,?,?,?,00007FF63812DDA7,?,?,00000000,00007FF63812A8B6,?,?,?), ref: 00007FF63812A82C
                                                  • SetLastError.KERNEL32(?,?,?,00007FF63812444D,?,?,?,?,00007FF63812DDA7,?,?,00000000,00007FF63812A8B6,?,?,?), ref: 00007FF63812A847
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Value$ErrorLast
                                                  • String ID:
                                                  • API String ID: 2506987500-0
                                                  • Opcode ID: f18d8f431814927885b9c894ece884b545559122ce24857c2491552e22e71327
                                                  • Instruction ID: f5e6997d213621c3c2f0d07a3db3d460663ceda290f7537388931a0238ba3e8e
                                                  • Opcode Fuzzy Hash: f18d8f431814927885b9c894ece884b545559122ce24857c2491552e22e71327
                                                  • Instruction Fuzzy Hash: FB116323E0C64342FA6497315A521F951925F8ABB0F244734D93EC77D6DE2EF841E308
                                                  Function 00007FF63811C8A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                  • String ID: csm$f
                                                  • API String ID: 2395640692-629598281
                                                  • Opcode ID: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                  • Instruction ID: 56d3ebde05d47cd76e4490d02bc9fe8d727a301f3f8f77f21cc2c3a407ff7902
                                                  • Opcode Fuzzy Hash: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                  • Instruction Fuzzy Hash: 0151C333B09A0386DB15CB35E405AB93795FB64B88F118134DE4E87788EF7AE941E708
                                                  Function 00007FF638112240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                  • String ID: Unhandled exception in script
                                                  • API String ID: 3081866767-2699770090
                                                  • Opcode ID: 01a0bb9e98a22bc39d92f1d9306349b6b95e7735addeeef39cbdf51254e5f23a
                                                  • Instruction ID: 1fc79ad9d3187bdf94cc31195263cbbda5dab1bfaf56230b651f27991c1d9bbf
                                                  • Opcode Fuzzy Hash: 01a0bb9e98a22bc39d92f1d9306349b6b95e7735addeeef39cbdf51254e5f23a
                                                  • Instruction Fuzzy Hash: D0315737A08A8389EB24DB71E8551E96360FF89B94F400135EA4D8BB99DF3ED145D708
                                                  Function 00007FF638112620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF638117744,?,?,?,?,?,?,?,?,?,?,?,00007FF63811101D), ref: 00007FF638112654
                                                    • Part of subcall function 00007FF6381174B0: GetLastError.KERNEL32(00000000,00007FF6381126A0), ref: 00007FF6381174D7
                                                    • Part of subcall function 00007FF6381174B0: FormatMessageW.KERNEL32(00000000,00007FF6381126A0), ref: 00007FF638117506
                                                    • Part of subcall function 00007FF638117A30: MultiByteToWideChar.KERNEL32 ref: 00007FF638117A6A
                                                  • MessageBoxW.USER32 ref: 00007FF63811272C
                                                  • MessageBoxA.USER32 ref: 00007FF638112748
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                  • String ID: %s%s: %s$Fatal error detected
                                                  • API String ID: 2806210788-2410924014
                                                  • Opcode ID: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                  • Instruction ID: 66037cb7597c46735e6df708af1e2396c9b69c1591825fd175e7673bb5853294
                                                  • Opcode Fuzzy Hash: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                  • Instruction Fuzzy Hash: 5C316F73628A8391EA20DB20E4517EA6364FF94784F804036EA8D83B99DF7ED645DB44
                                                  Function 00007FF6381288E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                  • String ID: CorExitProcess$mscoree.dll
                                                  • API String ID: 4061214504-1276376045
                                                  • Opcode ID: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                  • Instruction ID: 8c40f035e585c5bbd31cc6210a01aa05db3693f09729889e376b8b223fe5ddcb
                                                  • Opcode Fuzzy Hash: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                  • Instruction Fuzzy Hash: 88F062A2A19A0381EF108B34E8553B95330FFC57A5F640635D66D867F4CFAEE449E308
                                                  Function 00007FF6381387A4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _set_statfp
                                                  • String ID:
                                                  • API String ID: 1156100317-0
                                                  • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                  • Instruction ID: 47d1c6c57f135ce524c22ea9fa0da14f528d19a3e3105a705c3a0dacc7025ae9
                                                  • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                  • Instruction Fuzzy Hash: EE119163E18B0711F6A42338EC453F514426F583B8F140674E96EC67D6CEEEAC45E24C
                                                  Function 00007FF63812A860 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF638129A73,?,?,00000000,00007FF638129D0E,?,?,?,?,?,00007FF6381221EC), ref: 00007FF63812A87F
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638129A73,?,?,00000000,00007FF638129D0E,?,?,?,?,?,00007FF6381221EC), ref: 00007FF63812A89E
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638129A73,?,?,00000000,00007FF638129D0E,?,?,?,?,?,00007FF6381221EC), ref: 00007FF63812A8C6
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638129A73,?,?,00000000,00007FF638129D0E,?,?,?,?,?,00007FF6381221EC), ref: 00007FF63812A8D7
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638129A73,?,?,00000000,00007FF638129D0E,?,?,?,?,?,00007FF6381221EC), ref: 00007FF63812A8E8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Value
                                                  • String ID:
                                                  • API String ID: 3702945584-0
                                                  • Opcode ID: b230e00eb3a4a963830e94931d1c566e9f2167cfa2cfe95f454d85ffeb99a2ab
                                                  • Instruction ID: 6bf8cda6c11997558102aa1acf8eec5a57afb3ddc23f3e76c9c1b76b704d38d6
                                                  • Opcode Fuzzy Hash: b230e00eb3a4a963830e94931d1c566e9f2167cfa2cfe95f454d85ffeb99a2ab
                                                  • Instruction Fuzzy Hash: AD115162F0C64342FE689336A5421F951516F86BB0F244334E93EC77D6DE2EF442E609
                                                  Function 00007FF63812A6F4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F), ref: 00007FF63812A705
                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F), ref: 00007FF63812A724
                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F), ref: 00007FF63812A74C
                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F), ref: 00007FF63812A75D
                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F), ref: 00007FF63812A76E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Value
                                                  • String ID:
                                                  • API String ID: 3702945584-0
                                                  • Opcode ID: 2ba98259ac8f671f7b11ef4b4b97e12d4d2c3255f6215eff0bd660afad52eb11
                                                  • Instruction ID: 7d907a1e5232c96e349d56213a2adbd2955e9a9d901ea871ebcae9bc53952326
                                                  • Opcode Fuzzy Hash: 2ba98259ac8f671f7b11ef4b4b97e12d4d2c3255f6215eff0bd660afad52eb11
                                                  • Instruction Fuzzy Hash: 8E11E826E0C20742FDA8A63558125FA12A24F87B74F240734D83ECA3D2DD2FB851E21D
                                                  Function 00007FF63812F198 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                  • API String ID: 3215553584-1196891531
                                                  • Opcode ID: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                  • Instruction ID: 447e95d874cecb055f33d0ac4a3363c5b7a37a69129092b123600e8cb2300b62
                                                  • Opcode Fuzzy Hash: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                  • Instruction Fuzzy Hash: 2D819C37E082438BF7748E3991142F826A0AB57B88F558035CA0ED7395DF6EE991F709
                                                  Function 00007FF63811E108 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: CallEncodePointerTranslator
                                                  • String ID: MOC$RCC
                                                  • API String ID: 3544855599-2084237596
                                                  • Opcode ID: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                  • Instruction ID: 4fc11330c37edeb80563540c19369358778ef3495366e5e2abf6a3b855af66c2
                                                  • Opcode Fuzzy Hash: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                  • Instruction Fuzzy Hash: F5616B33A08B468AEB608FB5D4803ED7BA0FB54B88F144225EE4D57B94CF79E095D704
                                                  Function 00007FF63811E464 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                  • String ID: csm$csm
                                                  • API String ID: 3896166516-3733052814
                                                  • Opcode ID: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                  • Instruction ID: a2fc0265b3cf86ec1930f4ceeed85918c55c4e4afe292574f647b3d21a33f09c
                                                  • Opcode Fuzzy Hash: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                  • Instruction Fuzzy Hash: FD519B7390868386EF748F65A1442A877A0EB64B88F544135EA8D87B95DF3DF450EB08
                                                  Function 00007FF6381124D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Message$ByteCharMultiWide
                                                  • String ID: %s%s: %s$Fatal error detected
                                                  • API String ID: 1878133881-2410924014
                                                  • Opcode ID: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                  • Instruction ID: 715a64985a6dbf2c27d97a3ff13eba2350a57c9da63d19f5e63f7eb7de7904de
                                                  • Opcode Fuzzy Hash: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                  • Instruction Fuzzy Hash: 09319573628A8391EA20EB20F4517EA6364FF94784F804036EA8D87799CF3DD745DB48
                                                  Function 00007FF638113BA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleFileNameW.KERNEL32(?,00007FF638113699), ref: 00007FF638113BD1
                                                    • Part of subcall function 00007FF638112620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF638117744,?,?,?,?,?,?,?,?,?,?,?,00007FF63811101D), ref: 00007FF638112654
                                                    • Part of subcall function 00007FF638112620: MessageBoxW.USER32 ref: 00007FF63811272C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastMessageModuleName
                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                  • API String ID: 2581892565-1977442011
                                                  • Opcode ID: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                  • Instruction ID: 2d11cb84be4f2b9585d622ea2382cec4393cc9ad6ce1736ae41f847f6bf820ed
                                                  • Opcode Fuzzy Hash: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                  • Instruction Fuzzy Hash: 56018F23B1CA4380FE219B30E8053FA1395AFA8385F400032D94EC7786EE9EE544E708
                                                  Function 00007FF63812BA70 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                  • String ID:
                                                  • API String ID: 2718003287-0
                                                  • Opcode ID: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                  • Instruction ID: cd3de8fc85e421c6551c935a5b2a3073b49333965dd725a9077d2323c07d2ece
                                                  • Opcode Fuzzy Hash: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                  • Instruction Fuzzy Hash: 03D1CC23B18A868AE720CF75D4406ED37A1FB46B98B104226CE5E97B99DE3DD416D308
                                                  Function 00007FF638111F70 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: LongWindow$DialogInvalidateRect
                                                  • String ID:
                                                  • API String ID: 1956198572-0
                                                  • Opcode ID: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                  • Instruction ID: e008dbcdc0d850d0a9394336503c69ad84944541fd59af1606a3ed76db05810a
                                                  • Opcode Fuzzy Hash: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                  • Instruction Fuzzy Hash: 02110C23F2C54342F6908779F9442F99392EF99B80F545030E94987B8DCE3ED8C9E208
                                                  Function 00007FF638134D3C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                  • String ID: ?
                                                  • API String ID: 1286766494-1684325040
                                                  • Opcode ID: c6b54485bead06bc5539c244e4ab75d05ddcaebff17989ae90453d9827129cd1
                                                  • Instruction ID: 77ddd9188b2733845a931d754f8eca2cf07c1b9a99b3cb638d6f40d5f547426a
                                                  • Opcode Fuzzy Hash: c6b54485bead06bc5539c244e4ab75d05ddcaebff17989ae90453d9827129cd1
                                                  • Instruction Fuzzy Hash: 4E412A13A0828345FB208B35D8017FA6690EFA1BA4F144235EF5C86BD5DE7ED981E708
                                                  Function 00007FF638127E6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF638127E9E
                                                    • Part of subcall function 00007FF638129E18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF638131E42,?,?,?,00007FF638131E7F,?,?,00000000,00007FF638132345,?,?,?,00007FF638132277), ref: 00007FF638129E2E
                                                    • Part of subcall function 00007FF638129E18: GetLastError.KERNEL32(?,?,?,00007FF638131E42,?,?,?,00007FF638131E7F,?,?,00000000,00007FF638132345,?,?,?,00007FF638132277), ref: 00007FF638129E38
                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF63811B105), ref: 00007FF638127EBC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLanguagesLastModuleNamePreferredRestoreThread_invalid_parameter_noinfo
                                                  • String ID: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                  • API String ID: 2553983749-3089972662
                                                  • Opcode ID: 3943842da798c31a181edbdfd7e827be925f8530d91395b67a93139410b16115
                                                  • Instruction ID: bcba1a394e4c5ac8733e7b5f6df406741a89b04906a7b1992091d5e2e28e5d51
                                                  • Opcode Fuzzy Hash: 3943842da798c31a181edbdfd7e827be925f8530d91395b67a93139410b16115
                                                  • Instruction Fuzzy Hash: 58417C33A08B5786EB14DF3598804FD67A4EB46B80B544435EA5EC3B85DF3EE891E348
                                                  Function 00007FF63812C108 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastWrite
                                                  • String ID: U
                                                  • API String ID: 442123175-4171548499
                                                  • Opcode ID: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                  • Instruction ID: 3295c33c6d5ba4cd5efbd240d3f1f85a531a946555c711cf33e4fcd6e82620c3
                                                  • Opcode Fuzzy Hash: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                  • Instruction Fuzzy Hash: 5741A023A18A8282DB20CF25E8453E977A1FB99794F904131EA4D87798EF3ED445D744
                                                  Function 00007FF63812E508 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: CurrentDirectory
                                                  • String ID: :
                                                  • API String ID: 1611563598-336475711
                                                  • Opcode ID: c96ce3ad044416fb9599911189556e1cf2cbbd82c862d3c5499b8d6e200c136e
                                                  • Instruction ID: 6565180d6384fef7c453e965091487ef76165ddc9778b1c976bf41ce35439e72
                                                  • Opcode Fuzzy Hash: c96ce3ad044416fb9599911189556e1cf2cbbd82c862d3c5499b8d6e200c136e
                                                  • Instruction Fuzzy Hash: DD21C1A3A1868381EF208B39D4442AD63A1FB89B44F454135DA4D83385EF7EE945D754
                                                  Function 00007FF638112770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Message$ByteCharMultiWide
                                                  • String ID: Fatal error detected
                                                  • API String ID: 1878133881-4025702859
                                                  • Opcode ID: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                  • Instruction ID: 7daf797aeb2d9a6931dc33d97d9028956774e5589ab4f72fe098e27122ac59a8
                                                  • Opcode Fuzzy Hash: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                  • Instruction Fuzzy Hash: E3219073628A8391EB20DB20F4517EA6364FB94788F804035EA8D87B99CF7ED205CB44
                                                  Function 00007FF638112880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Message$ByteCharMultiWide
                                                  • String ID: Error detected
                                                  • API String ID: 1878133881-3513342764
                                                  • Opcode ID: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                  • Instruction ID: bbdbe9e0bb3e2e4eadf18441a08521dc9f698acc09af024942619b86f038bb4a
                                                  • Opcode Fuzzy Hash: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                  • Instruction Fuzzy Hash: 34216073628A8391EB20DB20F4517EA6364FB94788F805136EA8D87B99DF3DD205DB44
                                                  Function 00007FF63811EFB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFileHeaderRaise
                                                  • String ID: csm
                                                  • API String ID: 2573137834-1018135373
                                                  • Opcode ID: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                  • Instruction ID: 26572d9ec3437730e672c1a35df8088942681c5319bc4ada5eb20189041cbf61
                                                  • Opcode Fuzzy Hash: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                  • Instruction Fuzzy Hash: A3114C33618B8282EB218F25F4402A977A5FB98F94F184230EE8C47769DF7ED951DB04
                                                  Function 00007FF63812F00C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1863091495.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000000.00000002.1863061098.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863136380.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863201240.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1863297672.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: DriveType_invalid_parameter_noinfo
                                                  • String ID: :
                                                  • API String ID: 2595371189-336475711
                                                  • Opcode ID: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                  • Instruction ID: 3c6bd6b219ebecc6cc0d41edac800c82aa0147386a16174a64e9441ec1dde4a7
                                                  • Opcode Fuzzy Hash: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                  • Instruction Fuzzy Hash: 68018F2391864386FB31AF70A4612FE23A0EF45718F841035D54DC2792DF2EE644FA1C

                                                  Execution Graph

                                                  Execution Coverage:1.8%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:793
                                                  Total number of Limit Nodes:26
                                                  execution_graph 72212 7ff6381287b9 72224 7ff6381290d8 72212->72224 72214 7ff6381287be 72215 7ff63812882f 72214->72215 72216 7ff6381287e5 GetModuleHandleW 72214->72216 72217 7ff6381286bc 11 API calls 72215->72217 72216->72215 72220 7ff6381287f2 72216->72220 72218 7ff63812886b 72217->72218 72219 7ff638128872 72218->72219 72221 7ff638128888 11 API calls 72218->72221 72220->72215 72223 7ff6381288e0 GetModuleHandleExW GetProcAddress FreeLibrary 72220->72223 72222 7ff638128884 72221->72222 72223->72215 72229 7ff63812a620 45 API calls 3 library calls 72224->72229 72226 7ff6381290e1 72230 7ff63812920c 45 API calls 2 library calls 72226->72230 72229->72226 72231 7ff63812e8dc 72232 7ff63812eace 72231->72232 72234 7ff63812e91e _isindst 72231->72234 72278 7ff638124444 11 API calls _get_daylight 72232->72278 72234->72232 72237 7ff63812e99e _isindst 72234->72237 72252 7ff6381353b4 72237->72252 72242 7ff63812eafa 72288 7ff638129dd0 IsProcessorFeaturePresent 72242->72288 72249 7ff63812e9fb 72251 7ff63812eabe 72249->72251 72277 7ff6381353f8 37 API calls _isindst 72249->72277 72279 7ff63811ad80 72251->72279 72253 7ff63812e9bc 72252->72253 72254 7ff6381353c3 72252->72254 72259 7ff6381347b8 72253->72259 72292 7ff63812f788 EnterCriticalSection 72254->72292 72256 7ff6381353cb 72257 7ff6381353dc 72256->72257 72258 7ff638135224 55 API calls 72256->72258 72258->72257 72260 7ff6381347c1 72259->72260 72262 7ff63812e9d1 72259->72262 72293 7ff638124444 11 API calls _get_daylight 72260->72293 72262->72242 72265 7ff6381347e8 72262->72265 72263 7ff6381347c6 72294 7ff638129db0 37 API calls _invalid_parameter_noinfo 72263->72294 72266 7ff63812e9e2 72265->72266 72267 7ff6381347f1 72265->72267 72266->72242 72271 7ff638134818 72266->72271 72295 7ff638124444 11 API calls _get_daylight 72267->72295 72269 7ff6381347f6 72296 7ff638129db0 37 API calls _invalid_parameter_noinfo 72269->72296 72272 7ff63812e9f3 72271->72272 72273 7ff638134821 72271->72273 72272->72242 72272->72249 72297 7ff638124444 11 API calls _get_daylight 72273->72297 72275 7ff638134826 72298 7ff638129db0 37 API calls _invalid_parameter_noinfo 72275->72298 72277->72251 72278->72251 72280 7ff63811ad89 72279->72280 72281 7ff63811ad94 72280->72281 72282 7ff63811ae40 IsProcessorFeaturePresent 72280->72282 72283 7ff63811ae58 72282->72283 72299 7ff63811b034 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 72283->72299 72285 7ff63811ae6b 72300 7ff63811ae00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 72285->72300 72289 7ff638129de3 72288->72289 72301 7ff638129ae4 14 API calls 2 library calls 72289->72301 72291 7ff638129dfe GetCurrentProcess TerminateProcess 72293->72263 72295->72269 72297->72275 72299->72285 72301->72291 72302 7ff63811b19c 72323 7ff63811b36c 72302->72323 72305 7ff63811b2e8 72419 7ff63811b69c 7 API calls 2 library calls 72305->72419 72306 7ff63811b1b8 __scrt_acquire_startup_lock 72308 7ff63811b2f2 72306->72308 72315 7ff63811b1d6 __scrt_release_startup_lock 72306->72315 72420 7ff63811b69c 7 API calls 2 library calls 72308->72420 72310 7ff63811b1fb 72311 7ff63811b2fd __CxxCallCatchBlock 72312 7ff63811b281 72329 7ff63811b7e8 72312->72329 72314 7ff63811b286 72332 7ff638111000 72314->72332 72315->72310 72315->72312 72416 7ff638128984 45 API calls 72315->72416 72320 7ff63811b2a9 72320->72311 72418 7ff63811b500 7 API calls __scrt_initialize_crt 72320->72418 72322 7ff63811b2c0 72322->72310 72421 7ff63811b96c 72323->72421 72326 7ff63811b1b0 72326->72305 72326->72306 72327 7ff63811b39b __scrt_initialize_crt 72327->72326 72423 7ff63811cac8 7 API calls 2 library calls 72327->72423 72424 7ff63811c210 72329->72424 72331 7ff63811b7ff GetStartupInfoW 72331->72314 72333 7ff63811100b 72332->72333 72426 7ff638117600 72333->72426 72335 7ff63811101d 72433 7ff638124f14 72335->72433 72337 7ff63811367b 72440 7ff638111af0 72337->72440 72340 7ff63811379a 72342 7ff63811ad80 _wfindfirst32i64 8 API calls 72340->72342 72343 7ff6381137ae 72342->72343 72417 7ff63811b82c GetModuleHandleW 72343->72417 72344 7ff638113699 72344->72340 72456 7ff638113b20 72344->72456 72346 7ff6381136cb 72346->72340 72459 7ff638116990 72346->72459 72348 7ff6381136e7 72349 7ff638113733 72348->72349 72350 7ff638116990 61 API calls 72348->72350 72474 7ff638116f90 72349->72474 72356 7ff638113708 __vcrt_freefls 72350->72356 72352 7ff638113748 72478 7ff6381119d0 72352->72478 72355 7ff63811383d 72358 7ff638113868 72355->72358 72579 7ff638113280 59 API calls 72355->72579 72356->72349 72360 7ff638116f90 58 API calls 72356->72360 72357 7ff6381119d0 121 API calls 72359 7ff63811377e 72357->72359 72369 7ff6381138ab 72358->72369 72489 7ff638117a30 72358->72489 72364 7ff6381137c0 72359->72364 72365 7ff638113782 72359->72365 72360->72349 72363 7ff638113888 72366 7ff63811388d 72363->72366 72367 7ff63811389e SetDllDirectoryW 72363->72367 72364->72355 72555 7ff638113cb0 72364->72555 72554 7ff638112770 59 API calls 2 library calls 72365->72554 72580 7ff638112770 59 API calls 2 library calls 72366->72580 72367->72369 72503 7ff638115e40 72369->72503 72375 7ff638113906 72382 7ff6381139c6 72375->72382 72384 7ff638113919 72375->72384 72378 7ff638113810 72378->72355 72381 7ff638113815 72378->72381 72380 7ff6381138c8 72380->72375 72582 7ff638115640 161 API calls 3 library calls 72380->72582 72574 7ff63811f2ac 72381->72574 72544 7ff638113110 72382->72544 72398 7ff638113965 72384->72398 72586 7ff638111b30 72384->72586 72387 7ff6381137e2 72578 7ff638112770 59 API calls 2 library calls 72387->72578 72388 7ff6381138d9 72390 7ff6381138fc 72388->72390 72391 7ff6381138dd 72388->72391 72389 7ff6381139d3 72389->72340 72591 7ff638116f20 57 API calls __vcrt_freefls 72389->72591 72585 7ff638115890 FreeLibrary 72390->72585 72583 7ff6381155d0 91 API calls 72391->72583 72396 7ff6381138e7 72396->72390 72399 7ff6381138eb 72396->72399 72397 7ff6381139fb 72400 7ff638116990 61 API calls 72397->72400 72398->72340 72507 7ff6381130b0 72398->72507 72584 7ff638115c90 60 API calls 72399->72584 72403 7ff638113a07 72400->72403 72403->72340 72406 7ff638113a18 72403->72406 72404 7ff6381139a1 72590 7ff638115890 FreeLibrary 72404->72590 72405 7ff6381138fa 72405->72375 72592 7ff638116fd0 63 API calls 2 library calls 72406->72592 72409 7ff638113a30 72593 7ff638115890 FreeLibrary 72409->72593 72411 7ff638113a57 72595 7ff638111ab0 74 API calls __vcrt_freefls 72411->72595 72412 7ff638113a3c 72412->72411 72594 7ff638116c90 67 API calls 2 library calls 72412->72594 72415 7ff638113a5f 72415->72340 72416->72312 72417->72320 72418->72322 72419->72308 72420->72311 72422 7ff63811b38e __scrt_dllmain_crt_thread_attach 72421->72422 72422->72326 72422->72327 72423->72326 72425 7ff63811c1f0 72424->72425 72425->72331 72425->72425 72428 7ff63811761f 72426->72428 72427 7ff638117670 WideCharToMultiByte 72427->72428 72431 7ff638117718 72427->72431 72428->72427 72430 7ff6381176c6 WideCharToMultiByte 72428->72430 72428->72431 72432 7ff638117627 __vcrt_freefls 72428->72432 72430->72428 72430->72431 72596 7ff638112620 57 API calls 2 library calls 72431->72596 72432->72335 72434 7ff63812ec40 72433->72434 72436 7ff63812ece6 72434->72436 72438 7ff63812ec93 72434->72438 72598 7ff63812eb18 71 API calls _fread_nolock 72436->72598 72597 7ff638129ce4 37 API calls 2 library calls 72438->72597 72439 7ff63812ecbc 72439->72337 72441 7ff638111b05 72440->72441 72443 7ff638111b20 72441->72443 72599 7ff6381124d0 59 API calls 3 library calls 72441->72599 72443->72340 72444 7ff638113ba0 72443->72444 72600 7ff63811adb0 72444->72600 72447 7ff638113bdb 72602 7ff638112620 57 API calls 2 library calls 72447->72602 72448 7ff638113bf2 72603 7ff638117b40 59 API calls 72448->72603 72451 7ff638113bee 72454 7ff63811ad80 _wfindfirst32i64 8 API calls 72451->72454 72452 7ff638113c05 72452->72451 72604 7ff638112770 59 API calls 2 library calls 72452->72604 72455 7ff638113c2f 72454->72455 72455->72344 72457 7ff638111b30 49 API calls 72456->72457 72458 7ff638113b3d 72457->72458 72458->72346 72460 7ff63811699a 72459->72460 72461 7ff638117a30 57 API calls 72460->72461 72462 7ff6381169bc GetEnvironmentVariableW 72461->72462 72463 7ff638116a26 72462->72463 72464 7ff6381169d4 ExpandEnvironmentStringsW 72462->72464 72466 7ff63811ad80 _wfindfirst32i64 8 API calls 72463->72466 72605 7ff638117b40 59 API calls 72464->72605 72468 7ff638116a38 72466->72468 72467 7ff6381169fc 72467->72463 72469 7ff638116a06 72467->72469 72468->72348 72606 7ff63812910c 37 API calls 2 library calls 72469->72606 72471 7ff638116a0e 72472 7ff63811ad80 _wfindfirst32i64 8 API calls 72471->72472 72473 7ff638116a1e 72472->72473 72473->72348 72475 7ff638117a30 57 API calls 72474->72475 72476 7ff638116fa7 SetEnvironmentVariableW 72475->72476 72477 7ff638116fbf __vcrt_freefls 72476->72477 72477->72352 72479 7ff638111b30 49 API calls 72478->72479 72480 7ff638111a00 72479->72480 72481 7ff638111b30 49 API calls 72480->72481 72488 7ff638111a7a 72480->72488 72482 7ff638111a22 72481->72482 72483 7ff638113b20 49 API calls 72482->72483 72482->72488 72484 7ff638111a3b 72483->72484 72484->72484 72607 7ff6381117b0 72484->72607 72487 7ff63811f2ac 74 API calls 72487->72488 72488->72355 72488->72357 72490 7ff638117ad7 MultiByteToWideChar 72489->72490 72491 7ff638117a51 MultiByteToWideChar 72489->72491 72492 7ff638117afa 72490->72492 72493 7ff638117b1f 72490->72493 72494 7ff638117a77 72491->72494 72495 7ff638117a9c 72491->72495 72692 7ff638112620 57 API calls 2 library calls 72492->72692 72493->72363 72690 7ff638112620 57 API calls 2 library calls 72494->72690 72495->72490 72500 7ff638117ab2 72495->72500 72498 7ff638117b0d 72498->72363 72499 7ff638117a8a 72499->72363 72691 7ff638112620 57 API calls 2 library calls 72500->72691 72502 7ff638117ac5 72502->72363 72504 7ff638115e55 72503->72504 72505 7ff6381138b0 72504->72505 72693 7ff6381124d0 59 API calls 3 library calls 72504->72693 72505->72375 72581 7ff638115ae0 122 API calls 2 library calls 72505->72581 72694 7ff638114960 72507->72694 72510 7ff6381130fd 72510->72404 72512 7ff6381130d4 72512->72510 72750 7ff6381146e0 72512->72750 72514 7ff6381130e0 72514->72510 72760 7ff638114840 72514->72760 72516 7ff6381130ec 72516->72510 72517 7ff638113327 72516->72517 72518 7ff63811333c 72516->72518 72791 7ff638112770 59 API calls 2 library calls 72517->72791 72520 7ff63811335c 72518->72520 72527 7ff638113372 __vcrt_freefls 72518->72527 72792 7ff638112770 59 API calls 2 library calls 72520->72792 72521 7ff63811ad80 _wfindfirst32i64 8 API calls 72523 7ff6381134ca 72521->72523 72523->72404 72524 7ff638113333 __vcrt_freefls 72524->72521 72527->72524 72528 7ff638111b30 49 API calls 72527->72528 72529 7ff63811360b 72527->72529 72531 7ff6381135e5 72527->72531 72533 7ff6381134d6 72527->72533 72765 7ff6381112b0 72527->72765 72793 7ff638111780 59 API calls 72527->72793 72528->72527 72800 7ff638112770 59 API calls 2 library calls 72529->72800 72799 7ff638112770 59 API calls 2 library calls 72531->72799 72534 7ff638113542 72533->72534 72794 7ff63812910c 37 API calls 2 library calls 72533->72794 72795 7ff6381116d0 59 API calls 72534->72795 72537 7ff638113564 72538 7ff638113577 72537->72538 72539 7ff638113569 72537->72539 72797 7ff638112ea0 37 API calls 72538->72797 72796 7ff63812910c 37 API calls 2 library calls 72539->72796 72542 7ff638113575 72798 7ff6381123b0 62 API calls __vcrt_freefls 72542->72798 72549 7ff638113183 72544->72549 72553 7ff6381131c4 72544->72553 72545 7ff638113203 72547 7ff63811ad80 _wfindfirst32i64 8 API calls 72545->72547 72548 7ff638113215 72547->72548 72548->72389 72549->72553 72916 7ff638112990 72549->72916 72971 7ff638111440 161 API calls 2 library calls 72549->72971 72973 7ff638111780 59 API calls 72549->72973 72553->72545 72972 7ff638111ab0 74 API calls __vcrt_freefls 72553->72972 72554->72340 72556 7ff638113cbc 72555->72556 72557 7ff638117a30 57 API calls 72556->72557 72558 7ff638113ce7 72557->72558 72559 7ff638117a30 57 API calls 72558->72559 72560 7ff638113cfa 72559->72560 73122 7ff6381254c8 72560->73122 72563 7ff63811ad80 _wfindfirst32i64 8 API calls 72564 7ff6381137da 72563->72564 72564->72387 72565 7ff638117200 72564->72565 72566 7ff638117224 72565->72566 72567 7ff63811f934 73 API calls 72566->72567 72572 7ff6381172fb __vcrt_freefls 72566->72572 72568 7ff63811723e 72567->72568 72568->72572 73288 7ff638127938 72568->73288 72570 7ff63811f934 73 API calls 72573 7ff638117253 72570->72573 72571 7ff63811f5fc _fread_nolock 53 API calls 72571->72573 72572->72378 72573->72570 72573->72571 72573->72572 72575 7ff63811f2dc 72574->72575 73304 7ff63811f088 72575->73304 72577 7ff63811f2f5 72577->72387 72578->72340 72579->72358 72580->72340 72581->72380 72582->72388 72583->72396 72584->72405 72585->72375 72587 7ff638111b55 72586->72587 72588 7ff638123be4 49 API calls 72587->72588 72589 7ff638111b78 72588->72589 72589->72398 72590->72340 72591->72397 72592->72409 72593->72412 72594->72411 72595->72415 72596->72432 72597->72439 72598->72439 72599->72443 72601 7ff638113bac GetModuleFileNameW 72600->72601 72601->72447 72601->72448 72602->72451 72603->72452 72604->72451 72605->72467 72606->72471 72608 7ff6381117e4 72607->72608 72609 7ff6381117d4 72607->72609 72611 7ff638117200 83 API calls 72608->72611 72639 7ff638111842 72608->72639 72610 7ff638113cb0 116 API calls 72609->72610 72610->72608 72612 7ff638111815 72611->72612 72612->72639 72641 7ff63811f934 72612->72641 72614 7ff63811ad80 _wfindfirst32i64 8 API calls 72616 7ff6381119c0 72614->72616 72615 7ff63811182b 72617 7ff63811184c 72615->72617 72618 7ff63811182f 72615->72618 72616->72487 72616->72488 72645 7ff63811f5fc 72617->72645 72654 7ff6381124d0 59 API calls 3 library calls 72618->72654 72622 7ff63811f934 73 API calls 72624 7ff6381118d1 72622->72624 72625 7ff6381118fe 72624->72625 72626 7ff6381118e3 72624->72626 72627 7ff63811f5fc _fread_nolock 53 API calls 72625->72627 72656 7ff6381124d0 59 API calls 3 library calls 72626->72656 72629 7ff638111913 72627->72629 72630 7ff638111867 72629->72630 72631 7ff638111925 72629->72631 72655 7ff6381124d0 59 API calls 3 library calls 72630->72655 72648 7ff63811f370 72631->72648 72634 7ff63811193d 72657 7ff638112770 59 API calls 2 library calls 72634->72657 72636 7ff638111993 72637 7ff63811f2ac 74 API calls 72636->72637 72636->72639 72637->72639 72638 7ff638111950 72638->72636 72658 7ff638112770 59 API calls 2 library calls 72638->72658 72639->72614 72642 7ff63811f964 72641->72642 72659 7ff63811f6c4 72642->72659 72644 7ff63811f97d 72644->72615 72672 7ff63811f61c 72645->72672 72649 7ff63811f379 72648->72649 72650 7ff638111939 72648->72650 72688 7ff638124444 11 API calls _get_daylight 72649->72688 72650->72634 72650->72638 72652 7ff63811f37e 72689 7ff638129db0 37 API calls _invalid_parameter_noinfo 72652->72689 72654->72639 72655->72639 72656->72639 72657->72639 72658->72636 72660 7ff63811f72e 72659->72660 72661 7ff63811f6ee 72659->72661 72660->72661 72663 7ff63811f73a 72660->72663 72671 7ff638129ce4 37 API calls 2 library calls 72661->72671 72670 7ff6381242ec EnterCriticalSection 72663->72670 72664 7ff63811f715 72664->72644 72666 7ff63811f73f 72667 7ff63811f848 71 API calls 72666->72667 72668 7ff63811f751 72667->72668 72669 7ff6381242f8 _fread_nolock LeaveCriticalSection 72668->72669 72669->72664 72671->72664 72673 7ff63811f646 72672->72673 72684 7ff638111861 72672->72684 72674 7ff63811f692 72673->72674 72675 7ff63811f655 __scrt_get_show_window_mode 72673->72675 72673->72684 72685 7ff6381242ec EnterCriticalSection 72674->72685 72686 7ff638124444 11 API calls _get_daylight 72675->72686 72677 7ff63811f69a 72679 7ff63811f39c _fread_nolock 51 API calls 72677->72679 72681 7ff63811f6b1 72679->72681 72680 7ff63811f66a 72687 7ff638129db0 37 API calls _invalid_parameter_noinfo 72680->72687 72683 7ff6381242f8 _fread_nolock LeaveCriticalSection 72681->72683 72683->72684 72684->72622 72684->72630 72686->72680 72688->72652 72690->72499 72691->72502 72692->72498 72693->72505 72695 7ff638114970 72694->72695 72696 7ff638111b30 49 API calls 72695->72696 72697 7ff6381149a2 72696->72697 72698 7ff6381149cb 72697->72698 72699 7ff6381149ab 72697->72699 72700 7ff638114a22 72698->72700 72801 7ff638113d30 72698->72801 72814 7ff638112770 59 API calls 2 library calls 72699->72814 72703 7ff638113d30 49 API calls 72700->72703 72705 7ff638114a3b 72703->72705 72704 7ff6381149ec 72706 7ff638114a0a 72704->72706 72815 7ff638112770 59 API calls 2 library calls 72704->72815 72708 7ff638114a59 72705->72708 72816 7ff638112770 59 API calls 2 library calls 72705->72816 72804 7ff638113c40 72706->72804 72707 7ff63811ad80 _wfindfirst32i64 8 API calls 72712 7ff6381130be 72707->72712 72709 7ff6381171b0 58 API calls 72708->72709 72714 7ff638114a66 72709->72714 72712->72510 72722 7ff638114ce0 72712->72722 72716 7ff638114a6b 72714->72716 72717 7ff638114a8d 72714->72717 72817 7ff638112620 57 API calls 2 library calls 72716->72817 72818 7ff638113df0 112 API calls 72717->72818 72721 7ff6381149c1 72721->72707 72723 7ff638116990 61 API calls 72722->72723 72724 7ff638114cf5 72723->72724 72727 7ff638114d10 72724->72727 72846 7ff638112880 59 API calls 2 library calls 72724->72846 72725 7ff638117a30 57 API calls 72726 7ff638114d54 72725->72726 72729 7ff638114d59 72726->72729 72730 7ff638114d70 72726->72730 72727->72725 72847 7ff638112770 59 API calls 2 library calls 72729->72847 72733 7ff638117a30 57 API calls 72730->72733 72732 7ff638114d65 72732->72512 72734 7ff638114da5 72733->72734 72737 7ff638111b30 49 API calls 72734->72737 72748 7ff638114daa __vcrt_freefls 72734->72748 72736 7ff638114f51 72736->72512 72738 7ff638114e27 72737->72738 72739 7ff638114e2e 72738->72739 72740 7ff638114e53 72738->72740 72848 7ff638112770 59 API calls 2 library calls 72739->72848 72742 7ff638117a30 57 API calls 72740->72742 72744 7ff638114e6c 72742->72744 72743 7ff638114e43 72743->72512 72744->72748 72819 7ff638114ac0 72744->72819 72749 7ff638114f3a 72748->72749 72850 7ff638112770 59 API calls 2 library calls 72748->72850 72749->72512 72751 7ff6381146f7 72750->72751 72751->72751 72752 7ff638114720 72751->72752 72759 7ff638114737 __vcrt_freefls 72751->72759 72866 7ff638112770 59 API calls 2 library calls 72752->72866 72754 7ff63811472c 72754->72514 72755 7ff63811481b 72755->72514 72756 7ff6381112b0 122 API calls 72756->72759 72759->72755 72759->72756 72867 7ff638112770 59 API calls 2 library calls 72759->72867 72868 7ff638111780 59 API calls 72759->72868 72761 7ff638114947 72760->72761 72763 7ff63811485b 72760->72763 72761->72516 72763->72761 72764 7ff638112770 59 API calls 72763->72764 72869 7ff638111780 59 API calls 72763->72869 72764->72763 72766 7ff6381112c6 72765->72766 72767 7ff6381112f8 72765->72767 72769 7ff638113cb0 116 API calls 72766->72769 72768 7ff63811f934 73 API calls 72767->72768 72770 7ff63811130a 72768->72770 72771 7ff6381112d6 72769->72771 72772 7ff63811130e 72770->72772 72773 7ff63811132f 72770->72773 72771->72767 72774 7ff6381112de 72771->72774 72889 7ff6381124d0 59 API calls 3 library calls 72772->72889 72779 7ff638111364 72773->72779 72780 7ff638111344 72773->72780 72888 7ff638112770 59 API calls 2 library calls 72774->72888 72777 7ff638111325 72777->72527 72778 7ff6381112ee 72778->72527 72782 7ff63811137e 72779->72782 72783 7ff638111395 72779->72783 72890 7ff6381124d0 59 API calls 3 library calls 72780->72890 72870 7ff638111050 72782->72870 72785 7ff63811f5fc _fread_nolock 53 API calls 72783->72785 72787 7ff63811135f __vcrt_freefls 72783->72787 72789 7ff6381113de 72783->72789 72785->72783 72786 7ff638111421 72786->72527 72787->72786 72788 7ff63811f2ac 74 API calls 72787->72788 72788->72786 72891 7ff6381124d0 59 API calls 3 library calls 72789->72891 72791->72524 72792->72524 72793->72527 72794->72534 72795->72537 72796->72542 72797->72542 72798->72524 72799->72524 72800->72524 72802 7ff638111b30 49 API calls 72801->72802 72803 7ff638113d60 72802->72803 72803->72704 72805 7ff638113c4a 72804->72805 72806 7ff638117a30 57 API calls 72805->72806 72807 7ff638113c72 72806->72807 72808 7ff63811ad80 _wfindfirst32i64 8 API calls 72807->72808 72809 7ff638113c9a 72808->72809 72809->72700 72810 7ff6381171b0 72809->72810 72811 7ff638117a30 57 API calls 72810->72811 72812 7ff6381171c7 LoadLibraryW 72811->72812 72813 7ff6381171e4 __vcrt_freefls 72812->72813 72813->72700 72814->72721 72815->72706 72816->72708 72817->72721 72818->72721 72826 7ff638114ada 72819->72826 72820 7ff638114c91 72821 7ff63811ad80 _wfindfirst32i64 8 API calls 72820->72821 72823 7ff638114cb0 72821->72823 72849 7ff638117c30 59 API calls __vcrt_freefls 72823->72849 72825 7ff638114bf3 72825->72820 72853 7ff638129184 72825->72853 72826->72820 72826->72825 72828 7ff638114cc9 72826->72828 72851 7ff6381256d0 47 API calls 72826->72851 72852 7ff638111780 59 API calls 72826->72852 72863 7ff638112770 59 API calls 2 library calls 72828->72863 72832 7ff638114c16 72833 7ff638129184 _fread_nolock 37 API calls 72832->72833 72834 7ff638114c28 72833->72834 72860 7ff6381257dc 39 API calls 3 library calls 72834->72860 72836 7ff638114c34 72861 7ff638125d64 73 API calls 72836->72861 72838 7ff638114c46 72862 7ff638125d64 73 API calls 72838->72862 72840 7ff638114c58 72841 7ff638124f14 71 API calls 72840->72841 72842 7ff638114c69 72841->72842 72843 7ff638124f14 71 API calls 72842->72843 72844 7ff638114c7d 72843->72844 72845 7ff638124f14 71 API calls 72844->72845 72845->72820 72846->72727 72847->72732 72848->72743 72849->72748 72850->72736 72851->72826 72852->72826 72854 7ff63812918d 72853->72854 72855 7ff638114c0a 72853->72855 72864 7ff638124444 11 API calls _get_daylight 72854->72864 72859 7ff6381257dc 39 API calls 3 library calls 72855->72859 72857 7ff638129192 72865 7ff638129db0 37 API calls _invalid_parameter_noinfo 72857->72865 72859->72832 72860->72836 72861->72838 72862->72840 72863->72820 72864->72857 72866->72754 72867->72759 72868->72759 72869->72763 72871 7ff6381110a6 72870->72871 72872 7ff6381110ad 72871->72872 72873 7ff6381110d3 72871->72873 72896 7ff638112770 59 API calls 2 library calls 72872->72896 72876 7ff638111109 72873->72876 72877 7ff6381110ed 72873->72877 72875 7ff6381110c0 72875->72787 72879 7ff63811111b 72876->72879 72886 7ff638111137 memcpy_s 72876->72886 72897 7ff6381124d0 59 API calls 3 library calls 72877->72897 72898 7ff6381124d0 59 API calls 3 library calls 72879->72898 72881 7ff63811f5fc _fread_nolock 53 API calls 72881->72886 72882 7ff638111104 __vcrt_freefls 72882->72787 72883 7ff6381111fe 72899 7ff638112770 59 API calls 2 library calls 72883->72899 72886->72881 72886->72882 72886->72883 72887 7ff63811f370 37 API calls 72886->72887 72892 7ff63811fd3c 72886->72892 72887->72886 72888->72778 72889->72777 72890->72787 72891->72787 72893 7ff63811fd6c 72892->72893 72900 7ff63811fa8c 72893->72900 72895 7ff63811fd8a 72895->72886 72896->72875 72897->72882 72898->72882 72899->72882 72901 7ff63811fad9 72900->72901 72902 7ff63811faac 72900->72902 72901->72895 72902->72901 72903 7ff63811fab6 72902->72903 72904 7ff63811fae1 72902->72904 72914 7ff638129ce4 37 API calls 2 library calls 72903->72914 72907 7ff63811f9cc 72904->72907 72915 7ff6381242ec EnterCriticalSection 72907->72915 72909 7ff63811f9e9 72910 7ff63811fa0c 74 API calls 72909->72910 72911 7ff63811f9f2 72910->72911 72912 7ff6381242f8 _fread_nolock LeaveCriticalSection 72911->72912 72913 7ff63811f9fd 72912->72913 72913->72901 72914->72901 72917 7ff6381129a6 72916->72917 72918 7ff638111b30 49 API calls 72917->72918 72920 7ff6381129db 72918->72920 72919 7ff638112de1 72920->72919 72921 7ff638113b20 49 API calls 72920->72921 72922 7ff638112a4f 72921->72922 72974 7ff638112e00 72922->72974 72925 7ff638112aca 72927 7ff638112e00 75 API calls 72925->72927 72926 7ff638112a91 72982 7ff638116720 98 API calls 72926->72982 72929 7ff638112b1c 72927->72929 72931 7ff638112b86 72929->72931 72932 7ff638112b20 72929->72932 72930 7ff638112a99 72933 7ff638112aba 72930->72933 72983 7ff638116600 138 API calls 2 library calls 72930->72983 72937 7ff638112e00 75 API calls 72931->72937 72984 7ff638116720 98 API calls 72932->72984 72940 7ff638112ac3 72933->72940 72986 7ff638112770 59 API calls 2 library calls 72933->72986 72938 7ff638112bb2 72937->72938 72941 7ff638112c12 72938->72941 72942 7ff638112e00 75 API calls 72938->72942 72939 7ff638112b28 72939->72933 72985 7ff638116600 138 API calls 2 library calls 72939->72985 72945 7ff63811ad80 _wfindfirst32i64 8 API calls 72940->72945 72941->72919 72987 7ff638116720 98 API calls 72941->72987 72946 7ff638112be2 72942->72946 72948 7ff638112b7b 72945->72948 72946->72941 72950 7ff638112e00 75 API calls 72946->72950 72947 7ff638112b45 72947->72933 72949 7ff638112dc6 72947->72949 72948->72549 72991 7ff638112770 59 API calls 2 library calls 72949->72991 72950->72941 72951 7ff638111af0 59 API calls 72953 7ff638112c7f 72951->72953 72952 7ff638112c22 72952->72919 72952->72951 72964 7ff638112d3f 72952->72964 72953->72919 72956 7ff638111b30 49 API calls 72953->72956 72955 7ff638112d3a 72992 7ff638111ab0 74 API calls __vcrt_freefls 72955->72992 72958 7ff638112ca7 72956->72958 72958->72949 72960 7ff638111b30 49 API calls 72958->72960 72959 7ff638112dab 72959->72949 72990 7ff638111440 161 API calls 2 library calls 72959->72990 72961 7ff638112cd4 72960->72961 72961->72949 72963 7ff638111b30 49 API calls 72961->72963 72965 7ff638112d01 72963->72965 72964->72959 72989 7ff638111780 59 API calls 72964->72989 72965->72949 72967 7ff6381117b0 121 API calls 72965->72967 72968 7ff638112d23 72967->72968 72968->72964 72969 7ff638112d27 72968->72969 72988 7ff638112770 59 API calls 2 library calls 72969->72988 72971->72549 72972->72553 72973->72549 72975 7ff638112e34 72974->72975 72993 7ff638123be4 72975->72993 72978 7ff638112e6b 72980 7ff63811ad80 _wfindfirst32i64 8 API calls 72978->72980 72981 7ff638112a8d 72980->72981 72981->72925 72981->72926 72982->72930 72983->72933 72984->72939 72985->72947 72986->72940 72987->72952 72988->72955 72989->72964 72990->72959 72991->72955 72992->72919 72995 7ff638123c3e 72993->72995 72994 7ff638123c63 73028 7ff638129ce4 37 API calls 2 library calls 72994->73028 72995->72994 72997 7ff638123c9f 72995->72997 73029 7ff638121e70 49 API calls _invalid_parameter_noinfo 72997->73029 72999 7ff638123c8d 73001 7ff63811ad80 _wfindfirst32i64 8 API calls 72999->73001 73000 7ff638123d7c 73002 7ff638129e18 __free_lconv_num 11 API calls 73000->73002 73003 7ff638112e5a 73001->73003 73002->72999 73003->72978 73011 7ff638124e08 73003->73011 73004 7ff638123d36 73004->73000 73005 7ff638123d51 73004->73005 73006 7ff638123da0 73004->73006 73008 7ff638123d48 73004->73008 73030 7ff638129e18 73005->73030 73006->73000 73009 7ff638123daa 73006->73009 73008->73000 73008->73005 73010 7ff638129e18 __free_lconv_num 11 API calls 73009->73010 73010->72999 73012 7ff638124e31 73011->73012 73013 7ff638124e25 73011->73013 73062 7ff638124a1c 45 API calls __CxxCallCatchBlock 73012->73062 73037 7ff638124680 73013->73037 73016 7ff638124e2a 73016->72978 73017 7ff638124e59 73020 7ff638124e69 73017->73020 73063 7ff63812dfcc 5 API calls __crtLCMapStringW 73017->73063 73064 7ff638124504 14 API calls 3 library calls 73020->73064 73021 7ff638124ec1 73022 7ff638124ed9 73021->73022 73023 7ff638124ec5 73021->73023 73024 7ff638124680 69 API calls 73022->73024 73023->73016 73025 7ff638129e18 __free_lconv_num 11 API calls 73023->73025 73026 7ff638124ee5 73024->73026 73025->73016 73026->73016 73027 7ff638129e18 __free_lconv_num 11 API calls 73026->73027 73027->73016 73028->72999 73029->73004 73031 7ff638129e1d HeapFree 73030->73031 73035 7ff638129e4c 73030->73035 73032 7ff638129e38 GetLastError 73031->73032 73031->73035 73033 7ff638129e45 __free_lconv_num 73032->73033 73036 7ff638124444 11 API calls _get_daylight 73033->73036 73035->72999 73036->73035 73038 7ff6381246b7 73037->73038 73039 7ff63812469a 73037->73039 73038->73039 73040 7ff6381246ca CreateFileW 73038->73040 73091 7ff638124424 11 API calls _get_daylight 73039->73091 73042 7ff6381246fe 73040->73042 73043 7ff638124734 73040->73043 73065 7ff6381247d4 GetFileType 73042->73065 73094 7ff638124cf8 46 API calls 3 library calls 73043->73094 73044 7ff63812469f 73092 7ff638124444 11 API calls _get_daylight 73044->73092 73049 7ff638124739 73053 7ff638124768 73049->73053 73054 7ff63812473d 73049->73054 73050 7ff6381246a7 73093 7ff638129db0 37 API calls _invalid_parameter_noinfo 73050->73093 73051 7ff638124729 CloseHandle 73057 7ff6381246b2 73051->73057 73052 7ff638124713 CloseHandle 73052->73057 73096 7ff638124ab8 73053->73096 73095 7ff6381243b8 11 API calls 2 library calls 73054->73095 73057->73016 73061 7ff638124747 73061->73057 73062->73017 73063->73020 73064->73021 73066 7ff6381248df 73065->73066 73067 7ff638124822 73065->73067 73069 7ff6381248e7 73066->73069 73070 7ff638124909 73066->73070 73068 7ff63812484e GetFileInformationByHandle 73067->73068 73114 7ff638124bf4 21 API calls _fread_nolock 73067->73114 73073 7ff638124877 73068->73073 73074 7ff6381248fa GetLastError 73068->73074 73069->73074 73075 7ff6381248eb 73069->73075 73071 7ff63812492c PeekNamedPipe 73070->73071 73082 7ff6381248ca 73070->73082 73071->73082 73077 7ff638124ab8 51 API calls 73073->73077 73117 7ff6381243b8 11 API calls 2 library calls 73074->73117 73116 7ff638124444 11 API calls _get_daylight 73075->73116 73076 7ff63812483c 73076->73068 73076->73082 73081 7ff638124882 73077->73081 73080 7ff63811ad80 _wfindfirst32i64 8 API calls 73083 7ff63812470c 73080->73083 73107 7ff63812497c 73081->73107 73082->73080 73083->73051 73083->73052 73086 7ff63812497c 10 API calls 73087 7ff6381248a1 73086->73087 73088 7ff63812497c 10 API calls 73087->73088 73089 7ff6381248b2 73088->73089 73089->73082 73115 7ff638124444 11 API calls _get_daylight 73089->73115 73091->73044 73092->73050 73094->73049 73095->73061 73098 7ff638124ae0 73096->73098 73097 7ff638124775 73106 7ff638124bf4 21 API calls _fread_nolock 73097->73106 73098->73097 73118 7ff63812e674 51 API calls 2 library calls 73098->73118 73100 7ff638124b74 73100->73097 73119 7ff63812e674 51 API calls 2 library calls 73100->73119 73102 7ff638124b87 73102->73097 73120 7ff63812e674 51 API calls 2 library calls 73102->73120 73104 7ff638124b9a 73104->73097 73121 7ff63812e674 51 API calls 2 library calls 73104->73121 73106->73061 73108 7ff638124998 73107->73108 73109 7ff6381249a5 FileTimeToSystemTime 73107->73109 73108->73109 73111 7ff6381249a0 73108->73111 73110 7ff6381249b9 SystemTimeToTzSpecificLocalTime 73109->73110 73109->73111 73110->73111 73112 7ff63811ad80 _wfindfirst32i64 8 API calls 73111->73112 73113 7ff638124891 73112->73113 73113->73086 73114->73076 73115->73082 73116->73082 73117->73082 73118->73100 73119->73102 73120->73104 73121->73097 73123 7ff6381253fc 73122->73123 73124 7ff638125422 73123->73124 73127 7ff638125455 73123->73127 73153 7ff638124444 11 API calls _get_daylight 73124->73153 73126 7ff638125427 73154 7ff638129db0 37 API calls _invalid_parameter_noinfo 73126->73154 73129 7ff638125468 73127->73129 73130 7ff63812545b 73127->73130 73141 7ff63812a0f8 73129->73141 73155 7ff638124444 11 API calls _get_daylight 73130->73155 73131 7ff638113d09 73131->72563 73135 7ff638125489 73148 7ff63812f49c 73135->73148 73136 7ff63812547c 73156 7ff638124444 11 API calls _get_daylight 73136->73156 73139 7ff63812549c 73157 7ff6381242f8 LeaveCriticalSection 73139->73157 73158 7ff63812f788 EnterCriticalSection 73141->73158 73143 7ff63812a10f 73144 7ff63812a16c 19 API calls 73143->73144 73145 7ff63812a11a 73144->73145 73146 7ff63812f7e8 _isindst LeaveCriticalSection 73145->73146 73147 7ff638125472 73146->73147 73147->73135 73147->73136 73159 7ff63812f198 73148->73159 73151 7ff63812f4f6 73151->73139 73153->73126 73155->73131 73156->73131 73164 7ff63812f1d3 __vcrt_InitializeCriticalSectionEx 73159->73164 73160 7ff63812f39a 73165 7ff63812f3a3 73160->73165 73177 7ff638124444 11 API calls _get_daylight 73160->73177 73162 7ff63812f471 73178 7ff638129db0 37 API calls _invalid_parameter_noinfo 73162->73178 73164->73160 73174 7ff638135474 51 API calls 3 library calls 73164->73174 73165->73151 73171 7ff63813615c 73165->73171 73167 7ff63812f405 73167->73160 73175 7ff638135474 51 API calls 3 library calls 73167->73175 73169 7ff63812f424 73169->73160 73176 7ff638135474 51 API calls 3 library calls 73169->73176 73179 7ff63813575c 73171->73179 73174->73167 73175->73169 73176->73160 73177->73162 73180 7ff638135791 73179->73180 73181 7ff638135773 73179->73181 73180->73181 73184 7ff6381357ad 73180->73184 73233 7ff638124444 11 API calls _get_daylight 73181->73233 73183 7ff638135778 73234 7ff638129db0 37 API calls _invalid_parameter_noinfo 73183->73234 73190 7ff638135d6c 73184->73190 73188 7ff638135784 73188->73151 73236 7ff638135aa0 73190->73236 73193 7ff638135df9 73255 7ff638126cfc 73193->73255 73194 7ff638135de1 73267 7ff638124424 11 API calls _get_daylight 73194->73267 73197 7ff638135de6 73268 7ff638124444 11 API calls _get_daylight 73197->73268 73225 7ff6381357d8 73225->73188 73235 7ff638126cd4 LeaveCriticalSection 73225->73235 73233->73183 73237 7ff638135acc 73236->73237 73241 7ff638135ae6 73236->73241 73237->73241 73280 7ff638124444 11 API calls _get_daylight 73237->73280 73239 7ff638135adb 73281 7ff638129db0 37 API calls _invalid_parameter_noinfo 73239->73281 73243 7ff638135b64 73241->73243 73282 7ff638124444 11 API calls _get_daylight 73241->73282 73242 7ff638135bb5 73253 7ff638135c12 73242->73253 73286 7ff63812576c 37 API calls 2 library calls 73242->73286 73243->73242 73284 7ff638124444 11 API calls _get_daylight 73243->73284 73246 7ff638135c0e 73251 7ff638129dd0 _wfindfirst32i64 17 API calls 73246->73251 73246->73253 73248 7ff638135baa 73285 7ff638129db0 37 API calls _invalid_parameter_noinfo 73248->73285 73249 7ff638135b59 73283 7ff638129db0 37 API calls _invalid_parameter_noinfo 73249->73283 73254 7ff638135ca5 73251->73254 73253->73193 73253->73194 73287 7ff63812f788 EnterCriticalSection 73255->73287 73267->73197 73268->73225 73280->73239 73282->73249 73284->73248 73286->73246 73289 7ff638127968 73288->73289 73292 7ff638127444 73289->73292 73291 7ff638127981 73291->72573 73293 7ff63812745f 73292->73293 73294 7ff63812748e 73292->73294 73303 7ff638129ce4 37 API calls 2 library calls 73293->73303 73302 7ff6381242ec EnterCriticalSection 73294->73302 73297 7ff638127493 73298 7ff6381274b0 38 API calls 73297->73298 73299 7ff63812749f 73298->73299 73300 7ff6381242f8 _fread_nolock LeaveCriticalSection 73299->73300 73301 7ff63812747f 73300->73301 73301->73291 73303->73301 73305 7ff63811f0d1 73304->73305 73306 7ff63811f0a3 73304->73306 73313 7ff63811f0c3 73305->73313 73314 7ff6381242ec EnterCriticalSection 73305->73314 73315 7ff638129ce4 37 API calls 2 library calls 73306->73315 73309 7ff63811f0e8 73310 7ff63811f104 72 API calls 73309->73310 73311 7ff63811f0f4 73310->73311 73312 7ff6381242f8 _fread_nolock LeaveCriticalSection 73311->73312 73312->73313 73313->72577 73315->73313 73316 7ffedcde2b58 73317 7ffedcfd9550 73316->73317 73318 7ffedcfd955a TlsFree 73317->73318 73319 7ff63811a620 73320 7ff63811a643 73319->73320 73321 7ff63811a65f memcpy_s 73319->73321 73323 7ff63812cacc 73320->73323 73324 7ff63812cb17 73323->73324 73325 7ff63812cadb _get_daylight 73323->73325 73331 7ff638124444 11 API calls _get_daylight 73324->73331 73325->73324 73326 7ff63812cafe RtlAllocateHeap 73325->73326 73330 7ff6381326b0 EnterCriticalSection LeaveCriticalSection _get_daylight 73325->73330 73326->73325 73328 7ff63812cb15 73326->73328 73328->73321 73330->73325 73331->73328

                                                  Executed Functions

                                                  Function 00007FF638134E20 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 110 7ff638134e20-7ff638134e5b call 7ff6381347a8 call 7ff6381347b0 call 7ff638134818 117 7ff638134e61-7ff638134e6c call 7ff6381347b8 110->117 118 7ff638135085-7ff6381350d1 call 7ff638129dd0 call 7ff6381347a8 call 7ff6381347b0 call 7ff638134818 110->118 117->118 124 7ff638134e72-7ff638134e7c 117->124 144 7ff6381350d7-7ff6381350e2 call 7ff6381347b8 118->144 145 7ff63813520f-7ff63813527d call 7ff638129dd0 call 7ff6381306b8 118->145 126 7ff638134e9e-7ff638134ea2 124->126 127 7ff638134e7e-7ff638134e81 124->127 128 7ff638134ea5-7ff638134ead 126->128 130 7ff638134e84-7ff638134e8f 127->130 128->128 131 7ff638134eaf-7ff638134ec2 call 7ff63812cacc 128->131 133 7ff638134e9a-7ff638134e9c 130->133 134 7ff638134e91-7ff638134e98 130->134 140 7ff638134eda-7ff638134ee6 call 7ff638129e18 131->140 141 7ff638134ec4-7ff638134ec6 call 7ff638129e18 131->141 133->126 137 7ff638134ecb-7ff638134ed9 133->137 134->130 134->133 151 7ff638134eed-7ff638134ef5 140->151 141->137 144->145 153 7ff6381350e8-7ff6381350f3 call 7ff6381347e8 144->153 162 7ff63813528b-7ff63813528e 145->162 163 7ff63813527f-7ff638135286 145->163 151->151 154 7ff638134ef7-7ff638134f08 call 7ff63812f924 151->154 153->145 164 7ff6381350f9-7ff63813511c call 7ff638129e18 GetTimeZoneInformation 153->164 154->118 165 7ff638134f0e-7ff638134f64 call 7ff63811c210 * 4 call 7ff638134d3c 154->165 168 7ff638135290 162->168 169 7ff6381352c5-7ff6381352d8 call 7ff63812cacc 162->169 167 7ff63813531b-7ff63813531e 163->167 177 7ff6381351e4-7ff63813520e call 7ff6381347a0 call 7ff638134790 call 7ff638134798 164->177 178 7ff638135122-7ff638135143 164->178 222 7ff638134f66-7ff638134f6a 165->222 173 7ff638135293 call 7ff63813509c 167->173 174 7ff638135324-7ff63813532c call 7ff638134e20 167->174 168->173 186 7ff6381352da 169->186 187 7ff6381352e3-7ff6381352fe call 7ff6381306b8 169->187 189 7ff638135298-7ff6381352c4 call 7ff638129e18 call 7ff63811ad80 173->189 174->189 183 7ff63813514e-7ff638135155 178->183 184 7ff638135145-7ff63813514b 178->184 190 7ff638135169 183->190 191 7ff638135157-7ff63813515f 183->191 184->183 193 7ff6381352dc-7ff6381352e1 call 7ff638129e18 186->193 208 7ff638135300-7ff638135303 187->208 209 7ff638135305-7ff638135317 call 7ff638129e18 187->209 200 7ff63813516b-7ff6381351df call 7ff63811c210 * 4 call 7ff638131c7c call 7ff638135334 * 2 190->200 191->190 197 7ff638135161-7ff638135167 191->197 193->168 197->200 200->177 208->193 209->167 224 7ff638134f6c 222->224 225 7ff638134f70-7ff638134f74 222->225 224->225 225->222 227 7ff638134f76-7ff638134f9b call 7ff638137c64 225->227 233 7ff638134f9e-7ff638134fa2 227->233 235 7ff638134fb1-7ff638134fb5 233->235 236 7ff638134fa4-7ff638134faf 233->236 235->233 236->235 238 7ff638134fb7-7ff638134fbb 236->238 241 7ff63813503c-7ff638135040 238->241 242 7ff638134fbd-7ff638134fe5 call 7ff638137c64 238->242 243 7ff638135047-7ff638135054 241->243 244 7ff638135042-7ff638135044 241->244 250 7ff638134fe7 242->250 251 7ff638135003-7ff638135007 242->251 246 7ff638135056-7ff63813506c call 7ff638134d3c 243->246 247 7ff63813506f-7ff63813507e call 7ff6381347a0 call 7ff638134790 243->247 244->243 246->247 247->118 254 7ff638134fea-7ff638134ff1 250->254 251->241 256 7ff638135009-7ff638135027 call 7ff638137c64 251->256 254->251 257 7ff638134ff3-7ff638135001 254->257 262 7ff638135033-7ff63813503a 256->262 257->251 257->254 262->241 263 7ff638135029-7ff63813502d 262->263 263->241 264 7ff63813502f 263->264 264->262
                                                  APIs
                                                  • _get_daylight.LIBCMT ref: 00007FF638134E65
                                                    • Part of subcall function 00007FF6381347B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6381347CC
                                                    • Part of subcall function 00007FF638129E18: HeapFree.KERNEL32(?,?,?,00007FF638131E42,?,?,?,00007FF638131E7F,?,?,00000000,00007FF638132345,?,?,?,00007FF638132277), ref: 00007FF638129E2E
                                                    • Part of subcall function 00007FF638129E18: GetLastError.KERNEL32(?,?,?,00007FF638131E42,?,?,?,00007FF638131E7F,?,?,00000000,00007FF638132345,?,?,?,00007FF638132277), ref: 00007FF638129E38
                                                    • Part of subcall function 00007FF638129DD0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF638129DAF,?,?,?,?,?,00007FF6381221EC), ref: 00007FF638129DD9
                                                    • Part of subcall function 00007FF638129DD0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF638129DAF,?,?,?,?,?,00007FF6381221EC), ref: 00007FF638129DFE
                                                  • _get_daylight.LIBCMT ref: 00007FF638134E54
                                                    • Part of subcall function 00007FF638134818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF63813482C
                                                  • _get_daylight.LIBCMT ref: 00007FF6381350CA
                                                  • _get_daylight.LIBCMT ref: 00007FF6381350DB
                                                  • _get_daylight.LIBCMT ref: 00007FF6381350EC
                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF63813532C), ref: 00007FF638135113
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                  • API String ID: 4070488512-239921721
                                                  • Opcode ID: a9f1dad40c5644c1829df854b35cf2cff202b4769108a1d535aac39d904cb9be
                                                  • Instruction ID: 5726fed40908caf983000ade77bf3c75cd33b17212a11180574e53c25d2e04a3
                                                  • Opcode Fuzzy Hash: a9f1dad40c5644c1829df854b35cf2cff202b4769108a1d535aac39d904cb9be
                                                  • Instruction Fuzzy Hash: 2FD1CE27A0824386EB20AF35D8415F967A1FF94B94F444035EA0DC7789DF7EE981E748
                                                  Function 00007FF638135D6C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 392 7ff638135d6c-7ff638135ddf call 7ff638135aa0 395 7ff638135df9-7ff638135e03 call 7ff638126cfc 392->395 396 7ff638135de1-7ff638135dea call 7ff638124424 392->396 402 7ff638135e1e-7ff638135e87 CreateFileW 395->402 403 7ff638135e05-7ff638135e1c call 7ff638124424 call 7ff638124444 395->403 401 7ff638135ded-7ff638135df4 call 7ff638124444 396->401 419 7ff63813613a-7ff63813615a 401->419 405 7ff638135e89-7ff638135e8f 402->405 406 7ff638135f04-7ff638135f0f GetFileType 402->406 403->401 409 7ff638135ed1-7ff638135eff GetLastError call 7ff6381243b8 405->409 410 7ff638135e91-7ff638135e95 405->410 412 7ff638135f11-7ff638135f4c GetLastError call 7ff6381243b8 CloseHandle 406->412 413 7ff638135f62-7ff638135f69 406->413 409->401 410->409 417 7ff638135e97-7ff638135ecf CreateFileW 410->417 412->401 427 7ff638135f52-7ff638135f5d call 7ff638124444 412->427 415 7ff638135f6b-7ff638135f6f 413->415 416 7ff638135f71-7ff638135f74 413->416 422 7ff638135f7a-7ff638135fcf call 7ff638126c14 415->422 416->422 423 7ff638135f76 416->423 417->406 417->409 431 7ff638135fd1-7ff638135fdd call 7ff638135ca8 422->431 432 7ff638135fee-7ff63813601f call 7ff638135820 422->432 423->422 427->401 431->432 439 7ff638135fdf 431->439 437 7ff638136021-7ff638136023 432->437 438 7ff638136025-7ff638136067 432->438 440 7ff638135fe1-7ff638135fe9 call 7ff638129f90 437->440 441 7ff638136089-7ff638136094 438->441 442 7ff638136069-7ff63813606d 438->442 439->440 440->419 444 7ff638136138 441->444 445 7ff63813609a-7ff63813609e 441->445 442->441 443 7ff63813606f-7ff638136084 442->443 443->441 444->419 445->444 447 7ff6381360a4-7ff6381360e9 CloseHandle CreateFileW 445->447 449 7ff6381360eb-7ff638136119 GetLastError call 7ff6381243b8 call 7ff638126e3c 447->449 450 7ff63813611e-7ff638136133 447->450 449->450 450->444
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                  • String ID:
                                                  • API String ID: 1617910340-0
                                                  • Opcode ID: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                  • Instruction ID: 1b6c35f1d951f25347a471b9c5886f4e51a30ac52c08017ca329969b6bed6817
                                                  • Opcode Fuzzy Hash: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                  • Instruction Fuzzy Hash: E8C1BE33B28A4286EB11CF78C8906EC3761FB49B98F110239DA1E97799CF7AD451E304
                                                  Function 00007FF63813509C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 799 7ff63813509c-7ff6381350d1 call 7ff6381347a8 call 7ff6381347b0 call 7ff638134818 806 7ff6381350d7-7ff6381350e2 call 7ff6381347b8 799->806 807 7ff63813520f-7ff63813527d call 7ff638129dd0 call 7ff6381306b8 799->807 806->807 812 7ff6381350e8-7ff6381350f3 call 7ff6381347e8 806->812 818 7ff63813528b-7ff63813528e 807->818 819 7ff63813527f-7ff638135286 807->819 812->807 820 7ff6381350f9-7ff63813511c call 7ff638129e18 GetTimeZoneInformation 812->820 822 7ff638135290 818->822 823 7ff6381352c5-7ff6381352d8 call 7ff63812cacc 818->823 821 7ff63813531b-7ff63813531e 819->821 830 7ff6381351e4-7ff63813520e call 7ff6381347a0 call 7ff638134790 call 7ff638134798 820->830 831 7ff638135122-7ff638135143 820->831 826 7ff638135293 call 7ff63813509c 821->826 827 7ff638135324-7ff63813532c call 7ff638134e20 821->827 822->826 837 7ff6381352da 823->837 838 7ff6381352e3-7ff6381352fe call 7ff6381306b8 823->838 840 7ff638135298-7ff6381352c4 call 7ff638129e18 call 7ff63811ad80 826->840 827->840 835 7ff63813514e-7ff638135155 831->835 836 7ff638135145-7ff63813514b 831->836 841 7ff638135169 835->841 842 7ff638135157-7ff63813515f 835->842 836->835 843 7ff6381352dc-7ff6381352e1 call 7ff638129e18 837->843 856 7ff638135300-7ff638135303 838->856 857 7ff638135305-7ff638135317 call 7ff638129e18 838->857 849 7ff63813516b-7ff6381351df call 7ff63811c210 * 4 call 7ff638131c7c call 7ff638135334 * 2 841->849 842->841 847 7ff638135161-7ff638135167 842->847 843->822 847->849 849->830 856->843 857->821
                                                  APIs
                                                  • _get_daylight.LIBCMT ref: 00007FF6381350CA
                                                    • Part of subcall function 00007FF638134818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF63813482C
                                                  • _get_daylight.LIBCMT ref: 00007FF6381350DB
                                                    • Part of subcall function 00007FF6381347B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6381347CC
                                                  • _get_daylight.LIBCMT ref: 00007FF6381350EC
                                                    • Part of subcall function 00007FF6381347E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6381347FC
                                                    • Part of subcall function 00007FF638129E18: HeapFree.KERNEL32(?,?,?,00007FF638131E42,?,?,?,00007FF638131E7F,?,?,00000000,00007FF638132345,?,?,?,00007FF638132277), ref: 00007FF638129E2E
                                                    • Part of subcall function 00007FF638129E18: GetLastError.KERNEL32(?,?,?,00007FF638131E42,?,?,?,00007FF638131E7F,?,?,00000000,00007FF638132345,?,?,?,00007FF638132277), ref: 00007FF638129E38
                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF63813532C), ref: 00007FF638135113
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                  • API String ID: 3458911817-239921721
                                                  • Opcode ID: 8dda7e1bb43cce3069c61b2343a9d469707a009ccb87a98b23344d3931a91aef
                                                  • Instruction ID: b3236a8346e95905bb0de8bcb1dac17936830276dfd08a3cd69b9f2f5ad55781
                                                  • Opcode Fuzzy Hash: 8dda7e1bb43cce3069c61b2343a9d469707a009ccb87a98b23344d3931a91aef
                                                  • Instruction Fuzzy Hash: B1519E37A1864386E720EF31E8815E96760FB98B84F404136EA4DC3796DF7EE941E748
                                                  Function 00007FF6381117B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                  • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                  • API String ID: 2153230061-4158440160
                                                  • Opcode ID: d057c7a586b6418f44a1573e85536894cbdb7dc318d61cada40fb3e1faf14b06
                                                  • Instruction ID: d63ce2dc3a4a0aaf1ad77b7751da7da216d6f327851263ce8032515c5d7f6c69
                                                  • Opcode Fuzzy Hash: d057c7a586b6418f44a1573e85536894cbdb7dc318d61cada40fb3e1faf14b06
                                                  • Instruction Fuzzy Hash: 1D516BB3A09A0786EB54CF38D4502B873A0FB68B88B519135DA1DC3799DF7EE940D748
                                                  Function 00007FF6381112B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Message
                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                  • API String ID: 2030045667-3659356012
                                                  • Opcode ID: 58d866eab75a513ff850216775826fff7e54eedcc9f6fc09c2a349faeafb4d28
                                                  • Instruction ID: 218d73ee33a384e23c688c3d49341f08218583d8119f08dd1759b94404f18382
                                                  • Opcode Fuzzy Hash: 58d866eab75a513ff850216775826fff7e54eedcc9f6fc09c2a349faeafb4d28
                                                  • Instruction Fuzzy Hash: F2418223A08A4381EA54DB31B8402EAA3A0FF64B94F545431DE4D87B55EF7EE581E308
                                                  Function 00007FF638111000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 455 7ff638111000-7ff638113686 call 7ff63811f080 call 7ff63811f078 call 7ff638117600 call 7ff63811f078 call 7ff63811adb0 call 7ff638124270 call 7ff638124f14 call 7ff638111af0 473 7ff63811379a 455->473 474 7ff63811368c-7ff63811369b call 7ff638113ba0 455->474 475 7ff63811379f-7ff6381137bf call 7ff63811ad80 473->475 474->473 480 7ff6381136a1-7ff6381136b4 call 7ff638113a70 474->480 480->473 483 7ff6381136ba-7ff6381136cd call 7ff638113b20 480->483 483->473 486 7ff6381136d3-7ff6381136fa call 7ff638116990 483->486 489 7ff63811373c-7ff638113764 call 7ff638116f90 call 7ff6381119d0 486->489 490 7ff6381136fc-7ff63811370b call 7ff638116990 486->490 500 7ff63811376a-7ff638113780 call 7ff6381119d0 489->500 501 7ff63811384d-7ff63811385e 489->501 490->489 495 7ff63811370d-7ff638113713 490->495 498 7ff63811371f-7ff638113739 call 7ff63812409c call 7ff638116f90 495->498 499 7ff638113715-7ff63811371d 495->499 498->489 499->498 512 7ff6381137c0-7ff6381137c3 500->512 513 7ff638113782-7ff638113795 call 7ff638112770 500->513 505 7ff638113860-7ff63811386a call 7ff638113280 501->505 506 7ff638113873-7ff63811388b call 7ff638117a30 501->506 520 7ff6381138ab-7ff6381138b8 call 7ff638115e40 505->520 521 7ff63811386c 505->521 516 7ff63811388d-7ff638113899 call 7ff638112770 506->516 517 7ff63811389e-7ff6381138a5 SetDllDirectoryW 506->517 512->501 519 7ff6381137c9-7ff6381137e0 call 7ff638113cb0 512->519 513->473 516->473 517->520 530 7ff6381137e7-7ff638113813 call 7ff638117200 519->530 531 7ff6381137e2-7ff6381137e5 519->531 528 7ff638113906-7ff63811390b call 7ff638115dc0 520->528 529 7ff6381138ba-7ff6381138ca call 7ff638115ae0 520->529 521->506 538 7ff638113910-7ff638113913 528->538 529->528 545 7ff6381138cc-7ff6381138db call 7ff638115640 529->545 540 7ff63811383d-7ff63811384b 530->540 541 7ff638113815-7ff63811381d call 7ff63811f2ac 530->541 535 7ff638113822-7ff638113838 call 7ff638112770 531->535 535->473 543 7ff6381139c6-7ff6381139ce call 7ff638113110 538->543 544 7ff638113919-7ff638113926 538->544 540->505 541->535 554 7ff6381139d3-7ff6381139d5 543->554 547 7ff638113930-7ff63811393a 544->547 558 7ff6381138fc-7ff638113901 call 7ff638115890 545->558 559 7ff6381138dd-7ff6381138e9 call 7ff6381155d0 545->559 551 7ff63811393c-7ff638113941 547->551 552 7ff638113943-7ff638113945 547->552 551->547 551->552 556 7ff638113947-7ff63811396a call 7ff638111b30 552->556 557 7ff638113991-7ff6381139a6 call 7ff638113270 call 7ff6381130b0 call 7ff638113260 552->557 554->473 555 7ff6381139db-7ff638113a12 call 7ff638116f20 call 7ff638116990 call 7ff6381153e0 554->555 555->473 582 7ff638113a18-7ff638113a4d call 7ff638113270 call 7ff638116fd0 call 7ff638115890 call 7ff638115dc0 555->582 556->473 569 7ff638113970-7ff63811397b 556->569 581 7ff6381139ab-7ff6381139c1 call 7ff638115890 call 7ff638115dc0 557->581 558->528 559->558 570 7ff6381138eb-7ff6381138fa call 7ff638115c90 559->570 573 7ff638113980-7ff63811398f 569->573 570->538 573->557 573->573 581->475 595 7ff638113a57-7ff638113a61 call 7ff638111ab0 582->595 596 7ff638113a4f-7ff638113a52 call 7ff638116c90 582->596 595->475 596->595
                                                  APIs
                                                    • Part of subcall function 00007FF638113BA0: GetModuleFileNameW.KERNEL32(?,00007FF638113699), ref: 00007FF638113BD1
                                                  • SetDllDirectoryW.KERNEL32 ref: 00007FF6381138A5
                                                    • Part of subcall function 00007FF638116990: GetEnvironmentVariableW.KERNEL32(00007FF6381136E7), ref: 00007FF6381169CA
                                                    • Part of subcall function 00007FF638116990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6381169E7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                  • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                  • API String ID: 2344891160-3602715111
                                                  • Opcode ID: 27ad38b619ca65cf917105344e198efe824b9d869038f5812e5eb09a497d4259
                                                  • Instruction ID: df1d32d35723ec5705babb8199433c997febc20f5b4a6ff35690f32a774f3722
                                                  • Opcode Fuzzy Hash: 27ad38b619ca65cf917105344e198efe824b9d869038f5812e5eb09a497d4259
                                                  • Instruction Fuzzy Hash: 8CB1B363A1CA8341FE64AB3198512FD6391BFA4784F404135EA4DC779EEF2EE605E708
                                                  Function 00007FF638111050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 600 7ff638111050-7ff6381110ab call 7ff63811a610 603 7ff6381110ad-7ff6381110d2 call 7ff638112770 600->603 604 7ff6381110d3-7ff6381110eb call 7ff6381240b0 600->604 609 7ff638111109-7ff638111119 call 7ff6381240b0 604->609 610 7ff6381110ed-7ff638111104 call 7ff6381124d0 604->610 616 7ff638111137-7ff638111147 609->616 617 7ff63811111b-7ff638111132 call 7ff6381124d0 609->617 615 7ff63811126c-7ff6381112a0 call 7ff63811a2f0 call 7ff63812409c * 2 610->615 620 7ff638111150-7ff638111175 call 7ff63811f5fc 616->620 617->615 626 7ff63811117b-7ff638111185 call 7ff63811f370 620->626 627 7ff63811125e 620->627 626->627 634 7ff63811118b-7ff638111197 626->634 629 7ff638111264 627->629 629->615 635 7ff6381111a0-7ff6381111c8 call 7ff638118a60 634->635 638 7ff6381111ca-7ff6381111cd 635->638 639 7ff638111241-7ff63811125c call 7ff638112770 635->639 640 7ff63811123c 638->640 641 7ff6381111cf-7ff6381111d9 638->641 639->629 640->639 643 7ff6381111db-7ff6381111e8 call 7ff63811fd3c 641->643 644 7ff638111203-7ff638111206 641->644 651 7ff6381111ed-7ff6381111f0 643->651 646 7ff638111208-7ff638111216 call 7ff63811bb60 644->646 647 7ff638111219-7ff63811121e 644->647 646->647 647->635 650 7ff638111220-7ff638111223 647->650 653 7ff638111237-7ff63811123a 650->653 654 7ff638111225-7ff638111228 650->654 655 7ff6381111fe-7ff638111201 651->655 656 7ff6381111f2-7ff6381111fc call 7ff63811f370 651->656 653->629 654->639 657 7ff63811122a-7ff638111232 654->657 655->639 656->647 656->655 657->620
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Message
                                                  • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                  • API String ID: 2030045667-1655038675
                                                  • Opcode ID: f829e651a6440e1a316b2bba962053dbf5baa95b50ddb2772be0d08842a76e57
                                                  • Instruction ID: 23d57d1fcf1949ed2fdd74423ec823205b9ee62d73bd9b07e57cb5e8ae77be9e
                                                  • Opcode Fuzzy Hash: f829e651a6440e1a316b2bba962053dbf5baa95b50ddb2772be0d08842a76e57
                                                  • Instruction Fuzzy Hash: 8251E263A0CA8381EAA09B71E4403FAA391FBA4794F545131DE4DC7785EF3EE545E708
                                                  Function 00007FF63812DDB8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • FreeLibrary.KERNEL32(?,00000000,?,00007FF63812E152,?,?,-00000018,00007FF63812A223,?,?,?,00007FF63812A11A,?,?,?,00007FF638125472), ref: 00007FF63812DF34
                                                  • GetProcAddress.KERNEL32(?,00000000,?,00007FF63812E152,?,?,-00000018,00007FF63812A223,?,?,?,00007FF63812A11A,?,?,?,00007FF638125472), ref: 00007FF63812DF40
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeLibraryProc
                                                  • String ID: api-ms-$ext-ms-
                                                  • API String ID: 3013587201-537541572
                                                  • Opcode ID: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                  • Instruction ID: 4b3445ea8daf155c57069d4b500b1ab831f471465923a5836dd2bc6f1921be75
                                                  • Opcode Fuzzy Hash: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                  • Instruction Fuzzy Hash: AA41B063B19A1781FA56CB36D8009E92391BF56BA0F594135DD0DC7788EE3EE845E308
                                                  Function 00007FF63812AF2C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 686 7ff63812af2c-7ff63812af52 687 7ff63812af6d-7ff63812af71 686->687 688 7ff63812af54-7ff63812af68 call 7ff638124424 call 7ff638124444 686->688 690 7ff63812b347-7ff63812b353 call 7ff638124424 call 7ff638124444 687->690 691 7ff63812af77-7ff63812af7e 687->691 704 7ff63812b35e 688->704 710 7ff63812b359 call 7ff638129db0 690->710 691->690 693 7ff63812af84-7ff63812afb2 691->693 693->690 696 7ff63812afb8-7ff63812afbf 693->696 699 7ff63812afd8-7ff63812afdb 696->699 700 7ff63812afc1-7ff63812afd3 call 7ff638124424 call 7ff638124444 696->700 702 7ff63812afe1-7ff63812afe7 699->702 703 7ff63812b343-7ff63812b345 699->703 700->710 702->703 708 7ff63812afed-7ff63812aff0 702->708 707 7ff63812b361-7ff63812b378 703->707 704->707 708->700 711 7ff63812aff2-7ff63812b017 708->711 710->704 714 7ff63812b019-7ff63812b01b 711->714 715 7ff63812b04a-7ff63812b051 711->715 717 7ff63812b01d-7ff63812b024 714->717 718 7ff63812b042-7ff63812b048 714->718 719 7ff63812b026-7ff63812b03d call 7ff638124424 call 7ff638124444 call 7ff638129db0 715->719 720 7ff63812b053-7ff63812b07b call 7ff63812cacc call 7ff638129e18 * 2 715->720 717->718 717->719 722 7ff63812b0c8-7ff63812b0df 718->722 751 7ff63812b1d0 719->751 747 7ff63812b098-7ff63812b0c3 call 7ff63812b754 720->747 748 7ff63812b07d-7ff63812b093 call 7ff638124444 call 7ff638124424 720->748 726 7ff63812b15a-7ff63812b164 call 7ff638132a3c 722->726 727 7ff63812b0e1-7ff63812b0e9 722->727 739 7ff63812b16a-7ff63812b17f 726->739 740 7ff63812b1ee 726->740 727->726 731 7ff63812b0eb-7ff63812b0ed 727->731 731->726 732 7ff63812b0ef-7ff63812b105 731->732 732->726 736 7ff63812b107-7ff63812b113 732->736 736->726 741 7ff63812b115-7ff63812b117 736->741 739->740 745 7ff63812b181-7ff63812b193 GetConsoleMode 739->745 743 7ff63812b1f3-7ff63812b213 ReadFile 740->743 741->726 746 7ff63812b119-7ff63812b131 741->746 749 7ff63812b219-7ff63812b221 743->749 750 7ff63812b30d-7ff63812b316 GetLastError 743->750 745->740 752 7ff63812b195-7ff63812b19d 745->752 746->726 756 7ff63812b133-7ff63812b13f 746->756 747->722 748->751 749->750 758 7ff63812b227 749->758 753 7ff63812b318-7ff63812b32e call 7ff638124444 call 7ff638124424 750->753 754 7ff63812b333-7ff63812b336 750->754 755 7ff63812b1d3-7ff63812b1dd call 7ff638129e18 751->755 752->743 760 7ff63812b19f-7ff63812b1c1 ReadConsoleW 752->760 753->751 764 7ff63812b1c9-7ff63812b1cb call 7ff6381243b8 754->764 765 7ff63812b33c-7ff63812b33e 754->765 755->707 756->726 763 7ff63812b141-7ff63812b143 756->763 767 7ff63812b22e-7ff63812b243 758->767 769 7ff63812b1e2-7ff63812b1ec 760->769 770 7ff63812b1c3 GetLastError 760->770 763->726 774 7ff63812b145-7ff63812b155 763->774 764->751 765->755 767->755 776 7ff63812b245-7ff63812b250 767->776 769->767 770->764 774->726 779 7ff63812b277-7ff63812b27f 776->779 780 7ff63812b252-7ff63812b26b call 7ff63812ab44 776->780 781 7ff63812b2fb-7ff63812b308 call 7ff63812a984 779->781 782 7ff63812b281-7ff63812b293 779->782 788 7ff63812b270-7ff63812b272 780->788 781->788 785 7ff63812b2ee-7ff63812b2f6 782->785 786 7ff63812b295 782->786 785->755 789 7ff63812b29a-7ff63812b2a1 786->789 788->755 791 7ff63812b2dd-7ff63812b2e8 789->791 792 7ff63812b2a3-7ff63812b2a7 789->792 791->785 793 7ff63812b2a9-7ff63812b2b0 792->793 794 7ff63812b2c3 792->794 793->794 795 7ff63812b2b2-7ff63812b2b6 793->795 796 7ff63812b2c9-7ff63812b2d9 794->796 795->794 797 7ff63812b2b8-7ff63812b2c1 795->797 796->789 798 7ff63812b2db 796->798 797->796 798->785
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: 6f2067f9e2b798d7e4aa60285487f192dd8020c4dcad372bd04a148e1f9d7242
                                                  • Instruction ID: 2effaf90b089757a8b2aa84d39d9c8a76db8e72fe235dcafd16bde3eff83adee
                                                  • Opcode Fuzzy Hash: 6f2067f9e2b798d7e4aa60285487f192dd8020c4dcad372bd04a148e1f9d7242
                                                  • Instruction Fuzzy Hash: E0C1B223A0C787C1EB619B35A4402FE7BA5EB82B80F554131DA5D83791DF7EE859E308
                                                  Function 00007FF63812E8DC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight$_isindst
                                                  • String ID:
                                                  • API String ID: 4170891091-0
                                                  • Opcode ID: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                  • Instruction ID: 206376dc4e7f5f49a81ce0f4e93f627497d6dbac7e4da912beff0435817e9ebd
                                                  • Opcode Fuzzy Hash: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                  • Instruction Fuzzy Hash: 2051EF73F046138AEF28CB7499416FC27A1BB19358F545235EE1E92BE6DE3EA402D704
                                                  Function 00007FF6381247D4 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                  • String ID:
                                                  • API String ID: 2780335769-0
                                                  • Opcode ID: 6d39917c2a5e172715dc0149da862f2fc663c363b49fcf3998972eea944cc0d9
                                                  • Instruction ID: fa1826dc703ce07b8ec84c0884592fee388fe91c862dad64734c71cd73ddff22
                                                  • Opcode Fuzzy Hash: 6d39917c2a5e172715dc0149da862f2fc663c363b49fcf3998972eea944cc0d9
                                                  • Instruction Fuzzy Hash: 3D515863E186428AFB14DFB094503BD23A1BB49B98F218134DE4D97789DF3DD691E348
                                                  Function 00007FF63811B19C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                  • String ID:
                                                  • API String ID: 1452418845-0
                                                  • Opcode ID: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                  • Instruction ID: d44855fc49f3bafd215e3050a9f1f8bd74817fce9426ca90355ff5240faeee8d
                                                  • Opcode Fuzzy Hash: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                  • Instruction Fuzzy Hash: FB313953E0860345FA94AB75A4513FE2391AFB5384F844034E90EC77D7DE6EB809E24D
                                                  Function 00007FF638124680 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 1279662727-0
                                                  • Opcode ID: aa6a3d9890cc6a7f195a6e990ba186583f2f0d5ddde8471eaaef5ef51b0941e7
                                                  • Instruction ID: ba8c2056a5b231542cb155c448b6d8acaa004bd8aa2f41e6da7b6bfbc3216d62
                                                  • Opcode Fuzzy Hash: aa6a3d9890cc6a7f195a6e990ba186583f2f0d5ddde8471eaaef5ef51b0941e7
                                                  • Instruction Fuzzy Hash: BE419523D1878383E7549B3195103B96360FB96764F109334EAAC83BD6DF6DA6E0E704
                                                  Function 00007FF638128888 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Process$CurrentExitTerminate
                                                  • String ID:
                                                  • API String ID: 1703294689-0
                                                  • Opcode ID: d426427e4f48dbbb9dc5f253e5f2c69f0b75b8518679dacd75070a6bbb583433
                                                  • Instruction ID: 04c0594579097860d5a87396adaef25d7fdfc2961d100d7f2fb1dacea84c3172
                                                  • Opcode Fuzzy Hash: d426427e4f48dbbb9dc5f253e5f2c69f0b75b8518679dacd75070a6bbb583433
                                                  • Instruction Fuzzy Hash: B7D09212F18B0382FA187B705C951F912226F89B41F201838D90FC6397DDBEA849E208
                                                  Function 00007FF63811F39C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: e6b31fcbb010569d964db91d6e465c54053a5eb593f9b70391a20bf1ad845ba7
                                                  • Instruction ID: bf5ecfd08f7aa43e0eba1c2d7b6068a7d7cbaffd5e910064b00f3d5762edc55d
                                                  • Opcode Fuzzy Hash: e6b31fcbb010569d964db91d6e465c54053a5eb593f9b70391a20bf1ad845ba7
                                                  • Instruction Fuzzy Hash: 5751D463B0969387EA689E3594006FA6381BF94BA4F144730DE6D837CBCF3ED441E609
                                                  Function 00007FF63812A028 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindCloseChangeNotification.KERNEL32(?,?,?,00007FF638129EA5,?,?,00000000,00007FF638129F5A), ref: 00007FF63812A096
                                                  • GetLastError.KERNEL32(?,?,?,00007FF638129EA5,?,?,00000000,00007FF638129F5A), ref: 00007FF63812A0A0
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ChangeCloseErrorFindLastNotification
                                                  • String ID:
                                                  • API String ID: 1687624791-0
                                                  • Opcode ID: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                  • Instruction ID: 0342e080e2a34f6023cab3116283e05439edaa5ed9bd3e78e8a90e84ca073f0d
                                                  • Opcode Fuzzy Hash: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                  • Instruction Fuzzy Hash: EA21C313B1868342FE549735D4542FD1691AF86BA0F244235DA2EC77C2CE6EE445E30C
                                                  Function 00007FF63812B604 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • SetFilePointerEx.KERNEL32(?,?,?,?,00000000,00007FF63812B79D), ref: 00007FF63812B650
                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF63812B79D), ref: 00007FF63812B65A
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastPointer
                                                  • String ID:
                                                  • API String ID: 2976181284-0
                                                  • Opcode ID: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                  • Instruction ID: 19a905708aa05b98a36c292df173eac4b4764f9d7dcae98df1264e5a8c2e5dc6
                                                  • Opcode Fuzzy Hash: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                  • Instruction Fuzzy Hash: D2118F62A18B8281DA108B35F8041AA6762AB46BF4F644331EA7D877E9CF7DD451D708
                                                  Function 00007FF63812497C Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF638124891), ref: 00007FF6381249AF
                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF638124891), ref: 00007FF6381249C5
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Time$System$FileLocalSpecific
                                                  • String ID:
                                                  • API String ID: 1707611234-0
                                                  • Opcode ID: 42d85f7bbfb38a33647f37402af2049ec243a38652db21839daf1665d9964160
                                                  • Instruction ID: a0d94fc9680d883d3cfe86864a0c674fde3225a2364b8b6cc5e5506483947107
                                                  • Opcode Fuzzy Hash: 42d85f7bbfb38a33647f37402af2049ec243a38652db21839daf1665d9964160
                                                  • Instruction Fuzzy Hash: F211A37360C65381EF648B21A4111BEB760FB86771F601235FA9EC1AD8EF6ED144EB08
                                                  Function 00007FF63812B37C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                  • Instruction ID: 836cd19a3b2e71a9cf780ddd5f483621f25a7cb39c42ec2f60570e09d9f12e3e
                                                  • Opcode Fuzzy Hash: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                  • Instruction Fuzzy Hash: 7B41CF3390864383EA24DB39A5812BA77A0EB97B50F140231D78EC77D1CF2EE442E759
                                                  Function 00007FF638117200 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _fread_nolock
                                                  • String ID:
                                                  • API String ID: 840049012-0
                                                  • Opcode ID: 27862ac600b922a3cf83038837973b46bcf043c3a7a7d693ce6134197cb24b32
                                                  • Instruction ID: 7e60623622b24b6992799a001fd4493c12a7f1cb8185a23fc32cb303420a8458
                                                  • Opcode Fuzzy Hash: 27862ac600b922a3cf83038837973b46bcf043c3a7a7d693ce6134197cb24b32
                                                  • Instruction Fuzzy Hash: 3C21EA23B1825346FA519B3265047FAA751BF55BD4F885830EE0D87786CF3EE142D708
                                                  Function 00007FF63812AE0C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: 47f2cb7360056a46563935c31beadd7a45ae652dec1b657f4a22353b163fa2db
                                                  • Instruction ID: f613733d4627d01ca5b4c4edbd12fb7c54568f5b42b2bccc34e08073f442aac3
                                                  • Opcode Fuzzy Hash: 47f2cb7360056a46563935c31beadd7a45ae652dec1b657f4a22353b163fa2db
                                                  • Instruction Fuzzy Hash: 5831A123A1865385E715AB35C8007FC2A90EF42B50F510235EA1D833D2DF7EE542E719
                                                  Function 00007FF6381287B9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                  • String ID:
                                                  • API String ID: 3947729631-0
                                                  • Opcode ID: e9a7e304643df4a79f5f92f113a909c0855d61e5f1cd2648997e34e72053eb35
                                                  • Instruction ID: e123d6de9083c3a97046f1a1dbf81e9034dfbe6525db454c870287c1d6243cbe
                                                  • Opcode Fuzzy Hash: e9a7e304643df4a79f5f92f113a909c0855d61e5f1cd2648997e34e72053eb35
                                                  • Instruction Fuzzy Hash: 91217832E04A468AEB249F74D4402FC33A0FB05718F14163AD62C86BD9DFBDD584DB88
                                                  Function 00007FF6381254C8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                  • Instruction ID: a4973bf6b06a02175314f4e9735d5170014d094b152628a84e64401e1faa6eb9
                                                  • Opcode Fuzzy Hash: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                  • Instruction Fuzzy Hash: EB116623A1C6C381EAA09F6194402F9E2A0FF86B80F944431EA4CD779ADF7ED540E709
                                                  Function 00007FF63813575C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                  • Instruction ID: 9f21d5eccfcc59b9372693b520ef343c1f66bb2dd07374cdc10ded4c6ad6b96b
                                                  • Opcode Fuzzy Hash: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                  • Instruction Fuzzy Hash: 21215033A1868286DB628F29E8403F976A0EB94F94F544234EA5DC77D9DF7ED800DB04
                                                  Function 00007FF63811F61C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                  • Instruction ID: d726c1cd29b6eb97955c4fb766fc33786e7c60c24f0aa200903ae0977f2840fe
                                                  • Opcode Fuzzy Hash: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                  • Instruction Fuzzy Hash: 1A01A522A08B8342E9049B72A9010E9A795FB96FE0F485631DE5C97BD7DF3ED501E308
                                                  Function 00007FF63812DD40 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF63812A8B6,?,?,?,00007FF638129A73,?,?,00000000,00007FF638129D0E), ref: 00007FF63812DD95
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                  • Instruction ID: 5b2f88313f819526dcef53462380e757c14c05b6c0e339e264e96803c6370639
                                                  • Opcode Fuzzy Hash: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                  • Instruction Fuzzy Hash: 6AF06D56B19A4F40FE996772D9013F502805F8AB80F5C9630CD0EC63C2DE5EE580E319
                                                  Function 00007FF63812CACC Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(?,?,?,00007FF63811FE44,?,?,?,00007FF638121356,?,?,?,?,?,00007FF638122949), ref: 00007FF63812CB0A
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                  • Instruction ID: f4142ec70bffb3a6e54350b30470b14be541ed3057421138c87a43530b65eac4
                                                  • Opcode Fuzzy Hash: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                  • Instruction Fuzzy Hash: 9BF05802F0D34341FE2467B258002F512805F8A7E0F080630DE2ED67C2EEAFA980F218
                                                  Function 00007FF6381171B0 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF638117A30: MultiByteToWideChar.KERNEL32 ref: 00007FF638117A6A
                                                  • LoadLibraryW.KERNEL32(?,?,00000000,00007FF6381130BE), ref: 00007FF6381171D3
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ByteCharLibraryLoadMultiWide
                                                  • String ID:
                                                  • API String ID: 2592636585-0
                                                  • Opcode ID: 63080640ee8bd5a5197bc5957a639ee791a00d05320db4a40cef4a6e5ab977c0
                                                  • Instruction ID: 0549ff065ee91b7ca73bdaf2fd5bb5d138137ff4a7145a111625bab79562bac5
                                                  • Opcode Fuzzy Hash: 63080640ee8bd5a5197bc5957a639ee791a00d05320db4a40cef4a6e5ab977c0
                                                  • Instruction Fuzzy Hash: D2E0CD23B1854682DE189777F9054FAA351AF4CFC0B589035DF0D47755DD3DD890DA08
                                                  Function 00007FFEDCDE2B58 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Free
                                                  • String ID:
                                                  • API String ID: 3978063606-0
                                                  • Opcode ID: 99c7829f09a5c78c67ae0b713d3d91cb04d237d0367d97be12d496e7a1f6d673
                                                  • Instruction ID: d674f0c3bd8faaf6d193ae82218a7154ae63af8631549c19ad6cc1a408a92787
                                                  • Opcode Fuzzy Hash: 99c7829f09a5c78c67ae0b713d3d91cb04d237d0367d97be12d496e7a1f6d673
                                                  • Instruction Fuzzy Hash: 15C01225F4500387E748277CCC562AD11985F48710F944036F00EC2EA1DD0C995A8704

                                                  Non-executed Functions

                                                  Function 00007FF638111B90 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                  • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                  • API String ID: 2446303242-1601438679
                                                  • Opcode ID: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                  • Instruction ID: 221a62481681c682d8130fbe5122f52798a1359dac36c4ae2e31666e5e8678f1
                                                  • Opcode Fuzzy Hash: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                  • Instruction Fuzzy Hash: 9EA15937218B8287E714CF21E95479AB760F788B90F604129DB8D43B24CF7EE5A9DB44
                                                  Function 00007FFEDCF94CF0 Relevance: 33.6, APIs: 11, Strings: 8, Instructions: 351stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: strspn$strncmp$strcspn
                                                  • String ID: $ $ ,$..\s\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Expecting: $Proc-Type:
                                                  • API String ID: 232339659-387852012
                                                  • Opcode ID: 42ddd34fbb514b972c3841d9454f420e3ab624245703583627a5e92b4a3d4a41
                                                  • Instruction ID: 29ea7caab40065e6845e78e1b3ddef6ba5fd6cf82fceb5ad19d8f1d35d3be029
                                                  • Opcode Fuzzy Hash: 42ddd34fbb514b972c3841d9454f420e3ab624245703583627a5e92b4a3d4a41
                                                  • Instruction Fuzzy Hash: 20F16F61B4864286FB24DB69E4402FD27A6BB44BC8F484133CA4D57FA5EF3CE54AC741
                                                  Function 00007FFEDCDE322E Relevance: 21.3, APIs: 14, Instructions: 251fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide_errno$FileFind$ErrorFirstLastNextfreemallocmemset
                                                  • String ID:
                                                  • API String ID: 3372420414-0
                                                  • Opcode ID: 3d8f240a4f90c780c6746068f38d3319f7b472bfe65928556dd2a935678a57e1
                                                  • Instruction ID: 15c0a13f8bf3e8d21671601c8603cc6c5f8ce9af854d750dc78100e1dde9a940
                                                  • Opcode Fuzzy Hash: 3d8f240a4f90c780c6746068f38d3319f7b472bfe65928556dd2a935678a57e1
                                                  • Instruction Fuzzy Hash: B2B1B362A04A8286EB208F29D4552BD7BA4FF59BE4F494737DA5D47BE0EF3CD0428300
                                                  Function 00007FFEDCDE2671 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: EnvironmentVariable$ByteCharMultiWide
                                                  • String ID: .rnd$HOME$RANDFILE$SYSTEMROOT$USERPROFILE
                                                  • API String ID: 2184640988-1666712896
                                                  • Opcode ID: 9bdffb1b50c3161ebfeb316bcddf5aa0d76d079b0f97c82e6ecc90dc1062e570
                                                  • Instruction ID: 9f538c4b5f5d68f147949d04f2fff7051211b59c2a7bd76dcd0bb2aed1801e54
                                                  • Opcode Fuzzy Hash: 9bdffb1b50c3161ebfeb316bcddf5aa0d76d079b0f97c82e6ecc90dc1062e570
                                                  • Instruction Fuzzy Hash: E261A322B4879245EB108F2A99501BDB7E6EB55BE4B4D9232DE5D83FE4DF3DE0168300
                                                  Function 00007FFEDCCC18A0 Relevance: 13.9, APIs: 9, Instructions: 425COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Mem_$SubtypeType_$DataFreeFromKindMallocReallocUnicode_
                                                  • String ID:
                                                  • API String ID: 1742244024-0
                                                  • Opcode ID: 2d17a493920b6b36c6fa0658f81e569c9b995c639d436fc25a26417b6e17d25f
                                                  • Instruction ID: 72e06338a00647dc47a5cfe191fd457b07aeb85221f763ef736edc7cb2c0a9e4
                                                  • Opcode Fuzzy Hash: 2d17a493920b6b36c6fa0658f81e569c9b995c639d436fc25a26417b6e17d25f
                                                  • Instruction Fuzzy Hash: E102E272A4C59282EB648B1EE6546BD36A1EB447C4F1C4137DB4E86FB4DE2EE443C702
                                                  Function 00007FFEDCCC3058 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                  • String ID:
                                                  • API String ID: 313767242-0
                                                  • Opcode ID: d5821aaf4936ad9aa18e348792a4e6496cc638c229f42c96d8f2983ca85ed40f
                                                  • Instruction ID: 7a7fae4bd06e76d3787e300d0ca1a95e208192a2f558544b88460a02137eadf9
                                                  • Opcode Fuzzy Hash: d5821aaf4936ad9aa18e348792a4e6496cc638c229f42c96d8f2983ca85ed40f
                                                  • Instruction Fuzzy Hash: C1316D72649B8189EB609F64E8503ED3364FB84784F4C403ADB4E87AA8DF39D54AC710
                                                  Function 00007FF638116780 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTempPathW.KERNEL32(?,00000000,?,00007FF63811674D), ref: 00007FF63811681A
                                                    • Part of subcall function 00007FF638116990: GetEnvironmentVariableW.KERNEL32(00007FF6381136E7), ref: 00007FF6381169CA
                                                    • Part of subcall function 00007FF638116990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6381169E7
                                                    • Part of subcall function 00007FF6381266B4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6381266CD
                                                  • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF6381168D1
                                                    • Part of subcall function 00007FF638112770: MessageBoxW.USER32 ref: 00007FF638112841
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                  • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                  • API String ID: 3752271684-1116378104
                                                  • Opcode ID: b4ad522e37175ac7074a900ecec4c645a4870e05ba81b0992846085732047fb7
                                                  • Instruction ID: 94931bd5d6f58534e6b2054c84f25c8daea76035c87c44c598b82bf12211e248
                                                  • Opcode Fuzzy Hash: b4ad522e37175ac7074a900ecec4c645a4870e05ba81b0992846085732047fb7
                                                  • Instruction Fuzzy Hash: 5D51AE23F2D64385FA54AB72A9552FA53415F6ABD0F444431ED0ECBB86EE2FE501E308
                                                  Function 00007FF63811B69C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                  • String ID:
                                                  • API String ID: 3140674995-0
                                                  • Opcode ID: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                  • Instruction ID: 4a83c0a8358bf44c3cf0d3c7eb2c360dc8e0420c9f6bdf707d3e5b5929983b01
                                                  • Opcode Fuzzy Hash: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                  • Instruction Fuzzy Hash: 20315E73608A828AEB609F70E8803EE7360FB94744F444439DA4D87B94EF7DD548D714
                                                  Function 00007FF638129AE4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                  • String ID:
                                                  • API String ID: 1239891234-0
                                                  • Opcode ID: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                  • Instruction ID: 2afeda61ad49f3449ac84b87a3cd5166ac64ca747f3df1e8f910e5b8f8f142c5
                                                  • Opcode Fuzzy Hash: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                  • Instruction Fuzzy Hash: 16316B37618F8286DB608B35E8406EE33A0FB89754F500135EA8D83B95DF3DC555CB04
                                                  Function 00007FF6381309B4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 2227656907-0
                                                  • Opcode ID: 0bdd7a8416f1e28eb8c09c6b5c037a8b7871395a979be626bc7410ef92a9cb5d
                                                  • Instruction ID: 987653065a87bdac93d4c155caf1b9cac3dff74c8b1542d7f840c869bdd607db
                                                  • Opcode Fuzzy Hash: 0bdd7a8416f1e28eb8c09c6b5c037a8b7871395a979be626bc7410ef92a9cb5d
                                                  • Instruction Fuzzy Hash: CFB1B327B1869741EA619B35A8006F963D0EB44BE4F444131EE9D87BC9DEBEEC41E708
                                                  Function 00007FFEDCDE22E8 Relevance: 6.4, APIs: 5, Instructions: 140COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: memmove$memset
                                                  • String ID:
                                                  • API String ID: 3790616698-0
                                                  • Opcode ID: 093f8d80f515eaee4f0976beeb406aa8df2a8c5bb98ba842fea8dd7f9a606363
                                                  • Instruction ID: 2b68cda3c74d59e461fd7d87faa46e886a8604dad01ef58ffe9c2e918703c65e
                                                  • Opcode Fuzzy Hash: 093f8d80f515eaee4f0976beeb406aa8df2a8c5bb98ba842fea8dd7f9a606363
                                                  • Instruction Fuzzy Hash: B351C47271D78586DB10CB1AE4402AEBBA4FB89BD4F885136EE9D07BA6DE3CD145C700
                                                  Function 00007FFEDCDE4246 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a46b17bfff405d911cbf0ed16f10332b4be66aad2a683c4b6cb6413eca26ac33
                                                  • Instruction ID: 03648078244105f872b42a1eb636885171a0695f8759e3fca96c9ccacfa6e2ec
                                                  • Opcode Fuzzy Hash: a46b17bfff405d911cbf0ed16f10332b4be66aad2a683c4b6cb6413eca26ac33
                                                  • Instruction Fuzzy Hash: 05F0E9713683E105CB55CA3A6848F6D2DD59791BC8F16C030DD0CD3F54F92EC5128B40
                                                  Function 00007FFEDCDE5731 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 47cb47f2231c500fe69675262d211844ffd3893697c7c00b0061ec7b87a542e7
                                                  • Instruction ID: d500473899e63081329c240221712096bba4ce2ba6fd169cfabfb529d78f978d
                                                  • Opcode Fuzzy Hash: 47cb47f2231c500fe69675262d211844ffd3893697c7c00b0061ec7b87a542e7
                                                  • Instruction Fuzzy Hash: 0CE09AB27583A405C756CA3A2908E6D2AA0AB14BC9F43C0309D0DA3E95F82EC6028B40
                                                  Function 00007FF638113DF0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: AddressProc
                                                  • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                  • API String ID: 190572456-3109299426
                                                  • Opcode ID: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                  • Instruction ID: 1d9adf466212498ee1372c2e2fb469e7a37b65a3a40d2fde55bc962fba57a560
                                                  • Opcode Fuzzy Hash: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                  • Instruction Fuzzy Hash: 8542B866A0EF0391FE55CB34AC901F523A1AF64794B945135C80E86368FFBEF959F208
                                                  Function 00007FF6381155D0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$LibraryLoad
                                                  • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                  • API String ID: 2238633743-1453502826
                                                  • Opcode ID: f7c8ee974489954c5cd6f430076d10814794685a81879c16293a8bddc0af0375
                                                  • Instruction ID: e4696895c53c03a24f167c732f9ae53ace8e0021e6dae6559ce9650b49fe5ca2
                                                  • Opcode Fuzzy Hash: f7c8ee974489954c5cd6f430076d10814794685a81879c16293a8bddc0af0375
                                                  • Instruction Fuzzy Hash: 63E193A7A5DF0391FA55CB34AC901F863A5AF14790F945135C80E86368EFBEE958F308
                                                  Function 00007FFEDCF941F0 Relevance: 49.7, APIs: 19, Strings: 14, Instructions: 223stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF94241
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF94258
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF9426F
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF942A2
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF942EB
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF9431F
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF94371
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF94384
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF9439B
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF943AE
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF943C5
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF943D8
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF943EF
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF94402
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF94415
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF94428
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF9443B
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF94487
                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFEDCF94E33,?,?,?,?,?,?,?,?,00007FFEDCF92E4B), ref: 00007FFEDCF944B2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: strcmp
                                                  • String ID: ANY PRIVATE KEY$CERTIFICATE$CERTIFICATE REQUEST$CMS$DH PARAMETERS$ENCRYPTED PRIVATE KEY$NEW CERTIFICATE REQUEST$PARAMETERS$PKCS #7 SIGNED DATA$PKCS7$PRIVATE KEY$TRUSTED CERTIFICATE$X509 CERTIFICATE$X9.42 DH PARAMETERS
                                                  • API String ID: 1004003707-1119032718
                                                  • Opcode ID: 5faaf54baf5283146832f0d94d5468780e9adc20c66d13194ea508598b332b28
                                                  • Instruction ID: 62911cf3f98a96122f5a783712769f32b633c35912f9cfb92b9c9e7d0aa7b187
                                                  • Opcode Fuzzy Hash: 5faaf54baf5283146832f0d94d5468780e9adc20c66d13194ea508598b332b28
                                                  • Instruction Fuzzy Hash: 1E91AF21E8C64741FE65972D9A502BC1ED3AFA6BD4F8C5133DD4E82EE5FE1CE4468202
                                                  Function 00007FFEDCDE1B77 Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 204stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: strspn$strncmp
                                                  • String ID: $ $ ,$..\s\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Proc-Type:
                                                  • API String ID: 1384302209-3505811795
                                                  • Opcode ID: 1b869f1a6eac8aeb398c7f487eda61ac9ae1a2185d31ed71d5288b5492fc2b28
                                                  • Instruction ID: 375564e7be7c3f2b1a7b5ff7d074c58c4b8e4fca70950cb2963fbedd2850e87a
                                                  • Opcode Fuzzy Hash: 1b869f1a6eac8aeb398c7f487eda61ac9ae1a2185d31ed71d5288b5492fc2b28
                                                  • Instruction Fuzzy Hash: 5B919D61B4D65386EB208B29A8406BD37A6EF447D4F484037DA8D43FB5EF2CE54A8741
                                                  Function 00007FFEDCDE4E44 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 205registryfileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Event$FileSource$ByteCharDeregisterHandleMultiRegisterReportTypeWideWrite__stdio_common_vsprintf__stdio_common_vswprintf
                                                  • String ID: $OpenSSL$OpenSSL: FATAL$no stack?
                                                  • API String ID: 2603057392-2963566556
                                                  • Opcode ID: 75131406242315063b9eb8b61f751d263e868ede2efdb133bf2f38d68100ef13
                                                  • Instruction ID: 57f851df882c38a0b7b023a63ed648abc8542f8534efe90fb1fd360d14bffa23
                                                  • Opcode Fuzzy Hash: 75131406242315063b9eb8b61f751d263e868ede2efdb133bf2f38d68100ef13
                                                  • Instruction Fuzzy Hash: 4D91D472A08B8285EB208F68D8441BD3769FB55BD4F484637EE5D17EA5EF38E256C300
                                                  Function 00007FFEDCCC48C8 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Unicode_$CompareString$With$DeallocErr_Ready
                                                  • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                  • API String ID: 1067165228-3528878251
                                                  • Opcode ID: a97fda713efcdaed74d0f15b89fc759eef65b993e3755085a36f180e1a2a6872
                                                  • Instruction ID: 94ee8543afb36cf4484e6323a3c4abd52caaac6435115ad658d13ce201dabe5f
                                                  • Opcode Fuzzy Hash: a97fda713efcdaed74d0f15b89fc759eef65b993e3755085a36f180e1a2a6872
                                                  • Instruction Fuzzy Hash: 2E413061A8C65385EA14CF1AAA4423D63A1BF45BD4F8C4537CE4E87AB4DF2EE046E305
                                                  Function 00007FFEDCDE1C1C Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 267stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: strcmp$strncmp
                                                  • String ID: ..\s\crypto\asn1\asn_mime.c$application/pkcs7-mime$application/pkcs7-signature$application/x-pkcs7-mime$application/x-pkcs7-signature$boundary$content-type$multipart/signed$type:
                                                  • API String ID: 1244041713-3630080479
                                                  • Opcode ID: cb09d76981884f911073ec79770a94529b3f76ec59753b3682a11d1b1a51dff2
                                                  • Instruction ID: 85992bad0f73c0bad57ac24e8ea8d827cbbbc3d62c56350d97fc1d68e939860c
                                                  • Opcode Fuzzy Hash: cb09d76981884f911073ec79770a94529b3f76ec59753b3682a11d1b1a51dff2
                                                  • Instruction Fuzzy Hash: 92C17CA1B8D64681FA24EB1998412BD6396AF857C0F8C8037DD8D17FA6EF3CE546C701
                                                  Function 00007FF638111440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                  • API String ID: 0-666925554
                                                  • Opcode ID: d3968db3aa9a033bb4e68e7b46c35a5ca854f8004469bea9d1630e60e8200884
                                                  • Instruction ID: 505504404c4281b45ba6f2452f4eeb3ba237994007048afbd0d95afdd960bc70
                                                  • Opcode Fuzzy Hash: d3968db3aa9a033bb4e68e7b46c35a5ca854f8004469bea9d1630e60e8200884
                                                  • Instruction Fuzzy Hash: FC51BC63B08A4381EA50DB31A8446F9A3A0AF61BD8F445431DE0DC7B96EF7FE545E308
                                                  Function 00007FF6381178A0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                  • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                  • API String ID: 4998090-2855260032
                                                  • Opcode ID: 325d64cfb385d23493eb0389c0ea059c6d59262dbafda5a72abe8264351e6c2a
                                                  • Instruction ID: bd864025de591b909dd843df625ab595e20db414960645fc3020f10fe71d27dd
                                                  • Opcode Fuzzy Hash: 325d64cfb385d23493eb0389c0ea059c6d59262dbafda5a72abe8264351e6c2a
                                                  • Instruction Fuzzy Hash: 89418B3361CA8782EA109F30E8446EA7361FB847A4F540231EA9E877D8DF7DD448DB04
                                                  Function 00007FFEDCCC24D0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Module_$Dealloc$ObjectObject_$Capsule_ConstantFromMallocMem_SpecStringTrackTypeType_
                                                  • String ID: 14.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                  • API String ID: 288921926-1430584071
                                                  • Opcode ID: 34ac006824e125b38f87d2d071ae01d9c336cf72669efd439cdbfbf994d14880
                                                  • Instruction ID: 988789ee24cf4e29b0e2f8a4ca9dbb1ccebe0e3acb0b2cc5eb6e1cc802bb492d
                                                  • Opcode Fuzzy Hash: 34ac006824e125b38f87d2d071ae01d9c336cf72669efd439cdbfbf994d14880
                                                  • Instruction Fuzzy Hash: D7212F61E8D70385FA165B2DEA1427D22A4AF49BD0B4C5036DB1E46EB8DF2EE447D302
                                                  Function 00007FFEDCCC1090 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 150COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: CompareStringUnicode_With$Mem_$FreeMallocSubtypeType_
                                                  • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                  • API String ID: 1723213316-3528878251
                                                  • Opcode ID: c1d1483b359176232031dcda17eceefdd4cd98cc21702f49892afc3e67e82068
                                                  • Instruction ID: dfd561c3c55a6d37cc135787fef8aa77da52fd6635df9902f4d34373438a2bac
                                                  • Opcode Fuzzy Hash: c1d1483b359176232031dcda17eceefdd4cd98cc21702f49892afc3e67e82068
                                                  • Instruction Fuzzy Hash: 86517F61A9C25241FB648B1AAA1467E56A0AF42BC4F5C5033DF5E87FA1CE2EE403D702
                                                  Function 00007FF638112030 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                  • String ID: P%
                                                  • API String ID: 2147705588-2959514604
                                                  • Opcode ID: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                  • Instruction ID: 34e4a8107c57118f6a7b2c35df882cd309595426b7095d65a5f759bcc191bf77
                                                  • Opcode Fuzzy Hash: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                  • Instruction Fuzzy Hash: 9B510626604BA286D6349F32A4181FAB7A1F798B61F004121EBCE83784DF7DD085EB14
                                                  Function 00007FFEDCCC4600 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Arg_Unicode_$ArgumentCheckDigitErr_PositionalReadyString
                                                  • String ID: a unicode character$argument 1$digit$not a digit
                                                  • API String ID: 3305933226-4278345224
                                                  • Opcode ID: f3312c4d2492d42c6bf8c5b24e15dccd6aa38fe551f57dd252bb694573ee7750
                                                  • Instruction ID: 056e6da924b446775c87c40becb776d21b90a02850f99d7b989490d63f8faf44
                                                  • Opcode Fuzzy Hash: f3312c4d2492d42c6bf8c5b24e15dccd6aa38fe551f57dd252bb694573ee7750
                                                  • Instruction Fuzzy Hash: FD210A21F48A4291EB109F29EA4457D63A0EB44BC8F4C8533CB0E87A78DF2EE557D302
                                                  Function 00007FFEDCCC2730 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                  • String ID:
                                                  • API String ID: 349153199-0
                                                  • Opcode ID: 5ae4ae1fad975d5487a8dd9099fd26104a61e4c8513e68d9fc499fd676c40ec1
                                                  • Instruction ID: 6c0a4b51ea09bd359e4baab677b6bba6d20d87fb0ce17a1fbcd2df4b59fd9b7f
                                                  • Opcode Fuzzy Hash: 5ae4ae1fad975d5487a8dd9099fd26104a61e4c8513e68d9fc499fd676c40ec1
                                                  • Instruction Fuzzy Hash: 25817C21E8864346F652AB6D9A813BD62A0AF457C0F5C4137DB4D83FB6DE2EE447C702
                                                  Function 00007FFEDCDE7207 Relevance: 16.7, APIs: 4, Strings: 7, Instructions: 159stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: strchr
                                                  • String ID: ..\s\crypto\ocsp\ocsp_lib.c$/$/$443$[$http$https
                                                  • API String ID: 2830005266-535551730
                                                  • Opcode ID: 3f4b0d76255caf907e181389f39ab80ca888ca80cbe07dbd0ebd0c6e25bf62fd
                                                  • Instruction ID: 0c24918b217d335a1ced1c8f8c8f18c2d0aad9d21b17c4a5f38e1e1d46987cf7
                                                  • Opcode Fuzzy Hash: 3f4b0d76255caf907e181389f39ab80ca888ca80cbe07dbd0ebd0c6e25bf62fd
                                                  • Instruction Fuzzy Hash: 7861A561F49B4680FA21DF19E8102BD2792AF85BC0F8D4033D99D0BBA5EE3DE54AC700
                                                  Function 00007FFEDCDE32B0 Relevance: 16.6, APIs: 5, Strings: 6, Instructions: 127stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: atoi$strcmp
                                                  • String ID: ..\s\crypto\ts\ts_conf.c$accuracy$microsecs$millisecs$p$secs
                                                  • API String ID: 4175852868-1596076588
                                                  • Opcode ID: 7fedaee5a43b9f96133ba3337b9998908fec395ca8a45f4228c1692c16d9240c
                                                  • Instruction ID: 1a915de0423c939a5bb11724414ada5bf8fa33476f6d55ee636df7abba9ffc54
                                                  • Opcode Fuzzy Hash: 7fedaee5a43b9f96133ba3337b9998908fec395ca8a45f4228c1692c16d9240c
                                                  • Instruction Fuzzy Hash: 27519066B4964786EA149B2A98005FD7795BF84BC8F582433ED4E43FB1EE3CE446C304
                                                  Function 00007FFEDCDE23D3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindowwcsstr
                                                  • String ID: Service-0x$_OPENSSL_isservice
                                                  • API String ID: 459917433-1672312481
                                                  • Opcode ID: 79db5ee4ce9dc6ccf9bd915a9b468d2fbd35849815718b4b7a41fc8616343fad
                                                  • Instruction ID: 2ef76151632cf5bd3dd5202ddbf357e67e9dcf8878184a4ca960dc6e2298018c
                                                  • Opcode Fuzzy Hash: 79db5ee4ce9dc6ccf9bd915a9b468d2fbd35849815718b4b7a41fc8616343fad
                                                  • Instruction Fuzzy Hash: DF414F61645A8246EB609B28D8412BC2299EF547F4B4C4736E97D46BF4EF3CE6458300
                                                  Function 00007FFEDCCC1000 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Unicode_$Arg_$ArgumentCompareReadyStringWith$CheckPositionalSubtypeType_
                                                  • String ID: argument 1$argument 2$normalize$str
                                                  • API String ID: 3621440800-1320425463
                                                  • Opcode ID: 94348148c340fa5468beab9ef1746397c69e42e894d14843631ab3fa4ea44381
                                                  • Instruction ID: 11c52d7038c1fd255b8f8f5a602fabefb506411ab46d0baf908acacc83f0631f
                                                  • Opcode Fuzzy Hash: 94348148c340fa5468beab9ef1746397c69e42e894d14843631ab3fa4ea44381
                                                  • Instruction Fuzzy Hash: 0C215061A8868291E7108B2DEA442BD2760AF45BD8F5C4233CA5E47AF4CF2EE447D302
                                                  Function 00007FFEDCCC47DC Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Arg_$ArgumentReadyUnicode_$CheckPositional
                                                  • String ID: argument 1$argument 2$is_normalized$str
                                                  • API String ID: 396090033-184702317
                                                  • Opcode ID: c961abb42e83fbff4e8e9473619491438f798cfd5e47330d0c83c04a8f602896
                                                  • Instruction ID: a6d09d2290477b63ef562277ff49c97459ca6d95c95a2f24e984dafcd4ce0e9e
                                                  • Opcode Fuzzy Hash: c961abb42e83fbff4e8e9473619491438f798cfd5e47330d0c83c04a8f602896
                                                  • Instruction Fuzzy Hash: 21216F21E48A8681EB10CB19EA8427D2760AF45BD8F5C9133CA5D87EB4CF2DE447C302
                                                  Function 00007FF6381174B0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(00000000,00007FF6381126A0), ref: 00007FF6381174D7
                                                  • FormatMessageW.KERNEL32(00000000,00007FF6381126A0), ref: 00007FF638117506
                                                  • WideCharToMultiByte.KERNEL32 ref: 00007FF63811755C
                                                    • Part of subcall function 00007FF638112620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF638117744,?,?,?,?,?,?,?,?,?,?,?,00007FF63811101D), ref: 00007FF638112654
                                                    • Part of subcall function 00007FF638112620: MessageBoxW.USER32 ref: 00007FF63811272C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                  • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                  • API String ID: 2920928814-2573406579
                                                  • Opcode ID: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                  • Instruction ID: 5f353dd57a03d6dc444ce64c689ec521fea65eb445c03c98cb2e371753767178
                                                  • Opcode Fuzzy Hash: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                  • Instruction Fuzzy Hash: 1C217133B08A4382EB609B31EC402E66761FB98385F940035E54DC2798EFBEE505E708
                                                  Function 00007FFEDCEECBA0 Relevance: 15.2, APIs: 1, Strings: 9, Instructions: 238stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: strncmp
                                                  • String ID: %-8d$, path=$, retcode=$, value=$..\s\crypto\conf\conf_mod.c$OPENSSL_finish$OPENSSL_init$module=$path
                                                  • API String ID: 1114863663-3652895664
                                                  • Opcode ID: 3ecb68e670bea93246ef5374c4d0d7ba0649ab831daedc309e66f1fd15480d7f
                                                  • Instruction ID: be738f5c1e64169c383b7ca5672dd4c4b59f539376058d032a9320a845f8a571
                                                  • Opcode Fuzzy Hash: 3ecb68e670bea93246ef5374c4d0d7ba0649ab831daedc309e66f1fd15480d7f
                                                  • Instruction Fuzzy Hash: 95A19D61B4964685FA21AB59AC006BD229AAF84BD4F4C0137ED4D57FB6EF3CE9428340
                                                  Function 00007FFEDCDE4B42 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 127stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: strncmp
                                                  • String ID: , value=$..\s\crypto\x509v3\v3_conf.c$/$ASN1:$DER:$critical,$name=
                                                  • API String ID: 1114863663-1429737502
                                                  • Opcode ID: 143978fd2adef66388680b9fe0611a0269c67ac45c0586c6bec754c205a70508
                                                  • Instruction ID: 8669741b692b2a760a7925aee944525179db8238ea6b1e963f5cfa379f2f3bdc
                                                  • Opcode Fuzzy Hash: 143978fd2adef66388680b9fe0611a0269c67ac45c0586c6bec754c205a70508
                                                  • Instruction Fuzzy Hash: CF41BF21B08A9641EB309B16A9403BE6A9BFB85BD4F4C4136DE5D87FE5FE3CE5058700
                                                  Function 00007FF638120228 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: f$f$p$p$f
                                                  • API String ID: 3215553584-1325933183
                                                  • Opcode ID: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                  • Instruction ID: 300f7104dddf744627cfe1672e5ef850de827382ef1838ed7c88910843cbc4c7
                                                  • Opcode Fuzzy Hash: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                  • Instruction Fuzzy Hash: 7D12A763E0C18386FB249A34E0547FA7691FB82750F844235E69A877C4DF7EE480EB58
                                                  Function 00007FFEDCDE41DD Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 117networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastsetsockopt
                                                  • String ID: ..\s\crypto\bio\b_sock2.c$o
                                                  • API String ID: 1729277954-1872632005
                                                  • Opcode ID: f8faf1672888dd055ca767ddbd6e928684f186272bd270f584dbc43e0a9459f0
                                                  • Instruction ID: 7ec2ce271b4271eb92d9a4052f1d628af4ca49813b7daf99c2e4a0704b0202d6
                                                  • Opcode Fuzzy Hash: f8faf1672888dd055ca767ddbd6e928684f186272bd270f584dbc43e0a9459f0
                                                  • Instruction Fuzzy Hash: 1C51AD71B0C6428AE7309B66E8042BD7761FB85784F184136EA8947EA5DF3EE506CF44
                                                  Function 00007FFEDCDE1D48 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 99libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: HandleModule$AddressProc
                                                  • String ID: OPENSSL_Applink$OPENSSL_Uplink(%p,%02X): $_ssl.pyd$_ssl_d.pyd
                                                  • API String ID: 1883125708-1130596517
                                                  • Opcode ID: f2636a76e782a0e1fa67e1c2fe2d0083f1ed94c4a280093996525d6ffba33d81
                                                  • Instruction ID: 3f2357f2f0888fa3cb96e078fa65bd290a6e9488556fe26b6c591374f47ab456
                                                  • Opcode Fuzzy Hash: f2636a76e782a0e1fa67e1c2fe2d0083f1ed94c4a280093996525d6ffba33d81
                                                  • Instruction Fuzzy Hash: B0513B21E09B4681F6219F65A9001BC27A6FFA9764B486737DE6C02AF5FF3CF5918700
                                                  Function 00007FF638116FD0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                  • String ID: CreateProcessW$Error creating child process!
                                                  • API String ID: 2895956056-3524285272
                                                  • Opcode ID: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                  • Instruction ID: fe9b0d324c28e45d239d59294d1b6a1943dea1087eab0d995211471225e04c22
                                                  • Opcode Fuzzy Hash: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                  • Instruction Fuzzy Hash: E1412933A08B8282EA20DB74F8452EAA3A0FB95364F500735E6AD87BD5DF7DD444DB44
                                                  Function 00007FFEDCDE377E Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 85stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: strcmpstrncmpstrtoul
                                                  • String ID: MASK:$default$nombstr$pkix$utf8only
                                                  • API String ID: 1175158921-3483942737
                                                  • Opcode ID: 0eb005829b5090700deec3fa77c1e89360f57b44948d3d3a333400b0d416245b
                                                  • Instruction ID: 29b36bbc0a239be9faa92b9e13ce9722a1b77b813dba0159348764e79f012d86
                                                  • Opcode Fuzzy Hash: 0eb005829b5090700deec3fa77c1e89360f57b44948d3d3a333400b0d416245b
                                                  • Instruction Fuzzy Hash: 7331C462F2858142EB518B2CE8503BD3B91EFC5B90F4C4133EA5A47EB5EE1CE496C700
                                                  Function 00007FF63811DC30 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 849930591-393685449
                                                  • Opcode ID: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                  • Instruction ID: f70e369452d41adf79495752feec7ebbf672890fecd1829dc93ae64d9f5bffd2
                                                  • Opcode Fuzzy Hash: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                  • Instruction Fuzzy Hash: E5E17C73A08B438AEB209F7594412ED7BA0FB65B98F100135EE8D87B99CF39E581D744
                                                  Function 00007FFEDCDE60D2 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 227COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Fiber$Switch$CreateDeletememmove
                                                  • String ID: *$..\s\crypto\async\async.c
                                                  • API String ID: 81049052-1471988776
                                                  • Opcode ID: 4f9f709306536e867257e9e687ef2b36e2c087ecf2beff4b4f2d57b4d80d708d
                                                  • Instruction ID: f83e7d6b5abe68e1a140032d61fe7d305d28ffcb14757b859731669e0a9a8975
                                                  • Opcode Fuzzy Hash: 4f9f709306536e867257e9e687ef2b36e2c087ecf2beff4b4f2d57b4d80d708d
                                                  • Instruction Fuzzy Hash: FEA15B72B49A4685EA20DF1AE85027D63A5EB44BC4F085037DE8D87BB6EF3CE556C700
                                                  Function 00007FFEDCCC16E0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 129COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                  • String ID: a unicode character$argument$category
                                                  • API String ID: 2803103377-2068800536
                                                  • Opcode ID: c9d1e3034f28ed3d090bffcd2b1c2b74113939870b399ed50bdb72791e912429
                                                  • Instruction ID: aa07e08c07a557e9ddb5a096a964c1afdf7dcb0c08d2a36583c6e676b556e27d
                                                  • Opcode Fuzzy Hash: c9d1e3034f28ed3d090bffcd2b1c2b74113939870b399ed50bdb72791e912429
                                                  • Instruction Fuzzy Hash: 6E519361B4CA4681EB548B1ED6902BD23A1EB84BC4F5D4137DB4E87BB4DF2EE846D301
                                                  Function 00007FFEDCCC1590 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                  • String ID: a unicode character$argument$bidirectional
                                                  • API String ID: 2803103377-2110215792
                                                  • Opcode ID: 79e1f8ae2df2e93481f857dbc231cf2a034c20faf15badcceea9109bcd0af3e1
                                                  • Instruction ID: 9d5abc82864aa70db84b94a9ec86635ddde7dc083077c6cd0f2488c9446878b3
                                                  • Opcode Fuzzy Hash: 79e1f8ae2df2e93481f857dbc231cf2a034c20faf15badcceea9109bcd0af3e1
                                                  • Instruction Fuzzy Hash: CA41D161B58A4282FB548B1ED6942BD23A1EB44BC4F5C4137DB4E83AB4DF2EE847D341
                                                  Function 00007FF638117600 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF63811101D), ref: 00007FF63811769F
                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF63811101D), ref: 00007FF6381176EF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide
                                                  • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                  • API String ID: 626452242-27947307
                                                  • Opcode ID: 43851299e65b878553ee9477cdfb9aa8b38a7a1e3001ba9c1eb6bb9cebf00e3a
                                                  • Instruction ID: 42bf47658a9c5fc516542598f902ec8b7c7cf191a0655e1422ac76c701ca6352
                                                  • Opcode Fuzzy Hash: 43851299e65b878553ee9477cdfb9aa8b38a7a1e3001ba9c1eb6bb9cebf00e3a
                                                  • Instruction Fuzzy Hash: B941AE33A0DB8381E620CF25B8441AAB7A5FB94BA0F584535DA8DC3B98DF7DD451E708
                                                  Function 00007FFEDCCC4498 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: FromStringUnicode_$S_snprintfSizeSubtypeType_memcpy
                                                  • String ID: $%04X
                                                  • API String ID: 762632776-4013080060
                                                  • Opcode ID: 86c188bc8851d71fee5143397eab43a3575e426cb52b14b86a1d2f1ad77da2b4
                                                  • Instruction ID: 6b7ee72a2d25aa5923ea20b79fe3cdc1aef327ac7ebc8af19254c8ce7b6b1eb6
                                                  • Opcode Fuzzy Hash: 86c188bc8851d71fee5143397eab43a3575e426cb52b14b86a1d2f1ad77da2b4
                                                  • Instruction Fuzzy Hash: 5531A072A48A8141EB21CB18E9143BD73A1FB45BE4F5C4232DA6E47EE4DF2DE546C301
                                                  Function 00007FF638117B40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WideCharToMultiByte.KERNEL32(?,00007FF638113699), ref: 00007FF638117B81
                                                    • Part of subcall function 00007FF638112620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF638117744,?,?,?,?,?,?,?,?,?,?,?,00007FF63811101D), ref: 00007FF638112654
                                                    • Part of subcall function 00007FF638112620: MessageBoxW.USER32 ref: 00007FF63811272C
                                                  • WideCharToMultiByte.KERNEL32(?,00007FF638113699), ref: 00007FF638117BF5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$ErrorLastMessage
                                                  • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                  • API String ID: 3723044601-27947307
                                                  • Opcode ID: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                  • Instruction ID: 2631dc5f874d2edf034e335f457c9197d4429d606356cc9015f021c6cdb5195f
                                                  • Opcode Fuzzy Hash: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                  • Instruction Fuzzy Hash: B9214B23B08B4385EA10DF36E8401F97761AB94B94F584535DA4DC3794EFBEE951E308
                                                  Function 00007FFEDCCC41C8 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                  • String ID: a unicode character$argument$combining
                                                  • API String ID: 3097524968-4202047184
                                                  • Opcode ID: 8dcec4442920f3b8f18acdd6a11acb662b49feb7bbe0bfb657696819d5b5ca8f
                                                  • Instruction ID: ee0f50b170d4f1864812746e810798310fe2380f72d953e9affbe072251d1a12
                                                  • Opcode Fuzzy Hash: 8dcec4442920f3b8f18acdd6a11acb662b49feb7bbe0bfb657696819d5b5ca8f
                                                  • Instruction Fuzzy Hash: 0101A560F8864341EA54CF69AA4517C2290AF457D4F4C9133CA5E47EB4DF3DE447C302
                                                  Function 00007FFEDCCC4A44 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                  • String ID: a unicode character$argument$mirrored
                                                  • API String ID: 3097524968-4001128513
                                                  • Opcode ID: c10d4c018a97ffc3e2d3961057942d7e2c7a14af83ba5a253b81f33c79b69d04
                                                  • Instruction ID: ca787bd9d8e102f3592803a28b9e06136a6fa3c998f8b2ffa722bb4763c55dff
                                                  • Opcode Fuzzy Hash: c10d4c018a97ffc3e2d3961057942d7e2c7a14af83ba5a253b81f33c79b69d04
                                                  • Instruction Fuzzy Hash: 79016550F8864341EA54DF29AA4427C2290EF45BD4F4C9537DB1E56AB4DF2EE487C306
                                                  Function 00007FFEDCFE25B0 Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 190stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: memsetstrncpy
                                                  • String ID: , failure codes: $, status text: $..\s\crypto\ts\ts_rsp_verify.c$status code: $unknown code$unspecified
                                                  • API String ID: 388311670-2553778726
                                                  • Opcode ID: 4039b7292d998a5d8bce370844a9dd603b654c47650d4ae50a8630767a9223f1
                                                  • Instruction ID: e9d8c0cffe36135b9d2d0af53fc1966b95b19ad37f597539935146462d7fb21b
                                                  • Opcode Fuzzy Hash: 4039b7292d998a5d8bce370844a9dd603b654c47650d4ae50a8630767a9223f1
                                                  • Instruction Fuzzy Hash: 83819022A4868685E761DB19A8403FD67E9EB85BC4F890137DA4D47BA5EF3CE1468700
                                                  Function 00007FF638129264 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: f$p$p
                                                  • API String ID: 3215553584-1995029353
                                                  • Opcode ID: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                  • Instruction ID: d64f28705afaab70a94f8bfc8865d7bc1927670e47514368164b776a69fb0bf0
                                                  • Opcode Fuzzy Hash: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                  • Instruction Fuzzy Hash: 5512A163E0C14786FB249B39E154AF97691FB82750F884035E68A877C4DF3EE590EB18
                                                  Function 00007FFEDCCC11D0 Relevance: 10.8, APIs: 7, Instructions: 321COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                  • String ID:
                                                  • API String ID: 4139299733-0
                                                  • Opcode ID: b618ed634e65c7a0afdbbdfe658f43664214b0bdfe946ac4b4ba603eb4efd133
                                                  • Instruction ID: b168eb0e26be6fd60c96aa05540517d196dff91393200401be5f9a63885bf2d0
                                                  • Opcode Fuzzy Hash: b618ed634e65c7a0afdbbdfe658f43664214b0bdfe946ac4b4ba603eb4efd133
                                                  • Instruction Fuzzy Hash: 64D1AE72E9C65281EA208B1AE6445BD67A1FB457C4F5C0133DB5E86EA0DF7EE843C702
                                                  Function 00007FFEDCDE54CA Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 121stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: strchr$memmove
                                                  • String ID: characters$ to $..\s\crypto\ui\ui_lib.c$You must type in
                                                  • API String ID: 1080442166-3422546668
                                                  • Opcode ID: e1d467c1ab8b172e9e243a46dfee5ce5121d718340360ba0c754f62a78f21d98
                                                  • Instruction ID: f20ff5a3b99454eb7064ca01831dd8c93b48d1275ed0c691200f39a02c62d21a
                                                  • Opcode Fuzzy Hash: e1d467c1ab8b172e9e243a46dfee5ce5121d718340360ba0c754f62a78f21d98
                                                  • Instruction Fuzzy Hash: A751A56165868A86EB21CF68D4401FD77A5FB85B88F584233EA4C07BE9EF3CE546C740
                                                  Function 00007FF638117C30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide
                                                  • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                  • API String ID: 626452242-876015163
                                                  • Opcode ID: b7b82ea576924ca1617b662870f2c7e243fa9a5b0eddeb3ea6719f1292c4487d
                                                  • Instruction ID: f4a000c0b708ab3da3bd0facd792da29e89fdfe30daaf8470e3649328696437d
                                                  • Opcode Fuzzy Hash: b7b82ea576924ca1617b662870f2c7e243fa9a5b0eddeb3ea6719f1292c4487d
                                                  • Instruction Fuzzy Hash: B8418E33A08B4382EA20DB35A8401FA67A5FB54B90F144135DA8D87BA8EF3DD452E708
                                                  Function 00007FFEDCDE2E4B Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: EnvironmentVariable
                                                  • String ID: OPENSSL_ia32cap$~$~$~$~
                                                  • API String ID: 1431749950-1981414212
                                                  • Opcode ID: cf480c52fdec152708fcec39c4b82c05f8550ca0c57a004c4734a86e6d7d47de
                                                  • Instruction ID: 8f1d3f40bc3e7135b6d414051db23ace20863cb7128f84f7d0f5cce378c4fc42
                                                  • Opcode Fuzzy Hash: cf480c52fdec152708fcec39c4b82c05f8550ca0c57a004c4734a86e6d7d47de
                                                  • Instruction Fuzzy Hash: 22415864E4865B85E720AB05A84517C22A8EB48BC0F4C4137ED5D57EB8FF3CE586C780
                                                  Function 00007FF638116480 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF638117A30: MultiByteToWideChar.KERNEL32 ref: 00007FF638117A6A
                                                  • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6381167CF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF6381164DF
                                                    • Part of subcall function 00007FF638112770: MessageBoxW.USER32 ref: 00007FF638112841
                                                  Strings
                                                  • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6381164B6
                                                  • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF63811653A
                                                  • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6381164F3
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                  • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                  • API String ID: 1662231829-3498232454
                                                  • Opcode ID: 2dc19ef5ba30c1755b370eb24f27a07330b7d4ecbeaa7c6206d14ea3a4c7ebc1
                                                  • Instruction ID: 85e5e529d506ed39bedb913c0cfa91e3a2ade479eacb8261f7425bb013b9ece8
                                                  • Opcode Fuzzy Hash: 2dc19ef5ba30c1755b370eb24f27a07330b7d4ecbeaa7c6206d14ea3a4c7ebc1
                                                  • Instruction Fuzzy Hash: 1C316717B1CB8341FA61E731A9553FA5351AFA87C0F844431DA4EC2BDAEE6EE504E608
                                                  Function 00007FF63811CEE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF63811D19A,?,?,?,00007FF63811CE8C,?,?,00000001,00007FF63811CAA9), ref: 00007FF63811CF6D
                                                  • GetLastError.KERNEL32(?,?,?,00007FF63811D19A,?,?,?,00007FF63811CE8C,?,?,00000001,00007FF63811CAA9), ref: 00007FF63811CF7B
                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF63811D19A,?,?,?,00007FF63811CE8C,?,?,00000001,00007FF63811CAA9), ref: 00007FF63811CFA5
                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF63811D19A,?,?,?,00007FF63811CE8C,?,?,00000001,00007FF63811CAA9), ref: 00007FF63811CFEB
                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF63811D19A,?,?,?,00007FF63811CE8C,?,?,00000001,00007FF63811CAA9), ref: 00007FF63811CFF7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                  • String ID: api-ms-
                                                  • API String ID: 2559590344-2084034818
                                                  • Opcode ID: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                  • Instruction ID: b437e98a652bdc574f08cecbfd032da59886d90933033a2302cdc4aa993abbe7
                                                  • Opcode Fuzzy Hash: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                  • Instruction Fuzzy Hash: 4E31C023A1AA4391FE52DB22A8016F56394FF58BA0F594535ED1D8A380DF3DE445E708
                                                  Function 00007FF638117A30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MultiByteToWideChar.KERNEL32 ref: 00007FF638117A6A
                                                    • Part of subcall function 00007FF638112620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF638117744,?,?,?,?,?,?,?,?,?,?,?,00007FF63811101D), ref: 00007FF638112654
                                                    • Part of subcall function 00007FF638112620: MessageBoxW.USER32 ref: 00007FF63811272C
                                                  • MultiByteToWideChar.KERNEL32 ref: 00007FF638117AF0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$ErrorLastMessage
                                                  • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                  • API String ID: 3723044601-876015163
                                                  • Opcode ID: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                  • Instruction ID: 428a534258df246e63ec12d3f13b9fa06572d94fd527396c19fb78e59acc890d
                                                  • Opcode Fuzzy Hash: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                  • Instruction Fuzzy Hash: B3215327B08A4382EB50CB35F8000AAA761FB95794F584531DF4CC3BA9EF6DD551D708
                                                  Function 00007FF63812A620 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F,?,?,?,00007FF638129313), ref: 00007FF63812A62F
                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F,?,?,?,00007FF638129313), ref: 00007FF63812A644
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F,?,?,?,00007FF638129313), ref: 00007FF63812A665
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F,?,?,?,00007FF638129313), ref: 00007FF63812A692
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F,?,?,?,00007FF638129313), ref: 00007FF63812A6A3
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F,?,?,?,00007FF638129313), ref: 00007FF63812A6B4
                                                  • SetLastError.KERNEL32(?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F,?,?,?,00007FF638129313), ref: 00007FF63812A6CF
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Value$ErrorLast
                                                  • String ID:
                                                  • API String ID: 2506987500-0
                                                  • Opcode ID: 8ff2e8f234801333ca104f51e052509623115d46483bc0ab35df31335539f603
                                                  • Instruction ID: 2f30914540f03979cb898efd90552673d2316d92d5e2472409ab0ba37b61e607
                                                  • Opcode Fuzzy Hash: 8ff2e8f234801333ca104f51e052509623115d46483bc0ab35df31335539f603
                                                  • Instruction Fuzzy Hash: B0214223E0C64342F964A73166565F962525F8ABB0F240734D93EC77D6DF2EE441E708
                                                  Function 00007FFEDCCC4C90 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                  • String ID: a unicode character$argument 1$numeric
                                                  • API String ID: 3545102714-2385192657
                                                  • Opcode ID: 35c9d41c65e7a6057b424292e649dab30af98cc9056b9a63245a5d832090e137
                                                  • Instruction ID: c16a44b33739c2c9ce31afeb1224149bcfee73958a3e2d0b7029eab90e1db9b2
                                                  • Opcode Fuzzy Hash: 35c9d41c65e7a6057b424292e649dab30af98cc9056b9a63245a5d832090e137
                                                  • Instruction Fuzzy Hash: B3214932A48A8285EB50DF1AEA401BD6360EB45BC4F5C8032DB5D83B79CF2EE457C701
                                                  Function 00007FFEDCCC42BC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                  • String ID: a unicode character$argument 1$decimal
                                                  • API String ID: 3545102714-2474051849
                                                  • Opcode ID: 37a4153ce9cd5952ba336a7a13e7d13d1a4106d113bef46bdc421c90457116d1
                                                  • Instruction ID: 5a75c22e436342ede0fad051f7aca93e4686f97e1b791bb0229ebebe67e4bfe6
                                                  • Opcode Fuzzy Hash: 37a4153ce9cd5952ba336a7a13e7d13d1a4106d113bef46bdc421c90457116d1
                                                  • Instruction Fuzzy Hash: 4F213831A48A8285EB50DF1AEA401BD6360EB84BC8F8C8432DB5D87A74CF2AE447C701
                                                  Function 00007FFEDCCC4B40 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                  • String ID: a unicode character$argument 1$name
                                                  • API String ID: 3545102714-4190364640
                                                  • Opcode ID: dd7e525c6f15f79c0475ece0fbfed555bc2cf029fe1f0485a725b85a65e47b36
                                                  • Instruction ID: 727eb81fd8e8fe203c4cae9432d9ea47865a2729e078f062e1d49a103fb49f82
                                                  • Opcode Fuzzy Hash: dd7e525c6f15f79c0475ece0fbfed555bc2cf029fe1f0485a725b85a65e47b36
                                                  • Instruction Fuzzy Hash: 20213A31B48A8285EA50DF19E6902BD6760EB54BC8F4C8133EB4D47B64CF2AE846C301
                                                  Function 00007FF63813706C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                  • String ID: CONOUT$
                                                  • API String ID: 3230265001-3130406586
                                                  • Opcode ID: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                  • Instruction ID: f3daac0977182d2c56695f9d8da4ad89a393c54cc5b984c72b9ef09cd9ed19b0
                                                  • Opcode Fuzzy Hash: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                  • Instruction Fuzzy Hash: 5B114C23B18E4286E7518B66AC5436962A0BB88BE4F544234EA5DC7794CFBDD814C748
                                                  Function 00007FFEDCDE648D Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 109stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: strncmp
                                                  • String ID: ASN1:$DER:$critical,
                                                  • API String ID: 1114863663-369496153
                                                  • Opcode ID: 73dbe8a7fb2b7298154a64a71f77702ab256a3369e9a1f498dc58ab828e17128
                                                  • Instruction ID: e4e67f5892706a8b456c106353fd49b2c40fc024785d9f19d33566ed99c441bd
                                                  • Opcode Fuzzy Hash: 73dbe8a7fb2b7298154a64a71f77702ab256a3369e9a1f498dc58ab828e17128
                                                  • Instruction Fuzzy Hash: BE418121B08A9601FB205B26B90037E269BBB85BD8F0C5036DD5D87EF5FE3DE4058740
                                                  Function 00007FFEDCDE4DF9 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 108stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: strncmp
                                                  • String ID: ASN1:$DER:$critical,
                                                  • API String ID: 1114863663-369496153
                                                  • Opcode ID: f62d61b209e271971fe335ffc6509810b63e2710eb999574c42c4a8ef04bc1b2
                                                  • Instruction ID: 4488509b841de589f221944c9b3218e468ae77d94375bd0c09548665305ad9b8
                                                  • Opcode Fuzzy Hash: f62d61b209e271971fe335ffc6509810b63e2710eb999574c42c4a8ef04bc1b2
                                                  • Instruction Fuzzy Hash: D241B161B18A8241FB209B26A90077E669BEB85BD4F4C5132DE9D87FF9EE3CD4058700
                                                  Function 00007FF63812A798 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,?,00007FF63812444D,?,?,?,?,00007FF63812DDA7,?,?,00000000,00007FF63812A8B6,?,?,?), ref: 00007FF63812A7A7
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF63812444D,?,?,?,?,00007FF63812DDA7,?,?,00000000,00007FF63812A8B6,?,?,?), ref: 00007FF63812A7DD
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF63812444D,?,?,?,?,00007FF63812DDA7,?,?,00000000,00007FF63812A8B6,?,?,?), ref: 00007FF63812A80A
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF63812444D,?,?,?,?,00007FF63812DDA7,?,?,00000000,00007FF63812A8B6,?,?,?), ref: 00007FF63812A81B
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF63812444D,?,?,?,?,00007FF63812DDA7,?,?,00000000,00007FF63812A8B6,?,?,?), ref: 00007FF63812A82C
                                                  • SetLastError.KERNEL32(?,?,?,00007FF63812444D,?,?,?,?,00007FF63812DDA7,?,?,00000000,00007FF63812A8B6,?,?,?), ref: 00007FF63812A847
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Value$ErrorLast
                                                  • String ID:
                                                  • API String ID: 2506987500-0
                                                  • Opcode ID: 56467da9cbf0f7ea7726befb455c23c7da3468b21c05826552355134373c4563
                                                  • Instruction ID: f5e6997d213621c3c2f0d07a3db3d460663ceda290f7537388931a0238ba3e8e
                                                  • Opcode Fuzzy Hash: 56467da9cbf0f7ea7726befb455c23c7da3468b21c05826552355134373c4563
                                                  • Instruction Fuzzy Hash: FB116323E0C64342FA6497315A521F951925F8ABB0F244734D93EC77D6DE2EF841E308
                                                  Function 00007FF63811C8A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                  • String ID: csm$f
                                                  • API String ID: 2395640692-629598281
                                                  • Opcode ID: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                  • Instruction ID: 56d3ebde05d47cd76e4490d02bc9fe8d727a301f3f8f77f21cc2c3a407ff7902
                                                  • Opcode Fuzzy Hash: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                  • Instruction Fuzzy Hash: 0151C333B09A0386DB15CB35E405AB93795FB64B88F118134DE4E87788EF7AE941E708
                                                  Function 00007FFEDCEA6E10 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 129networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: getnameinfohtonsmemset
                                                  • String ID: $..\s\crypto\bio\b_addr.c
                                                  • API String ID: 165288700-1606403076
                                                  • Opcode ID: e223affc2ac3203e319be5c56c676065cae7187c143fb2084f86007e6ab65d6f
                                                  • Instruction ID: c28b8846eddba9023523b68ead9e6a610eb9a82c753f737c5c70672be14c6750
                                                  • Opcode Fuzzy Hash: e223affc2ac3203e319be5c56c676065cae7187c143fb2084f86007e6ab65d6f
                                                  • Instruction Fuzzy Hash: C851E861B586438AFB209F59D8012BD73A5EF45784F484033EB8C47EA5EF3DE9868700
                                                  Function 00007FF638112240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                  • String ID: Unhandled exception in script
                                                  • API String ID: 3081866767-2699770090
                                                  • Opcode ID: fcf731bf2ceca6e070dbdbaa780c49a73cf052ed135755c936a54f607c2ce467
                                                  • Instruction ID: 1fc79ad9d3187bdf94cc31195263cbbda5dab1bfaf56230b651f27991c1d9bbf
                                                  • Opcode Fuzzy Hash: fcf731bf2ceca6e070dbdbaa780c49a73cf052ed135755c936a54f607c2ce467
                                                  • Instruction Fuzzy Hash: D0315737A08A8389EB24DB71E8551E96360FF89B94F400135EA4D8BB99DF3ED145D708
                                                  Function 00007FF638112620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF638117744,?,?,?,?,?,?,?,?,?,?,?,00007FF63811101D), ref: 00007FF638112654
                                                    • Part of subcall function 00007FF6381174B0: GetLastError.KERNEL32(00000000,00007FF6381126A0), ref: 00007FF6381174D7
                                                    • Part of subcall function 00007FF6381174B0: FormatMessageW.KERNEL32(00000000,00007FF6381126A0), ref: 00007FF638117506
                                                    • Part of subcall function 00007FF638117A30: MultiByteToWideChar.KERNEL32 ref: 00007FF638117A6A
                                                  • MessageBoxW.USER32 ref: 00007FF63811272C
                                                  • MessageBoxA.USER32 ref: 00007FF638112748
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                  • String ID: %s%s: %s$Fatal error detected
                                                  • API String ID: 2806210788-2410924014
                                                  • Opcode ID: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                  • Instruction ID: 66037cb7597c46735e6df708af1e2396c9b69c1591825fd175e7673bb5853294
                                                  • Opcode Fuzzy Hash: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                  • Instruction Fuzzy Hash: 5C316F73628A8391EA20DB20E4517EA6364FF94784F804036EA8D83B99DF7ED645DB44
                                                  Function 00007FFEDCCC4D58 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                  • String ID: not a numeric character
                                                  • API String ID: 1034370217-2058156748
                                                  • Opcode ID: e94a4cbcbf0e5bcd60c879edbbe527308af40d50addda8a0dc073dd71fed3554
                                                  • Instruction ID: 6b8aaddfb8b5fc145d8812fad959cfbfde9c89947d6763906119c0514f903232
                                                  • Opcode Fuzzy Hash: e94a4cbcbf0e5bcd60c879edbbe527308af40d50addda8a0dc073dd71fed3554
                                                  • Instruction Fuzzy Hash: 97116021E8894281FB55DF29E61403D63A1AF44BC8F5CC1B2CB1E46E74DF2EE887D202
                                                  Function 00007FFEDCCC4384 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                  • String ID: not a decimal
                                                  • API String ID: 3750391552-3590249192
                                                  • Opcode ID: 1cd0ce8ce41aec67d618eaf50ce9a381a57b186b45043069d79b570d0f92dffd
                                                  • Instruction ID: e97c16e34f3fbad32235af21a375ad22b1852fac2a20569e9efd42d66578247d
                                                  • Opcode Fuzzy Hash: 1cd0ce8ce41aec67d618eaf50ce9a381a57b186b45043069d79b570d0f92dffd
                                                  • Instruction Fuzzy Hash: BB119121B88A4281EB05CF1AE61413D63A0AF84BC4F5C8932CB1E86E70DF2EE443D302
                                                  Function 00007FFEDCCC441C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Arg_ArgumentReadyUnicode_
                                                  • String ID: a unicode character$argument$decomposition
                                                  • API String ID: 1875788646-2471543666
                                                  • Opcode ID: 8e092fff27016ad70a75c21de804b5fd7f142a4693611c384d04bc395b3b3e7a
                                                  • Instruction ID: cee336f2f2ba6219bd93a612ba8797ed02aae2ec00c4a59b2f1b2c3c21f6e78b
                                                  • Opcode Fuzzy Hash: 8e092fff27016ad70a75c21de804b5fd7f142a4693611c384d04bc395b3b3e7a
                                                  • Instruction Fuzzy Hash: 71018F60E8868341EA50CB19AA402BD2360AF45BD4F5C9133DA5D46EB4DF2DD487C302
                                                  Function 00007FFEDCCC46E8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Arg_ArgumentReadyUnicode_
                                                  • String ID: a unicode character$argument$east_asian_width
                                                  • API String ID: 1875788646-3913127203
                                                  • Opcode ID: 1cd4da9dc117a34be79d860a1371cb1431d82210e1bfc1e6159635a71f123b29
                                                  • Instruction ID: 76bcf834eb39456510677e0a5e8790cd460f762c8dc20f477ec347fb2f4dd5d6
                                                  • Opcode Fuzzy Hash: 1cd4da9dc117a34be79d860a1371cb1431d82210e1bfc1e6159635a71f123b29
                                                  • Instruction Fuzzy Hash: 5801A260E8874381EB50CF29AA401BD2360AF46BD4F4C9133DB4E46AB4DF2DE4A7C701
                                                  Function 00007FFEDCCC2620 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                  • String ID: unicodedata._ucnhash_CAPI
                                                  • API String ID: 3673501854-3989975041
                                                  • Opcode ID: 9c8937bca7593cf83dc6e6686b6a5b89807f230b44c95862bfa962c91a770e15
                                                  • Instruction ID: 18dffc27ea4d1c2217a37fd042e074d2d80e0db508a696baf3b9f79087701cab
                                                  • Opcode Fuzzy Hash: 9c8937bca7593cf83dc6e6686b6a5b89807f230b44c95862bfa962c91a770e15
                                                  • Instruction Fuzzy Hash: 55F03C60A89B4395EB028B19FA441BC62A4BF08BC4F4C1433CA4E06B75EF3EE046D312
                                                  Function 00007FF6381288E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                  • String ID: CorExitProcess$mscoree.dll
                                                  • API String ID: 4061214504-1276376045
                                                  • Opcode ID: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                  • Instruction ID: 8c40f035e585c5bbd31cc6210a01aa05db3693f09729889e376b8b223fe5ddcb
                                                  • Opcode Fuzzy Hash: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                  • Instruction Fuzzy Hash: 88F062A2A19A0381EF108B34E8553B95330FFC57A5F640635D66D867F4CFAEE449E308
                                                  Function 00007FFEDCDE1064 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 275stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: memmovestrncpy
                                                  • String ID: ..\s\crypto\x509\x509_obj.c$0123456789ABCDEF$NO X509_NAME
                                                  • API String ID: 3054264757-3422593365
                                                  • Opcode ID: 2a13e74aeeda28ae24d471c2d973058ce87a4573439dfd2e625c5b86b5f17ddd
                                                  • Instruction ID: c734a6539eb1f0af549cfb09551a3074a7197018e38e82272705108ed8e7cb42
                                                  • Opcode Fuzzy Hash: 2a13e74aeeda28ae24d471c2d973058ce87a4573439dfd2e625c5b86b5f17ddd
                                                  • Instruction Fuzzy Hash: F5B1C622B4868685EB208B19D5403FEB7E5EB487D4F1C8137DA8D47BA5DE7CE44AC700
                                                  Function 00007FFEDCDE1762 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 203COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $$..\s\crypto\rsa\rsa_sign.c
                                                  • API String ID: 0-1864662394
                                                  • Opcode ID: 8fbe36633cc90c93da8880bff56d1cee6c4dec6f08620a777a438a0f211b4450
                                                  • Instruction ID: 41226f214720103b9717c35167c1d193c20752a3b0c1967a7a8b69e3cad9accc
                                                  • Opcode Fuzzy Hash: 8fbe36633cc90c93da8880bff56d1cee6c4dec6f08620a777a438a0f211b4450
                                                  • Instruction Fuzzy Hash: 16919D65B4C68286E6709B29E4403FD66D2FB89BC4F484136EB8D07FA6DF7CE5468700
                                                  Function 00007FFEDCDE1ED3 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: memmove
                                                  • String ID: ..\s\crypto\pem\pem_lib.c$;$Enter PEM pass phrase:
                                                  • API String ID: 2162964266-3733131234
                                                  • Opcode ID: 6cc576c22c478878ec6ca791cb9a6137f743475b9df210abaa33c7174fb92cd2
                                                  • Instruction ID: b78fd35dc5a275691f8d19a5c6e7a2715b67e65df0f7a5e89b8811cbe5b579f1
                                                  • Opcode Fuzzy Hash: 6cc576c22c478878ec6ca791cb9a6137f743475b9df210abaa33c7174fb92cd2
                                                  • Instruction Fuzzy Hash: A3719562B4868286EA209B65D8407EE73A5FB847D4F480133EA9D47EE5DF3CD506CB01
                                                  Function 00007FFEDCDE158C Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: memchr
                                                  • String ID: ..\s\crypto\x509v3\v3_utl.c$E$FALSE$TRUE
                                                  • API String ID: 3297308162-1433594941
                                                  • Opcode ID: a5fc59c9387210eb1afaa89b7669a569dfafa16f6a2f0790f0b1b6bf5b71d08e
                                                  • Instruction ID: adaae5e04f6e15e1c3667300f256f69b7d137198b0e50a4ba794322b2bc3bc63
                                                  • Opcode Fuzzy Hash: a5fc59c9387210eb1afaa89b7669a569dfafa16f6a2f0790f0b1b6bf5b71d08e
                                                  • Instruction Fuzzy Hash: 43517F22B0A75284FA61AB5699003AD26A7AF95780F4C4436DE8D47FB5EF3CE542C300
                                                  Function 00007FF6381387A4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _set_statfp
                                                  • String ID:
                                                  • API String ID: 1156100317-0
                                                  • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                  • Instruction ID: 47d1c6c57f135ce524c22ea9fa0da14f528d19a3e3105a705c3a0dacc7025ae9
                                                  • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                  • Instruction Fuzzy Hash: EE119163E18B0711F6A42338EC453F514426F583B8F140674E96EC67D6CEEEAC45E24C
                                                  Function 00007FF63812A860 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF638129A73,?,?,00000000,00007FF638129D0E,?,?,?,?,?,00007FF6381221EC), ref: 00007FF63812A87F
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638129A73,?,?,00000000,00007FF638129D0E,?,?,?,?,?,00007FF6381221EC), ref: 00007FF63812A89E
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638129A73,?,?,00000000,00007FF638129D0E,?,?,?,?,?,00007FF6381221EC), ref: 00007FF63812A8C6
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638129A73,?,?,00000000,00007FF638129D0E,?,?,?,?,?,00007FF6381221EC), ref: 00007FF63812A8D7
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF638129A73,?,?,00000000,00007FF638129D0E,?,?,?,?,?,00007FF6381221EC), ref: 00007FF63812A8E8
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Value
                                                  • String ID:
                                                  • API String ID: 3702945584-0
                                                  • Opcode ID: 52e75b61ebb49defa444412e8fee66804bfa3f6c547067b9182500d2680da77e
                                                  • Instruction ID: 6bf8cda6c11997558102aa1acf8eec5a57afb3ddc23f3e76c9c1b76b704d38d6
                                                  • Opcode Fuzzy Hash: 52e75b61ebb49defa444412e8fee66804bfa3f6c547067b9182500d2680da77e
                                                  • Instruction Fuzzy Hash: AD115162F0C64342FE689336A5421F951516F86BB0F244334E93EC77D6DE2EF442E609
                                                  Function 00007FF63812A6F4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F), ref: 00007FF63812A705
                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F), ref: 00007FF63812A724
                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F), ref: 00007FF63812A74C
                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F), ref: 00007FF63812A75D
                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF638132433,?,?,?,00007FF63812CB8C,?,?,00000000,00007FF638123A5F), ref: 00007FF63812A76E
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Value
                                                  • String ID:
                                                  • API String ID: 3702945584-0
                                                  • Opcode ID: 8a1bb1fb30c776521f71cd7f268cc6825f5a57dec437cff5255c4fa0cbf0b49a
                                                  • Instruction ID: 7d907a1e5232c96e349d56213a2adbd2955e9a9d901ea871ebcae9bc53952326
                                                  • Opcode Fuzzy Hash: 8a1bb1fb30c776521f71cd7f268cc6825f5a57dec437cff5255c4fa0cbf0b49a
                                                  • Instruction Fuzzy Hash: 8E11E826E0C20742FDA8A63558125FA12A24F87B74F240734D83ECA3D2DD2FB851E21D
                                                  Function 00007FF63812F198 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                  • API String ID: 3215553584-1196891531
                                                  • Opcode ID: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                  • Instruction ID: 447e95d874cecb055f33d0ac4a3363c5b7a37a69129092b123600e8cb2300b62
                                                  • Opcode Fuzzy Hash: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                  • Instruction Fuzzy Hash: 2D819C37E082438BF7748E3991142F826A0AB57B88F558035CA0ED7395DF6EE991F709
                                                  Function 00007FF63811E108 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: CallEncodePointerTranslator
                                                  • String ID: MOC$RCC
                                                  • API String ID: 3544855599-2084237596
                                                  • Opcode ID: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                  • Instruction ID: 4fc11330c37edeb80563540c19369358778ef3495366e5e2abf6a3b855af66c2
                                                  • Opcode Fuzzy Hash: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                  • Instruction Fuzzy Hash: F5616B33A08B468AEB608FB5D4803ED7BA0FB54B88F144225EE4D57B94CF79E095D704
                                                  Function 00007FF63811E464 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                  • String ID: csm$csm
                                                  • API String ID: 3896166516-3733052814
                                                  • Opcode ID: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                  • Instruction ID: a2fc0265b3cf86ec1930f4ceeed85918c55c4e4afe292574f647b3d21a33f09c
                                                  • Opcode Fuzzy Hash: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                  • Instruction Fuzzy Hash: FD519B7390868386EF748F65A1442A877A0EB64B88F544135EA8D87B95DF3DF450EB08
                                                  Function 00007FFEDCDE2838 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ..\s\crypto\async\async.c$T
                                                  • API String ID: 0-2182492907
                                                  • Opcode ID: d429df3d22b628225212d233b30d019ad47286c3daee9723a66c5744efd77ded
                                                  • Instruction ID: fc5af4aee77f53c5c873a4c47f0b3976c58dbd0c2fa5ed04ba7a60ffa2aeccc4
                                                  • Opcode Fuzzy Hash: d429df3d22b628225212d233b30d019ad47286c3daee9723a66c5744efd77ded
                                                  • Instruction Fuzzy Hash: 87519D71B4964286E720DB19EC005BD7765EF85BC0F485036DA9D47FA6EF3DE50A8700
                                                  Function 00007FFEDCDE4E9E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: BIO[%p]: $bio callback - unknown type (%d)
                                                  • API String ID: 0-3830480438
                                                  • Opcode ID: 37402eaaac69d4977c204fa2d8aacd64ee20ba5ad1b9fa36187e989d609f7c14
                                                  • Instruction ID: 05bb4d7d82aae56445b3087ea4256966904c5d82347ac3e603fa807f54f4dff0
                                                  • Opcode Fuzzy Hash: 37402eaaac69d4977c204fa2d8aacd64ee20ba5ad1b9fa36187e989d609f7c14
                                                  • Instruction Fuzzy Hash: 1E31E762B0868155FB11875DAC807BE6655EF897C4F485033EE4E83BA5DE3DE446D700
                                                  Function 00007FFEDCDE3846 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ..\s\crypto\bio\b_sock.c$J$host=
                                                  • API String ID: 0-1729655730
                                                  • Opcode ID: 941f2fbceea9f6781c3ad95e534017a9b341198856a0048fa999bb3705f921b3
                                                  • Instruction ID: 08f247fd6a4ef8114f91d970d7babd492bc65484bdd7d4c207176b210fc495a0
                                                  • Opcode Fuzzy Hash: 941f2fbceea9f6781c3ad95e534017a9b341198856a0048fa999bb3705f921b3
                                                  • Instruction Fuzzy Hash: 0B317076B0864186EB20DB59E84116EB364FB847D0F480436EF8D87FAADF7DD5468B00
                                                  Function 00007FF6381124D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Message$ByteCharMultiWide
                                                  • String ID: %s%s: %s$Fatal error detected
                                                  • API String ID: 1878133881-2410924014
                                                  • Opcode ID: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                  • Instruction ID: 715a64985a6dbf2c27d97a3ff13eba2350a57c9da63d19f5e63f7eb7de7904de
                                                  • Opcode Fuzzy Hash: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                  • Instruction Fuzzy Hash: 09319573628A8391EA20EB20F4517EA6364FF94784F804036EA8D87799CF3DD745DB48
                                                  Function 00007FFEDCCC1EF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PyErr_SetString.PYTHON311(?,?,?,?,?,00007FFEDCCC1EDC), ref: 00007FFEDCCC3B6F
                                                    • Part of subcall function 00007FFEDCCC1FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFEDCCC2008
                                                    • Part of subcall function 00007FFEDCCC1FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFEDCCC2026
                                                  • PyErr_Format.PYTHON311 ref: 00007FFEDCCC1F53
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Err_strncmp$FormatString
                                                  • String ID: name too long$undefined character name '%s'
                                                  • API String ID: 3882229318-4056717002
                                                  • Opcode ID: 8b8c9c862c8556266a26c0415d30d38fd4fd6db163ae40366dde064f1277ed55
                                                  • Instruction ID: 7f2af4beaa94b747e086161659462e73191e4363b6019b8f5509da64fe94e958
                                                  • Opcode Fuzzy Hash: 8b8c9c862c8556266a26c0415d30d38fd4fd6db163ae40366dde064f1277ed55
                                                  • Instruction Fuzzy Hash: 9F11DD66A5894785EB008B19E9942BC63A1FB987C8F8C0432DB0D46A74DF6ED14BD701
                                                  Function 00007FFEDCDE139D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastsocket
                                                  • String ID: ..\s\crypto\bio\b_sock2.c$2
                                                  • API String ID: 1120909799-2051290508
                                                  • Opcode ID: b87478d39e550b6278b10c6495ad9d7c2480af2d970ddb1f34380d70319f0b12
                                                  • Instruction ID: 0713a6a532cb561712a17ce77dc3e8257f11c8d43739daf8cd518ca619aa2d19
                                                  • Opcode Fuzzy Hash: b87478d39e550b6278b10c6495ad9d7c2480af2d970ddb1f34380d70319f0b12
                                                  • Instruction Fuzzy Hash: 7D01D231B0855286E7209B2AE8001BD7269FB44794F284237E7AD43EF6DF3DE902CB40
                                                  Function 00007FF638113BA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleFileNameW.KERNEL32(?,00007FF638113699), ref: 00007FF638113BD1
                                                    • Part of subcall function 00007FF638112620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF638117744,?,?,?,?,?,?,?,?,?,?,?,00007FF63811101D), ref: 00007FF638112654
                                                    • Part of subcall function 00007FF638112620: MessageBoxW.USER32 ref: 00007FF63811272C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastMessageModuleName
                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                  • API String ID: 2581892565-1977442011
                                                  • Opcode ID: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                  • Instruction ID: 2d11cb84be4f2b9585d622ea2382cec4393cc9ad6ce1736ae41f847f6bf820ed
                                                  • Opcode Fuzzy Hash: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                  • Instruction Fuzzy Hash: 56018F23B1CA4380FE219B30E8053FA1395AFA8385F400032D94EC7786EE9EE544E708
                                                  Function 00007FFEDD009C10 Relevance: 6.5, APIs: 5, Instructions: 232COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: memcmp
                                                  • String ID:
                                                  • API String ID: 1475443563-0
                                                  • Opcode ID: ca894cce3bd78d2642ea1bcb458eb66fcd1cc6eb7eacde8df9891b13e2823d55
                                                  • Instruction ID: dede04fe6eb849067413f073b76cf1a48ea4de67b547b138715b8a6354ec9dfb
                                                  • Opcode Fuzzy Hash: ca894cce3bd78d2642ea1bcb458eb66fcd1cc6eb7eacde8df9891b13e2823d55
                                                  • Instruction Fuzzy Hash: E9919121B0865B95FB309B66E9406BD63A7BB847C4F4C5033DE0D57EA6FE28E4018340
                                                  Function 00007FFEDCDE643D Relevance: 6.4, APIs: 2, Strings: 2, Instructions: 395COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: memset
                                                  • String ID: ..\s\crypto\sm2\sm2_crypt.c$@
                                                  • API String ID: 2221118986-485510600
                                                  • Opcode ID: 59937788e76babb823402f7aa2bb2dcd071829aef404cc5ed2f3e2b9851a66de
                                                  • Instruction ID: 62d33e1f824266fd1cf3d404c4f08096e790f7c075e67c0df15c6f1411d78a1b
                                                  • Opcode Fuzzy Hash: 59937788e76babb823402f7aa2bb2dcd071829aef404cc5ed2f3e2b9851a66de
                                                  • Instruction Fuzzy Hash: 19025E22B48A8681EA20DB5AE4405FE77A5FB85BC4F584137DA8D07FA5DF3ED506CB00
                                                  Function 00007FF63812BA70 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                  • String ID:
                                                  • API String ID: 2718003287-0
                                                  • Opcode ID: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                  • Instruction ID: cd3de8fc85e421c6551c935a5b2a3073b49333965dd725a9077d2323c07d2ece
                                                  • Opcode Fuzzy Hash: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                  • Instruction Fuzzy Hash: 03D1CC23B18A868AE720CF75D4406ED37A1FB46B98B104226CE5E97B99DE3DD416D308
                                                  Function 00007FFEDCDE3832 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 226COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: )$..\s\crypto\evp\p5_crpt.c
                                                  • API String ID: 0-3563398421
                                                  • Opcode ID: 3447cb7305a06ee0e73fa9c8685d2ef131f742793ef80daca158727beab2407e
                                                  • Instruction ID: 6e25b866d4c97af4cdef8bd061cd76f7303265f8d126c0e9839f5576828e2d07
                                                  • Opcode Fuzzy Hash: 3447cb7305a06ee0e73fa9c8685d2ef131f742793ef80daca158727beab2407e
                                                  • Instruction Fuzzy Hash: 0691A562B8D28345EA60DB29D8506FE63A4EF847C4F584133EA8D47EA6DF3CE5438700
                                                  Function 00007FF63812C430 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF63812C41B), ref: 00007FF63812C54C
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF63812C41B), ref: 00007FF63812C5D7
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ConsoleErrorLastMode
                                                  • String ID:
                                                  • API String ID: 953036326-0
                                                  • Opcode ID: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                  • Instruction ID: 78fad1e42ae5141c21a6a721f686d02fc5b57bdbe00bf142aad435d817f1383d
                                                  • Opcode Fuzzy Hash: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                  • Instruction Fuzzy Hash: 66919E23B1865385F7608F7994402FD2BA0AB56B88F545139DF0E96B84DF3FD442E708
                                                  Function 00007FFEDCCC1FD0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: strncmp
                                                  • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                  • API String ID: 1114863663-87138338
                                                  • Opcode ID: 8de3eb989cf6c62dcbce841305c01691443b1373284778389dc9e239678f53b6
                                                  • Instruction ID: 44b34bf09a77671baf899b405ad261d97db09d220eaea92b36cfc475d85a000b
                                                  • Opcode Fuzzy Hash: 8de3eb989cf6c62dcbce841305c01691443b1373284778389dc9e239678f53b6
                                                  • Instruction Fuzzy Hash: 2061F572B5864246E7618A1DAA007BEA692FB807D0F4C4237EB5D87EE5DE7DD803C701
                                                  Function 00007FFEDCDE153C Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: memmove
                                                  • String ID: ..\s\crypto\ct\ct_oct.c
                                                  • API String ID: 2162964266-1972679481
                                                  • Opcode ID: 30f54181be1fc9f89472802893a00c732398e9ac6cccc628088a92dc21b80f1c
                                                  • Instruction ID: b187ab6d7a8cdccfb21d0d800c9a28733a3f5c9416910a74786fa7ce1e5b07ec
                                                  • Opcode Fuzzy Hash: 30f54181be1fc9f89472802893a00c732398e9ac6cccc628088a92dc21b80f1c
                                                  • Instruction Fuzzy Hash: 9A71D26260D69189E722DF2AD4101BC7B75EB59BC8F184133EF8D13BA6DE2CE656C700
                                                  Function 00007FFEDCE93690 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 155stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: strncmp
                                                  • String ID: content-type
                                                  • API String ID: 1114863663-3266185539
                                                  • Opcode ID: bf53f0bda5b18ea8a6db5564624a96e5e23242bcbab55d1f3e52cd3e6e3dc342
                                                  • Instruction ID: 8aaf31d017248688839c80ae31da287dbb83115409b30433ae9902b617f3b229
                                                  • Opcode Fuzzy Hash: bf53f0bda5b18ea8a6db5564624a96e5e23242bcbab55d1f3e52cd3e6e3dc342
                                                  • Instruction Fuzzy Hash: 2051D3A2B4C64341FA70972AAD4037E6295AF85BD4F4C5236DE5D87EE6EE2CE5038301
                                                  Function 00007FF638111F70 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: LongWindow$DialogInvalidateRect
                                                  • String ID:
                                                  • API String ID: 1956198572-0
                                                  • Opcode ID: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                  • Instruction ID: e008dbcdc0d850d0a9394336503c69ad84944541fd59af1606a3ed76db05810a
                                                  • Opcode Fuzzy Hash: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                  • Instruction Fuzzy Hash: 02110C23F2C54342F6908779F9442F99392EF99B80F545030E94987B8DCE3ED8C9E208
                                                  Function 00007FFEDCDE440D Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: memmovememset
                                                  • String ID: $$..\s\crypto\rsa\rsa_none.c
                                                  • API String ID: 1288253900-779172340
                                                  • Opcode ID: de5f583c7a3756590fc2426c2a0cc6b33ad44590f8bf8e756a1bf535920b5d69
                                                  • Instruction ID: ea6430c1e6ba861b2149025361fa01fd7db83cb8bfd41fd8a6125cb2e00a823f
                                                  • Opcode Fuzzy Hash: de5f583c7a3756590fc2426c2a0cc6b33ad44590f8bf8e756a1bf535920b5d69
                                                  • Instruction Fuzzy Hash: 0D01B521B0824286E620DF5AA9400ADB752EB847D0F5C8636FB5C47FA6DF3CD5028B00
                                                  Function 00007FFEDCDE6A23 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 330COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ..\s\crypto\engine\eng_ctrl.c$b
                                                  • API String ID: 0-1836817417
                                                  • Opcode ID: 2f64efd3c35e40f30812e63d939679b1a2fc46fb0eca14743626378916f2d28d
                                                  • Instruction ID: a524576220dfcf44ee8dc9197220e24af256d76cae40fc5c5d1206eba4ad5b9c
                                                  • Opcode Fuzzy Hash: 2f64efd3c35e40f30812e63d939679b1a2fc46fb0eca14743626378916f2d28d
                                                  • Instruction Fuzzy Hash: 0FE18B32B4C2428AF7749B59D8047FE36A1EB85784F18813ADA8D03EB5DF3CE9468704
                                                  Function 00007FF638134D3C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                  • String ID: ?
                                                  • API String ID: 1286766494-1684325040
                                                  • Opcode ID: 8b5d587ec6f6b7eed71ba39116b338de031c50ce5c8dd23bba2b14458f06a6e4
                                                  • Instruction ID: 77ddd9188b2733845a931d754f8eca2cf07c1b9a99b3cb638d6f40d5f547426a
                                                  • Opcode Fuzzy Hash: 8b5d587ec6f6b7eed71ba39116b338de031c50ce5c8dd23bba2b14458f06a6e4
                                                  • Instruction Fuzzy Hash: 4E412A13A0828345FB208B35D8017FA6690EFA1BA4F144235EF5C86BD5DE7ED981E708
                                                  Function 00007FFEDCDE1613 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: getaddrinfo
                                                  • String ID: ..\s\crypto\bio\b_addr.c
                                                  • API String ID: 300660673-2547254400
                                                  • Opcode ID: a2c99f71c7972fb3b7ba828c59694e00382d0b8ec626129309ba30accd8ab733
                                                  • Instruction ID: 89802fab5ae3fa02d7f25c2c6ea2c1fc26f5349c4536eeb448598eb83e7dd18e
                                                  • Opcode Fuzzy Hash: a2c99f71c7972fb3b7ba828c59694e00382d0b8ec626129309ba30accd8ab733
                                                  • Instruction Fuzzy Hash: 5241F572B586828BE7609B5AA8406BD73A5FB85780F045136EE8993FA5DF3CD4468B00
                                                  Function 00007FF638127E6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF638127E9E
                                                    • Part of subcall function 00007FF638129E18: HeapFree.KERNEL32(?,?,?,00007FF638131E42,?,?,?,00007FF638131E7F,?,?,00000000,00007FF638132345,?,?,?,00007FF638132277), ref: 00007FF638129E2E
                                                    • Part of subcall function 00007FF638129E18: GetLastError.KERNEL32(?,?,?,00007FF638131E42,?,?,?,00007FF638131E7F,?,?,00000000,00007FF638132345,?,?,?,00007FF638132277), ref: 00007FF638129E38
                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF63811B105), ref: 00007FF638127EBC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                  • String ID: C:\Users\user\Desktop\LisectAVT_2403002A_441.exe
                                                  • API String ID: 3580290477-3089972662
                                                  • Opcode ID: 7be78eb059dea3495cc358456d23a898a8a026444ba3d0a56d0d7994263981b4
                                                  • Instruction ID: bcba1a394e4c5ac8733e7b5f6df406741a89b04906a7b1992091d5e2e28e5d51
                                                  • Opcode Fuzzy Hash: 7be78eb059dea3495cc358456d23a898a8a026444ba3d0a56d0d7994263981b4
                                                  • Instruction Fuzzy Hash: 58417C33A08B5786EB14DF3598804FD67A4EB46B80B544435EA5EC3B85DF3EE891E348
                                                  Function 00007FF63812C108 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastWrite
                                                  • String ID: U
                                                  • API String ID: 442123175-4171548499
                                                  • Opcode ID: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                  • Instruction ID: 3295c33c6d5ba4cd5efbd240d3f1f85a531a946555c711cf33e4fcd6e82620c3
                                                  • Opcode Fuzzy Hash: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                  • Instruction Fuzzy Hash: 5741A023A18A8282DB20CF25E8453E977A1FB99794F904131EA4D87798EF3ED445D744
                                                  Function 00007FF63812E508 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: CurrentDirectory
                                                  • String ID: :
                                                  • API String ID: 1611563598-336475711
                                                  • Opcode ID: 8d0047e3d49e2942e9dd2ecd46bdb5543a301835a32119f1e21a6d0f1ab18d67
                                                  • Instruction ID: 6565180d6384fef7c453e965091487ef76165ddc9778b1c976bf41ce35439e72
                                                  • Opcode Fuzzy Hash: 8d0047e3d49e2942e9dd2ecd46bdb5543a301835a32119f1e21a6d0f1ab18d67
                                                  • Instruction Fuzzy Hash: DD21C1A3A1868381EF208B39D4442AD63A1FB89B44F454135DA4D83385EF7EE945D754
                                                  Function 00007FFEDCDE338C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastgetsockname
                                                  • String ID: ..\s\crypto\bio\b_sock.c
                                                  • API String ID: 566540725-540685895
                                                  • Opcode ID: 6b4fc8a7a88fb01f9812228e0b07841756f3377f257988557045c535e6cc1a7b
                                                  • Instruction ID: ef39d208de4bb494ed6d1fa2edb98bbc7c23cd6d7e279776f71ac5dad04c1b20
                                                  • Opcode Fuzzy Hash: 6b4fc8a7a88fb01f9812228e0b07841756f3377f257988557045c535e6cc1a7b
                                                  • Instruction Fuzzy Hash: 2E219DB1B4810686E730DB64D8016FE73A5EF84744F480132E69C42EE1EF3DE586CB40
                                                  Function 00007FF638112770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Message$ByteCharMultiWide
                                                  • String ID: Fatal error detected
                                                  • API String ID: 1878133881-4025702859
                                                  • Opcode ID: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                  • Instruction ID: 7daf797aeb2d9a6931dc33d97d9028956774e5589ab4f72fe098e27122ac59a8
                                                  • Opcode Fuzzy Hash: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                  • Instruction Fuzzy Hash: E3219073628A8391EB20DB20F4517EA6364FB94788F804035EA8D87B99CF7ED205CB44
                                                  Function 00007FF638112880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Message$ByteCharMultiWide
                                                  • String ID: Error detected
                                                  • API String ID: 1878133881-3513342764
                                                  • Opcode ID: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                  • Instruction ID: bbdbe9e0bb3e2e4eadf18441a08521dc9f698acc09af024942619b86f038bb4a
                                                  • Opcode Fuzzy Hash: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                  • Instruction Fuzzy Hash: 34216073628A8391EB20DB20F4517EA6364FB94788F805136EA8D87B99DF3DD205DB44
                                                  Function 00007FFEDCDE2522 Relevance: 5.3, APIs: 4, Instructions: 301COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 904c1ddc1ac2b7d51a3733fdc4c934fa97721c2ab28c691eea5c0e6f115cc51a
                                                  • Instruction ID: b4fd407ce38d63486ad02329189b6cebe86801d630e5a945909188a3784179f2
                                                  • Opcode Fuzzy Hash: 904c1ddc1ac2b7d51a3733fdc4c934fa97721c2ab28c691eea5c0e6f115cc51a
                                                  • Instruction Fuzzy Hash: A7C1B67274868086DB20DF5EA9447AEB7A5F788BC4F084136DE8D57B59DF3CE1068B40
                                                  Function 00007FF63811EFB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFileHeaderRaise
                                                  • String ID: csm
                                                  • API String ID: 2573137834-1018135373
                                                  • Opcode ID: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                  • Instruction ID: 26572d9ec3437730e672c1a35df8088942681c5319bc4ada5eb20189041cbf61
                                                  • Opcode Fuzzy Hash: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                  • Instruction Fuzzy Hash: A3114C33618B8282EB218F25F4402A977A5FB98F94F184230EE8C47769DF7ED951DB04
                                                  Function 00007FF63812F00C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1852868294.00007FF638111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF638110000, based on PE: true
                                                  • Associated: 00000002.00000002.1852838802.00007FF638110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852909254.00007FF63813A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63814D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF638150000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1852997498.00007FF63815C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853144360.00007FF63815E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ff638110000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: DriveType_invalid_parameter_noinfo
                                                  • String ID: :
                                                  • API String ID: 2595371189-336475711
                                                  • Opcode ID: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                  • Instruction ID: 3c6bd6b219ebecc6cc0d41edac800c82aa0147386a16174a64e9441ec1dde4a7
                                                  • Opcode Fuzzy Hash: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                  • Instruction Fuzzy Hash: 68018F2391864386FB31AF70A4612FE23A0EF45718F841035D54DC2792DF2EE644FA1C
                                                  Function 00007FFEDCCC4C08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: String$Err_FromUnicode_
                                                  • String ID: no such name
                                                  • API String ID: 3678473424-4211486178
                                                  • Opcode ID: 0bad81046192c5090e63041fc1c0adfcc3ec090d4373e4d8dfd61f48ff6f657e
                                                  • Instruction ID: 56667a5e24d76a585d60e07135fb1999113f23adfd1a5c1859feacfe79ddd2e3
                                                  • Opcode Fuzzy Hash: 0bad81046192c5090e63041fc1c0adfcc3ec090d4373e4d8dfd61f48ff6f657e
                                                  • Instruction Fuzzy Hash: 83011D31A58A4691FA619B19E9553BD2360BF98BC8F4C5032DF4E86B74DF2DE106C601
                                                  Function 00007FFEDCDE15AF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: _time64
                                                  • String ID: !$..\s\crypto\ct\ct_policy.c
                                                  • API String ID: 1670930206-3401457818
                                                  • Opcode ID: f18ed828a28c6ab51aa7041c4afaf51f6b8b90cc747c6e012aca78e72ff6fbca
                                                  • Instruction ID: 03204fc50148bbc072c5e57f2cec1250eb39e0432ea1103e4af0308eb4e0c0a1
                                                  • Opcode Fuzzy Hash: f18ed828a28c6ab51aa7041c4afaf51f6b8b90cc747c6e012aca78e72ff6fbca
                                                  • Instruction Fuzzy Hash: 20F06D71B5660A86EB259B68D8017BD3355EF94748F580037DA4D02BE2FE3CFA66CB00
                                                  Function 00007FFEDCCC25B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _PyObject_GC_New.PYTHON311(?,?,00000000,00007FFEDCCC2533), ref: 00007FFEDCCC25B6
                                                  • PyObject_GC_Track.PYTHON311(?,?,00000000,00007FFEDCCC2533), ref: 00007FFEDCCC25E8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853228885.00007FFEDCCC1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFEDCCC0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853182482.00007FFEDCCC0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCCC5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD22000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD6E000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD71000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCD76000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853258662.00007FFEDCDD0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853629066.00007FFEDCDD3000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853652559.00007FFEDCDD5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedccc0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: Object_$Track
                                                  • String ID: 3.2.0
                                                  • API String ID: 16854473-1786766648
                                                  • Opcode ID: 767dd7ab98994f43239e4e329e749c2ad7475791c86a6fb4d160e6b955e6c056
                                                  • Instruction ID: 59df32740b252e6c4ecdf69dac2a9f96eb92e2d46e99806ceb6aacf83f7ca8b4
                                                  • Opcode Fuzzy Hash: 767dd7ab98994f43239e4e329e749c2ad7475791c86a6fb4d160e6b955e6c056
                                                  • Instruction Fuzzy Hash: 21E0E564A89B0695EF268B59E95406C22A4BF08BC4B4C0136CE5D02B70EF3EE1A6D242
                                                  Function 00007FFEDD01B690 Relevance: 5.2, APIs: 4, Instructions: 239COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • memchr.VCRUNTIME140(00007FFEDD01B5FB,00000000,?,00000000,00007FFEDD01A899), ref: 00007FFEDD01B7CB
                                                  • memchr.VCRUNTIME140(00007FFEDD01B5FB,00000000,?,00000000,00007FFEDD01A899), ref: 00007FFEDD01B813
                                                  • memchr.VCRUNTIME140(00007FFEDD01B5FB,00000000,?,00000000,00007FFEDD01A899), ref: 00007FFEDD01B82D
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: memchr
                                                  • String ID:
                                                  • API String ID: 3297308162-0
                                                  • Opcode ID: c5053ac5122ae20ce2bba16029e3ae9fdfc9990fab1c8ee538e04b1850252035
                                                  • Instruction ID: 456b8a6fdcbb663d536f519e0609a0d1390ff833c83256fe94b51cc01dbec9f1
                                                  • Opcode Fuzzy Hash: c5053ac5122ae20ce2bba16029e3ae9fdfc9990fab1c8ee538e04b1850252035
                                                  • Instruction Fuzzy Hash: D9916165B0868581EB209B2AD48517DA7A3FBCABC4F5C4136DB4D83FA5DF2DE845C700
                                                  Function 00007FFEDCDE53E9 Relevance: 5.0, APIs: 4, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.1853738049.00007FFEDCDE1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFEDCDE0000, based on PE: true
                                                  • Associated: 00000002.00000002.1853712991.00007FFEDCDE0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCDED000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE45000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE59000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE69000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDCE7D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1853738049.00007FFEDD02D000.00000020.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD02F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD05A000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD08C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854326852.00007FFEDD0B1000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854515980.00007FFEDD0FF000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854545810.00007FFEDD100000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD107000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD124000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  • Associated: 00000002.00000002.1854576178.00007FFEDD128000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_7ffedcde0000_LisectAVT_2403002A_441.jbxd
                                                  Similarity
                                                  • API ID: memmove
                                                  • String ID:
                                                  • API String ID: 2162964266-0
                                                  • Opcode ID: c7954e11c4b5c180aee147f19bd23452bbd2d047806da0b6489b870047a3b121
                                                  • Instruction ID: 1eafe57aa489925cac2444b2641a948919db377fe6a7e7e084dc863c2ac0b3f9
                                                  • Opcode Fuzzy Hash: c7954e11c4b5c180aee147f19bd23452bbd2d047806da0b6489b870047a3b121
                                                  • Instruction Fuzzy Hash: 0E11D36270464182D650EB1AE5401ED6361EB447D0F889133EF9E47FA6EF28E596C700